GHSA-wprj-9cvc-5w37: AVideo: Unauthenticated Access to Payment Log DataTables Endpoints Exposes Transaction Data, PayPal Tokens, and User Financial Records

AVideo's payment plugins have a critical vulnerability where `list.json.php` endpoints (which retrieve payment transaction records) lack authentication checks, allowing anyone to access sensitive financial data including PayPal tokens, Authorize.Net webhook details, Bitcoin transaction records, and user IDs without logging in. This is the same type of vulnerability that was previously fixed in the Scheduler plugin, but the fix was not applied to 21 other vulnerable endpoints across the codebase.