Unrated severityNVD Advisory· Published May 10, 2013· Updated Apr 29, 2026
CVE-2013-3529
CVE-2013-3529
Description
Multiple cross-site scripting (XSS) vulnerabilities in user/obits.php in the WP FuneralPress plugin before 1.1.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) message, (2) photo-message, or (3) youtube-message parameter.
Affected products
12cpe:2.3:a:smartypantsplugins:wp-funeral-press:*:*:*:*:*:*:*:*+ 11 more
- cpe:2.3:a:smartypantsplugins:wp-funeral-press:*:*:*:*:*:*:*:*range: <=1.1.6
- cpe:2.3:a:smartypantsplugins:wp-funeral-press:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:smartypantsplugins:wp-funeral-press:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:smartypantsplugins:wp-funeral-press:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:smartypantsplugins:wp-funeral-press:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:smartypantsplugins:wp-funeral-press:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:smartypantsplugins:wp-funeral-press:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:smartypantsplugins:wp-funeral-press:1.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:smartypantsplugins:wp-funeral-press:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:smartypantsplugins:wp-funeral-press:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:smartypantsplugins:wp-funeral-press:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:smartypantsplugins:wp-funeral-press:1.1.4:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- packetstormsecurity.com/files/121030/WordPress-FuneralPress-1.1.6-Cross-Site-Scripting.htmlnvdExploit
- seclists.org/fulldisclosure/2013/Mar/282nvdExploit
- www.exploit-db.com/exploits/24914nvdExploit
- secunia.com/advisories/52809nvdVendor Advisory
- plugins.trac.wordpress.org/changesetnvd
- wordpress.org/extend/plugins/wp-funeral-press/changelog/nvd
- www.securityfocus.com/bid/58790nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/83188nvd
News mentions
0No linked articles in our index yet.