[HIGH] AVideo Affected by CSRF on Plugin Import Endpoint Enables Unauthenticated Remote Code Execution via Malicious Plugin Upload

PKSA-9rhr-hzp4-skcj CVE-2026-33507 GHSA-hv36-p4w4-6vmj

Affected package: wwbn/avideo

Affected version: <=26.0

Reported by:
GitHub