CVE-2013-3529

Name of the Vulnerable Software and Affected Versions WP FuneralPress plugin versions prior to 1.1.7

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the message, photo-message, or youtube-message parameters in the user/obits.php file.

Recommendations For WP FuneralPress plugin versions prior to 1.1.7, update to version 1.1.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the user/obits.php file or avoiding the use of the message, photo-message, and youtube-message parameters until the update is applied.