ThreatPress

WordPress Vulnerabilities Database

Back

WordPress TinyMCE Media Plugin <= 3.5.1 - Content Spoofing

Product
TinyMCE Media
Description
A moxieplayer.as does not consider the presence of a # character during extraction of the QUERY_STRING. In that way the attackers can pass arbitrary parameters to a Flash application and conduct content-spoofing attacks.
Solution
Update the plugin.
Classification
Type Unknown
References
CVE Mitre
CVE
Name CVE-2013-2204
Versions
Affected In <= 3.5.1
Fixed In 3.5.2
Disclosure date
2013-02-19
Credits
Jan Lieskovsky