[MEDIUM] AVideo: Unauthenticated Arbitrary Email Sending via sendEmail.json.php Enables Phishing from the Site’s Legitimate From Address

PKSA-7c98-nyt4-qt25 CVE-2026-43880 GHSA-5hgj-7gm9-cff5

Affected package: wwbn/avideo

Affected version: <=29.0

Reported by:
GitHub