Vulnerability Database

289,689

Total vulnerabilities in the database

CVE-2013-2204

moxieplayer.as in Moxiecode moxieplayer, as used in the TinyMCE Media plugin in WordPress before 3.5.2 and other products, does not consider the presence of a # (pound sign) character during extraction of the QUERY_STRING, which allows remote attackers to pass arbitrary parameters to a Flash application, and conduct content-spoofing attacks, via a crafted string after a ? (question mark) character.

  • Published: Jul 8, 2013
  • Updated: Apr 13, 2023
  • CVE: CVE-2013-2204
  • Severity: Low
  • Exploit:

CVSS v2:

  • Severity: Low
  • Score: 4.3
  • AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

Software From Fixed in
WordPress / wordpress 2.8.5.2 2.8.5.2.x
WordPress / wordpress 1.2.3 1.2.3.x
WordPress / wordpress 3.4.0 3.4.0.x
WordPress / wordpress 2.0.11 2.0.11.x
WordPress / wordpress 1.3.3 1.3.3.x
WordPress / wordpress 2.8.6 2.8.6.x
WordPress / wordpress 2.0 2.0.x
WordPress / wordpress 2.1.1 2.1.1.x
WordPress / wordpress 2.2.3 2.2.3.x
WordPress / wordpress 2.0.2 2.0.2.x
WordPress / wordpress 1.6.2 1.6.2.x
WordPress / wordpress 3.5.0 3.5.0.x
WordPress / wordpress 2.1 2.1.x
WordPress / wordpress 1.1.1 1.1.1.x
WordPress / wordpress 1.2.4 1.2.4.x
WordPress / wordpress 2.0.6 2.0.6.x
WordPress / wordpress 2.0.1 2.0.1.x
WordPress / wordpress 2.8.4 2.8.4.x
WordPress / wordpress 2.0.4 2.0.4.x
WordPress / wordpress 2.2 2.2.x
WordPress / wordpress 1.2.1 1.2.1.x
WordPress / wordpress 2.1.3 2.1.3.x
WordPress / wordpress 1.3.2 1.3.2.x
WordPress / wordpress 2.8 2.8.x
WordPress / wordpress 3.3.3 3.3.3.x
WordPress / wordpress 2.0.7 2.0.7.x
WordPress / wordpress 2.1.2 2.1.2.x
WordPress / wordpress 1.2.5-a 1.2.5-a.x
WordPress / wordpress 2.7.1 2.7.1.x
WordPress / wordpress 0.71 0.71.x
WordPress / wordpress 2.6.3 2.6.3.x
WordPress / wordpress 2.0.5 2.0.5.x
WordPress / wordpress 2.8.3 2.8.3.x
WordPress / wordpress 2.8.4-a 2.8.4-a.x
WordPress / wordpress 2.6.5 2.6.5.x
WordPress / wordpress 2.2.2 2.2.2.x
WordPress / wordpress 2.3.3 2.3.3.x
WordPress / wordpress 1.5.1.1 1.5.1.1.x
WordPress / wordpress 2.0.9 2.0.9.x
WordPress / wordpress 2.8.1 2.8.1.x
WordPress / wordpress 2.2.1 2.2.1.x
WordPress / wordpress 2.7 2.7.x
WordPress / wordpress 1.5.2 1.5.2.x
WordPress / wordpress 1.0.1 1.0.1.x
WordPress / wordpress 2.6.2 2.6.2.x
WordPress / wordpress 2.9 2.9.x
WordPress / wordpress 2.3.1 2.3.1.x
WordPress / wordpress 1.0.2 1.0.2.x
WordPress / wordpress 2.5.1 2.5.1.x
WordPress / wordpress 3.3.2 3.3.2.x
WordPress / wordpress 2.6.1 2.6.1.x
WordPress / wordpress 1.5.1.2 1.5.1.2.x
WordPress / wordpress - 3.5.1.x
WordPress / wordpress 1.2 1.2.x
WordPress / wordpress 2.8.5.1 2.8.5.1.x
WordPress / wordpress 2.9.2 2.9.2.x
WordPress / wordpress 2.5 2.5.x
WordPress / wordpress 3.3.1 3.3.1.x
WordPress / wordpress 1.2.2 1.2.2.x
WordPress / wordpress 2.0.10 2.0.10.x
WordPress / wordpress 2.9.1 2.9.1.x
WordPress / wordpress 1.0 1.0.x
WordPress / wordpress 3.3 3.3.x
WordPress / wordpress 1.5 1.5.x
WordPress / wordpress 2.8.2 2.8.2.x
WordPress / wordpress 3.4.2 3.4.2.x
WordPress / wordpress 1.5.1 1.5.1.x
WordPress / wordpress 3.4.1 3.4.1.x
WordPress / wordpress 1.2.5 1.2.5.x
WordPress / wordpress 1.5.1.3 1.5.1.3.x
WordPress / wordpress 2.9.1.1 2.9.1.1.x
WordPress / wordpress 2.3.2 2.3.2.x
WordPress / wordpress 1.3 1.3.x
WordPress / wordpress 2.6 2.6.x
WordPress / wordpress 2.8.5 2.8.5.x
WordPress / wordpress 2.0.8 2.0.8.x
WordPress / wordpress 2.3 2.3.x