CSRF Vulnerability in JW Player Plugin for WordPress
CVE-2014-4030

Currently unrated

Key Information:

Vendor: Wordpress
Status: Jw Player For Flash \& Html5 Video Plugin
Vendor: CVE Published:; 25 June 2014

Summary

A Cross-Site Request Forgery (CSRF) vulnerability exists in the JW Player plugin for WordPress, prior to version 2.1.4. This security flaw enables remote attackers to exploit user sessions, allowing them to hijack the authenticated actions of administrators. Specifically, the vulnerability can be manipulated to send unauthorized delete requests to wp-admin/admin.php, potentially allowing the removal of video players without proper admin consent. Users of affected versions are advised to update to the latest version to mitigate this risk.

References

https://security.dxw.com/advisories/jw-player-for-flash-h...

x_refsource_MISC

http://wordpress.org/plugins/jw-player-plugin-for-wordpre...

x_refsource_CONFIRM

http://secunia.com/advisories/59173

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Jun 25, 2014
Vulnerability Reserved
Jun 11, 2014