Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
JW Player for WordPress: Unsecured Access to Videos
CVE-2026-39614
Summary
Some settings in JW Player for WordPress are not properly locked down, which means an attacker could potentially access unauthorized videos. This affects JW Player for WordPress versions up to 2.3.6. To fix, update to the latest version of the plugin.
Original title
Missing Authorization vulnerability in ilGhera JW Player for WordPress jw-player-7-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JW Player for Wo...
Original description
Missing Authorization vulnerability in ilGhera JW Player for WordPress jw-player-7-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JW Player for WordPress: from n/a through <= 2.3.6.
Vulnerability type
CWE-862
Missing Authorization
Published: 8 Apr 2026 · Updated: 9 Apr 2026 · First seen: 8 Apr 2026