The audio-player WordPress plugin was affected by a player.swf playerID Parameter XSS security vulnerability.
packetstormsecurity.com/files/120129/
seclists.org/bugtraq/2013/Feb/35