A vulnerability classified as problematic was found in WWBN AVideo up to 29.0 . This issue affects the function User::isLogged of the file objects/userSavePhoto.php . Such manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2026-43877 . The attack may be launched remotely. There is no exploit available. It is best practice to apply a patch to resolve this issue.