[MEDIUM] WWBN AVideo: Missing CSRF Protection on State-Changing JSON Endpoints Enables Forced Comment Creation, Vote Manipulation, and Category Asset Deletion

PKSA-k36z-m2m9-7f9w GHSA-x2pw-9c38-cp2j

Affected package: wwbn/avideo

Affected version: <=29.0

Reported by:
GitHub