CVE-2026-33507 — WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `objects/pluginImport.json.php` endpoint allows admin users to upload and install plugin ZIP files containing ex — CVE Database · The Intelligence Room