CVE-2014-4030

Published: Jun 25, 2014Modified: May 6, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in the JW Player plugin before 2.1.4 for WordPress allows remote attackers to hijack the authentication of administrators for requests that remove players via a delete action to wp-admin/admin.php.

Affected (10)

Products: Longtailvideo: Jw Player For Flash & Html5 Video Plugin

Longtailvideo

1 product

Jw Player For Flash & Html5 Video Plugin

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Longtailvideo Jw Player For Flash & Html5 Video Plugin	Up to 2.1.3
Longtailvideo Jw Player For Flash & Html5 Video Plugin	Version 2.0.0
Longtailvideo Jw Player For Flash & Html5 Video Plugin	Version 2.0.1
Longtailvideo Jw Player For Flash & Html5 Video Plugin	Version 2.0.2
Longtailvideo Jw Player For Flash & Html5 Video Plugin	Version 2.0.3
Longtailvideo Jw Player For Flash & Html5 Video Plugin	Version 2.0.4
Longtailvideo Jw Player For Flash & Html5 Video Plugin	Version 2.0.5
Longtailvideo Jw Player For Flash & Html5 Video Plugin	Version 2.1.0
Longtailvideo Jw Player For Flash & Html5 Video Plugin	Version 2.1.1
Longtailvideo Jw Player For Flash & Html5 Video Plugin	Version 2.1.2