Does JW Player for WordPress have any unpatched vulnerabilities?

No. All known vulnerabilities in JW Player for WordPress have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is JW Player for WordPress compatible with WordPress 6.8.5?

According to WordPress.org data, JW Player for WordPress 2.3.6 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is JW Player for WordPress updated?

JW Player for WordPress was last updated on Nov 24, 2025. Frequent updates are generally a positive security signal.

What is JW Player for WordPress's security score?

JW Player for WordPress has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

JW Player for WordPress Security & Risk Analysis

wordpress.org/plugins/jw-player-7-for-wp

JW Player for WordPress enables you to publish videos on your WordPress posts and pages using the most popular video player on the web.

1K active installs v2.3.6 PHP + WP 5.0+ Updated Nov 24, 2025

embed-videojw-playervideo-playervideo-prerollvideo-subtitles

A · Safe

CVEs total1

Unpatched0

Last CVEApr 29, 2024

Plugin page Download

Safety Verdict

Is JW Player for WordPress Safe to Use in 2026?

Generally Safe

Score 99/100

JW Player for WordPress has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Apr 29, 2024Updated 4mo ago

Risk Assessment

The "jw-player-7-for-wp" plugin version 2.3.6 exhibits a generally good security posture, with a high percentage of properly escaped outputs and 100% of SQL queries using prepared statements. The absence of dangerous functions, file operations, and critical/high severity taint flows are positive indicators. The plugin also demonstrates a robust use of nonces, with 29 checks in place. However, a significant concern is the presence of one AJAX handler that lacks authentication checks, creating a potential entry point for unauthorized actions. The vulnerability history, while having only one medium-severity CVE, is concerning because its last occurrence was very recent, indicating potential for ongoing security weaknesses or a pattern of vulnerabilities. The common vulnerability type being 'Missing Authorization' reinforces the risk identified in the static analysis regarding the unprotected AJAX handler.

Key Concerns

AJAX handler without authentication
Recent medium severity CVE
Flows with unsanitized paths

Vulnerabilities

JW Player for WordPress Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-33931medium · 5.3Missing Authorization

JW Player for WordPress <= 2.3.3 - Missing Authorization

Apr 29, 2024 Patched in 2.3.4 (64d)

Code Analysis

Analyzed Mar 16, 2026

JW Player for WordPress Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

678 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

94% escaped721 total outputs

Data Flows

5 unsanitized

Data Flow Analysis

12 flows5 with unsanitized paths

jwppp_ads_tag_callback (admin\jwppp-admin.php:258)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

JW Player for WordPress Attack Surface

Entry Points11

Unprotected1

AJAX Handlers 8

authwp_ajax_skin-customizationadmin\jwppp-admin.php:148

authwp_ajax_player_checkadmin\jwppp-admin.php:210

authwp_ajax_add_ads_tagadmin\jwppp-admin.php:269

authwp_ajax_add_ad_partneradmin\jwppp-admin.php:320

authwp_ajax_jwppp_ajax_removeincludes\jwppp-ajax-remove-video-callback.php:39

authwp_ajax_jwppp_ajax_addincludes\jwppp-functions.php:187

authwp_ajax_search-contentincludes\jwppp-functions.php:852

authwp_ajax_init-apiincludes\jwppp-functions.php:951

Shortcodes 3

[jw7-video] includes\jwppp-functions.php:650

[jwp-video] includes\jwppp-functions.php:651

[jwplayer] includes\jwppp-functions.php:758

WordPress Hooks 20

actionadmin_noticesadmin\ilghera-notice\class-ilghera-notice.php:183

actionadmin_noticesadmin\ilghera-notice\class-ilghera-notice.php:189

actionadmin_noticesadmin\ilghera-notice\class-ilghera-notice.php:195

actionadmin_enqueue_scriptsadmin\ilghera-notice\extension.php:25

actionadmin_initadmin\jwppp-admin.php:18

actionadmin_menuadmin\jwppp-admin.php:27

actionadmin_enqueue_scriptsadmin\jwppp-admin.php:97

actionadmin_menuadmin\jwppp-admin.php:125

actionadmin_noticesclasses\class-jwppp-dashboard-api.php:100

actionadd_meta_boxesincludes\jwppp-functions.php:35

actionwp_enqueue_scriptsincludes\jwppp-functions.php:439

actionadmin_enqueue_scriptsincludes\jwppp-functions.php:483

actioninitincludes\jwppp-functions.php:500

filterwidget_textincludes\jwppp-functions.php:765

filterthe_contentincludes\jwppp-functions.php:812

filterhas_post_thumbnailincludes\jwppp-functions.php:1011

filterpost_thumbnail_htmlincludes\jwppp-functions.php:1045

actionsave_postincludes\jwppp-save-single-video-data.php:148

actionplugins_loadedjw-player-7-for-wp.php:48

actioninitjw-widget\jwppp-carousel-config.php:45

Maintenance & Trust

JW Player for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedNov 24, 2025

PHP min version

Downloads184K

Community Trust

Rating76/100

Number of ratings29

Active installs1K

Alternatives

JW Player for WordPress Alternatives

skiv video embedding

muse-ai

This plugin enables skiv.com oEmbed links, and adds shortcodes to easily embed videos hosted on skiv.com.

30 1 CVE

MK Auto Youtube Player

mk-auto-youtube-player

MK Auto Youtube Player will help you increase your sales conversion up to 50%.

10 No CVEs

MK Smart Player

mk-smart-player

MK Smart Player will allow you to play any video from the web or from Youtube.

10 No CVEs

All-in-One Video Gallery

all-in-one-video-gallery

The ultimate video player & video gallery plugin for YouTubers, Video Bloggers, Course Creators, Podcasters, and anyone embedding videos on websites.

20K 11 CVEs

FV Flowplayer Video Player

fv-wordpress-flowplayer

WordPress's most reliable, easy to use and feature-rich video player. Supports responsive design, HTML5, playlists, ads, stats, Vimeo and YouTube.

20K 23 CVEs

Developer Profile

JW Player for WordPress Developer Profile

ilGhera

13 plugins · 2K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

150 days

View full developer profile

Detection Fingerprints

How We Detect JW Player for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/jw-player-7-for-wp/admin/ilghera-notice/css/ilghera-notice.css/wp-content/plugins/jw-player-7-for-wp/admin/ilghera-notice/images/ilGhera-icon-40px.png/wp-content/plugins/jw-player-7-for-wp/admin/js/jwppp-admin.js/wp-content/plugins/jw-player-7-for-wp/admin/css/jwppp-admin-style.css/wp-content/plugins/jw-player-7-for-wp/jw-widget/jwppp-carousel-config.php

Script Paths

/wp-content/plugins/jw-player-7-for-wp/admin/js/jwppp-admin.js

Version Parameters

jwppp-admin.js?ver=jwppp-admin-style.css?ver=jwppp-carousel-config.php?ver=

HTML / DOM Fingerprints

CSS Classes

ilghera-notice-warningilghera-notice__contentilghera-notice__logoilghera-notice__messageilghera-notice__buttonsjwppp-admin-style

Data Attributes

data-domaindata-slugdata-namedata-sign

JS Globals

JWPPP_VERSION

FAQ