CVE-2013-3530

Spiffy XSPF Player plugin 0.1 - SQL Injection via playlist_id Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-3530. PoCs published by Ashiyane Digital Security Team.

AI-analyzed exploit summary The exploit describes an SQL injection vulnerability in Spiffy XSPF Player for WordPress, where unsanitized user input in the 'playlist_id' parameter can be exploited to manipulate SQL queries. No actual exploit code is provided, only a description and example URL.

Description

SQL injection vulnerability in playlist.php in the Spiffy XSPF Player plugin 0.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the playlist_id parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Ashiyane Digital Security Team · textwebappsphp
https://www.exploit-db.com/exploits/38441

The exploit describes an SQL injection vulnerability in Spiffy XSPF Player for WordPress, where unsanitized user input in the 'playlist_id' parameter can be exploited to manipulate SQL queries. No actual exploit code is provided, only a description and example URL.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: Spiffy XSPF Player 0.1
No auth needed
Prerequisites: Access to the vulnerable WordPress plugin endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/83345
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/92258
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/58976

Scores

EPSS 0.0464
EPSS Percentile 90.5%

Details

CWE
CWE-89
Status published
Products (1)
fabricio_zuardi/xspf_player_plugin 0.1
Published May 10, 2013
Tracked Since Feb 18, 2026