What the vulnerability does
01Description
Missing Authorization vulnerability in WesternDeal Advanced Dewplayer advanced-dewplayer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Dewplayer: from n/a through <= 1.6.
Explanation of Vulnerability in Simple Terms
02Summary
Advanced Dewplayer versions 1.6 and earlier lack proper access controls, allowing unauthenticated attackers to read sensitive information over the network. No user interaction is required. The vulnerability affects confidentiality but not data integrity or availability. Update to a version newer than 1.6.
What an attacker can do
03Attacker Capabilities
Read sensitive information without authentication.
Potential impact on your site
04Site Impact
Sensitive data may be exposed to unauthenticated remote attackers if Advanced Dewplayer is deployed.
Conditions required to exploit
05Prerequisites
Network access to the affected system; no authentication or user interaction required.
Key dates
06Disclosure timeline
March 24, 2025
CVE published
April 28, 2026
Record updated