CVE-2013-3529

WP FuneralPress < 1.1.7 - Cross-Site Scripting via User Obits Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-3529. PoCs published by Rob Armstrong.

AI-analyzed exploit summary This is a detailed writeup describing a stored XSS vulnerability in WP FuneralPress version 1.1.6. The exploit involves injecting malicious scripts via guestbook form fields, which execute when viewed by an admin or approved users.

Description

Multiple cross-site scripting (XSS) vulnerabilities in user/obits.php in the WP FuneralPress plugin before 1.1.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) message, (2) photo-message, or (3) youtube-message parameter.

Exploits (1)

exploitdb WRITEUP
by Rob Armstrong · textwebappsphp
https://www.exploit-db.com/exploits/24914

This is a detailed writeup describing a stored XSS vulnerability in WP FuneralPress version 1.1.6. The exploit involves injecting malicious scripts via guestbook form fields, which execute when viewed by an admin or approved users.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: WP FuneralPress 1.1.6 / WordPress 3.5.1
No auth needed
Prerequisites: Access to the guestbook form · Admin interaction to approve malicious content
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Exploit mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2013/Mar/282
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/52809
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/58790
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/24914
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/83188

Scores

EPSS 0.0457
EPSS Percentile 90.5%

Details

CWE
CWE-79
Status published
Products (12)
smartypantsplugins/wp-funeral-press 1.0.1
smartypantsplugins/wp-funeral-press 1.0.2
smartypantsplugins/wp-funeral-press 1.0.3
smartypantsplugins/wp-funeral-press 1.0.4
smartypantsplugins/wp-funeral-press 1.0.5
smartypantsplugins/wp-funeral-press 1.0.7
smartypantsplugins/wp-funeral-press 1.0.9
smartypantsplugins/wp-funeral-press 1.1.0
smartypantsplugins/wp-funeral-press 1.1.2
smartypantsplugins/wp-funeral-press 1.1.3
... and 2 more
Published May 10, 2013
Tracked Since Feb 18, 2026