CVE-2013-3529
WP FuneralPress < 1.1.7 - Cross-Site Scripting via User Obits Parameters
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2013-3529. PoCs published by Rob Armstrong.
AI-analyzed exploit summary This is a detailed writeup describing a stored XSS vulnerability in WP FuneralPress version 1.1.6. The exploit involves injecting malicious scripts via guestbook form fields, which execute when viewed by an admin or approved users.
Description
Multiple cross-site scripting (XSS) vulnerabilities in user/obits.php in the WP FuneralPress plugin before 1.1.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) message, (2) photo-message, or (3) youtube-message parameter.
Exploits (1)
This is a detailed writeup describing a stored XSS vulnerability in WP FuneralPress version 1.1.6. The exploit involves injecting malicious scripts via guestbook form fields, which execute when viewed by an admin or approved users.