📄 WP Flash Player 1.3 Cross Site Scripting_PACKETSTORM:214771

Description

Multiple cross site scripting vulnerabilities exist in WP Flash Player WordPress Plugin version 1.3. This issue is older research added to the archive...

Visit Original Source

Basic Information

ID PACKETSTORM:214771

Published Feb 2, 2026 at 00:00

Affected Product

Affected Versions WP Flash Player 1.3 - Multiple Cross-site Scripting
Advisory ID: RO-15-011
Severity: High
Vendor: WordPress
Product: WP Flash Player
Version: 1.3

Overview #

Multiple Cross-site Scripting (XSS) vulnerabilities exist in WP Flash Player WordPress Plugin version 1.3.

Vulnerability Details #

Affected Versions: 1.3 and earlier

Root Cause: Insufficient input validation in admin panel parameters.

Status: Not fixed by developer
Technical Details #

Vulnerable URL: /wp-admin/admin.php?page=hdflv

Vulnerable Parameters (POST):

plfilter
search

Attack Pattern:

0'"--></style></scRipt><scRipt>alert(0x000862)</scRipt>

Exploitation Requirements #

Admin authentication required
Victim must be logged in as admin

Impact #

Remote attackers can exploit these vulnerabilities to:

Steal admin session cookies
Perform administrative actions
Compromise the WordPress installation

Solution #

The vulnerabilities have not been fixed by the developer. Consider using an alternative plugin.

References #

Invicti Advisory NS-15-009

Timeline:

[2015-03-17] - First Contact
[2015-06-01] - Second Contact
[2015-06-30] - Third Contact
[2015-07-15] - Advisory Released

Credits: Omar Kurt

{
    "lastseen": "2026-02-02T18:38:05",
    "description": "Multiple cross site scripting vulnerabilities exist in WP Flash Player WordPress Plugin version 1.3. This issue is older research added to the archive...",
    "published": "2026-02-02T00:00:00",
    "modified": "2026-02-02T00:00:00",
    "type": "packetstorm",
    "title": "\ud83d\udcc4 WP Flash Player 1.3 Cross Site Scripting",
    "source": "",
    "references": "",
    "id": "PACKETSTORM:214771",
    "bulletinFamily": "exploit",
    "cwe": null,
    "cvelist": [],
    "sourceData": "WP Flash Player 1.3 - Multiple Cross-site Scripting\n    Advisory ID: RO-15-011\n    Severity: High\n    Vendor: WordPress\n    Product: WP Flash Player\n    Version: 1.3\n    \n    \n    Overview #\n    \n    Multiple Cross-site Scripting (XSS) vulnerabilities exist in WP Flash Player WordPress Plugin version 1.3.\n    \n    \n    Vulnerability Details #\n    \n    Affected Versions: 1.3 and earlier\n    \n    Root Cause: Insufficient input validation in admin panel parameters.\n    \n    Status: Not fixed by developer\n    Technical Details #\n    \n    Vulnerable URL: /wp-admin/admin.php?page=hdflv\n    \n    Vulnerable Parameters (POST):\n    \n        plfilter\n        search\n    \n    Attack Pattern:\n    \n    0'\"--></style></scRipt><scRipt>alert(0x000862)</scRipt>\n    \n    \n    \n    Exploitation Requirements #\n    \n        Admin authentication required\n        Victim must be logged in as admin\n    \n    Impact #\n    \n    Remote attackers can exploit these vulnerabilities to:\n    \n        Steal admin session cookies\n        Perform administrative actions\n        Compromise the WordPress installation\n    \n    \n    \n    Solution #\n    \n    The vulnerabilities have not been fixed by the developer. Consider using an alternative plugin.\n    \n    \n    References #\n    \n        Invicti Advisory NS-15-009\n    \n    Timeline:\n    \n        [2015-03-17] - First Contact\n        [2015-06-01] - Second Contact\n        [2015-06-30] - Third Contact\n        [2015-07-15] - Advisory Released\n    \n    Credits: Omar Kurt",
    "sourceHref": "https://packetstorm.news/download/214771",
    "cvss": {
        "score": 0,
        "severity": "NONE",
        "vector": "NONE",
        "version": "NONE"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "https://packetstorm.news/files/id/214771/",
    "category_name": "Exploit",
    "post_link": "",
    "product": "",
    "version": "",
    "vendor": "",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

💭 Join the Security Discussion ❌ Cancel Reply