[HIGH] AVideo's CSRF on Admin Plugin Configuration Enables Payment Credential Hijacking

PKSA-sgq7-y46w-x6wm CVE-2026-34394 GHSA-4wwr-7h7c-chqr

Affected package: wwbn/avideo

Affected version: <=26.0

Reported by:
GitHub