WordPress Plugin Vulnerabilities

Spiffy XSPF Player 0.1 - playlist.php playlist_id Parameter SQL Injection

Description

The spiffy WordPress plugin was affected by a playlist.php playlist_id Parameter SQL Injection security vulnerability.

Affects Plugins

Plugin icon
spiffy
No known fix

References

CVE
CVE-2013-3530
URL
https://packetstormsecurity.com/files/#121204/
URL
https://exchange.xforce.ibmcloud.com/vulnerabilities/83345

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Verified
No
WPVDB ID
62681151-fc29-4978-98a5-7be344659319

Timeline

Publicly Published
2014-08-01 (about 11 years ago)
Added
2014-08-01 (about 11 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2014-08-01
Title
Simple Retail Menus 4.0.1 - includes/mode-edit.php targetmenu Parameter SQL Injection
Published
2014-08-01
Title
PureHTML <= 1.0.0 - SQL Injection
Published
2024-11-20
Title
Distance Based Shipping Calculator < 2.0.24 - Subscriber+ SQL Injection
Published
2025-02-18
Title
Small Package Quotes – For Customers of FedEx < 4.3.2 - Unauthenticated SQL Injection
Published
2025-03-04
Title
Hero Slider - WordPress Slider Plugin <= 1.3.5 - Authenticated (Subscriber+) SQL Injection