This plugin is prone to a cross site scripting vulnerability in dewplayer-vinyl.swf xml and dewplayer-vinyl-en.swf xml parameters.
Update the plugin.
www.securityfocus.com/bid/64506/
packetstormsecurity.com/files/124582/