Cross-site scripting (XSS) vulnerability in assets/player.swf in the Audio Player plugin before 2.0.4.6 for Wordpress allows remote attackers to inject arbitrary web script or HTML via the playerID parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| doryphores | audio_player | 2.0.2.0 |
| doryphores | audio_player | 2.0.3.1 |
| doryphores | audio_player | 2.0.4.1 |
| doryphores | audio_player | 2.0.3.0 |
| doryphores | audio_player | 2.0.4.3 |
| doryphores | audio_player | * |
| doryphores | audio_player | 2.0.1.0 |
| doryphores | audio_player | 2.0.4.0 |
| doryphores | audio_player | 2.0.4.4 |