Compliance Impact

This vulnerability allows any authenticated user to arbitrarily add funds to their wallet without proper payment validation, which can lead to unauthorized financial transactions and accounting manipulation.

Such unauthorized financial activities can undermine compliance with standards and regulations that require accurate transaction records and fraud prevention, potentially impacting frameworks like GDPR and HIPAA where data integrity and security are critical.

Specifically, the lack of validation and verification of payment transactions could lead to violations of financial controls and audit requirements mandated by these regulations.

Useful 0 Not Useful 0

Executive Summary

CVE-2026-47696 is a vulnerability in the WWBN AVideo platform affecting versions 29.0 and earlier. It exists in the AuthorizeNet plugin's processPayment.json.php endpoint, which credits a logged-in user's wallet based solely on an attacker-controlled amount parameter sent via POST.

The endpoint does not validate any real payment information such as Authorize.Net transaction IDs, webhook signatures, hosted payment tokens, nonces, or server-side payment records. Instead, it contains a hardcoded success flag and a TODO comment indicating that real payment processing is not implemented.

As a result, any authenticated user can manipulate the amount parameter to add arbitrary funds to their wallet without making a legitimate payment.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability allows an attacker with a valid user account to inflate their wallet balance arbitrarily by sending crafted requests to the vulnerable endpoint.

• Unauthorized addition of funds to user wallets.
• Bypassing monetization controls and payment verification.
• Potential unauthorized purchases or fund transfers using the inflated wallet balance.
• Manipulation of accounting records or financial data within the platform.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by monitoring for suspicious POST requests to the endpoint plugin/AuthorizeNet/processPayment.json.php that include manipulated amount parameters. Since the vulnerability allows any logged-in user to add arbitrary funds by sending crafted POST requests, inspecting web server logs or using network monitoring tools to identify unusual or repeated POST requests to this endpoint with varying amount values can help detect exploitation attempts.

A possible command to detect such activity on a Linux server with access logs might be:

• grep 'POST /plugin/AuthorizeNet/processPayment.json.php' /var/log/apache2/access.log | grep 'amount='

Additionally, monitoring wallet balance changes in the application database for unexpected increases without corresponding verified payment transactions can help identify exploitation.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include disabling or removing the vulnerable endpoint plugin/AuthorizeNet/processPayment.json.php to prevent any unauthorized wallet crediting.

Ensure that wallet credits are only applied after verifying legitimate payment transactions from Authorize.Net, including validating transaction IDs, webhook signatures, hosted payment tokens, nonces, or server-side payment records.

Until a proper patch or update is available, restrict access to the AuthorizeNet and YPTWallet plugins or disable them if they are not essential.

Useful 0 Not Useful 0