wp-plugin : pb-embedflash

Plugin Details
Plugin Name: wp-plugin : pb-embedflash
Effected Version : 1.5.1 (and most probably lower version's if any)
Vulnerability : Components with Known Vulnerabilities
Identified by : prajalkulkarni
WPScan Reference URL

Technical Details
Minimum Level of Access Required : Unauthenticated
PoC - (Proof of Concept) :


Disclosure Timeline
Vendor Contacted : 2013-12-15
Plugin Status : Updated on 2014-01-11
Public Disclosure : May 25, 2014
CVE Number :
Plugin Description :
[| ** I'm sorry to announce that I'm not continuing this project anymore. I stopped blogging for several reasons and so this plugin dies with it. If somebody wants to rebirth it: feel free! I'm really sorry! ** **pb-embedFlash** is a filter for WordPress to display **any flash content** in **valid XHTML 1.0 Strict** code offering the possibility to specify attributes and parameters individually. It's easy to use but the final appearance of your embedded files can be modified heavily. With *admin panel*, *sidebar widget*, *TinyMCE popup* and **media & playlist manager**! **See the Installation tab for more information about the usage.** This plugin comes with currently four ways of displaying your flash content: * `<object>` tag * SWFObject (JavaScript) * Shadowbox (JavaScript, by [Michael J. I. Jackson](http://mjijackson.com/shadowbox/)) * Popup window (JavaScript) **pb-embedFlash** primarily supports, but is not limited to... * .swf * .flv, .mp3, .png, .jpg, .gif and .xml playlist via JW FLV Media Player * YouTube * Google Video * Revver * SevenLoad * Vimeo * GUBA * ClipFish * MetaCafe * MyVideo * Veoh * ifilm * MySpace Videos * Brightcove * aniBOOM * vSocial * GameVideos * VideoTube * AOL UnCut * grouper Unfortunately, Blip.tv, Garage TV, Break.com, dailymotion and Yahoo! do not put the videoID into the browser URL; therefore you have grab the path to the video file from the embedding-HTML-code they offer. If your favorite video hoster is not listed as supported by this plugin, *you still can use it* by copying the link to the video out of the embedding code. Please give me a note if a video hoster is missing or not fully supported, thanks. ]