I read today that the popular 1 Pixel Out player has a vulnerability. The “Audio Player” plugin has been removed from the WordPress repository, and the PowerPress plugin (a very popular podcasting plugin) has removed the 1 Pixel Out player from its list of players. If you are using an old version of PowerPress, or the 1 Pixel Out player in another fashion, you need to update. But it does appear the creator is working on a fix, so you can use it again soon.
Update: According to Otto, The Master of Keys (my title for him) to the plugin repository, the issue has been addressed:
@Krogsgard mobile right now, but feel free to refer to my tweets. Minor XSS issue, Dev fixed it, it's in audio-player's player.swf.
— Samuel Wood (Otto) (@Otto42) January 27, 2013
