Summary
This host is installed with WordPress Rokbox Plugin and is prone to multiple vulnerabilities.
Impact
Successful exploitation could allow attackers to execute arbitrary HTML and script code in a user's browser session in context of an affected site and to gain sensitive information like installation path location.
Impact Level: Application
Solution
Upgrade to the WordPress Rokbox Plugin version 2.1.3, For updates refer to http://www.rockettheme.com/wordpress-downloads/plugins/free/2625-rokbox
Insight
Flaws are due to an improper validation of user supplied inputs to the 'src' parameter in 'thumb.php' and 'aboutlink', 'file' and 'config' parameters in 'jwplayer.swf'.
Affected
WordPress Rokbox Plugin versions using TimThumb 1.16 and JW Player 4.4.198
References