CVE-2013-1464

Doryphores Audio Player < 2.0.4.5 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in assets/player.swf in the Audio Player plugin before 2.0.4.6 for Wordpress allows remote attackers to inject arbitrary web script or HTML via the playerID parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by hiphop · textwebappsphp
https://www.exploit-db.com/exploits/38300

References (6)

Scores

EPSS 0.0352
EPSS Percentile 87.5%

Details

CWE
CWE-79
Status published
Products (10)
doryphores/audio_player < 2.0.4.5
doryphores/audio_player
doryphores/audio_player
doryphores/audio_player
doryphores/audio_player
doryphores/audio_player
doryphores/audio_player
doryphores/audio_player
doryphores/audio_player
n/a/n/a
Published Feb 07, 2013
Tracked Since Feb 18, 2026