WWBN AVideo User Enumeration Vulnerability in objects/mention.json.php

Vulnerability

A user enumeration vulnerability has been identified in WWBN AVideo versions 29.0 and earlier. The issue resides in the objects/mention.json.php file, which lacks proper authentication checks. While there is a basic entry guard that validates the request term, the absence of a login verification or admin gate allows unauthenticated users to enumerate users on the platform.

Impact

Exploitation of this vulnerability allows for unauthenticated user enumeration, which could be leveraged to gather information about registered users on the platform.

Added: May 29, 2026, 2:25 PM

Updated: May 29, 2026, 2:25 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

7.6

remediation

0.0

relevance

9.8

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

7.6

remediation

0.0

relevance

9.8

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WWBN AVideo User Enumeration Vulnerability in objects/mention.json.php

Vulnerability

Impact

Affected Products

WWBN AVideo

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating