FuneralPress 1.1.6 – Stored XSS | CVE 2013-3529

Affects Plugins

wp-funeral-press

No known fix

References

CVE

CVE-2013-3529

Exploitdb

24914

URL

https://seclists.org/fulldisclosure/2013/Mar/282

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

Miscellaneous

Verified

No

WPVDB ID

ddef0738-088b-4b9b-8075-dec8c21b9c58

Timeline

Publicly Published

2014-08-01 (about 11 years ago)

Added

2014-08-01 (about 11 years ago)

Last Updated

2019-10-21 (about 6 years ago)

Other

Published

Title

Published

2025-10-04

Title

Marquee Addons for Elementor < 3.8.3 - Contributor+ Stored XSS

Published

2025-02-26

Title

Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button, WhatsApp – Chaty < 3.3.6 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

Published

2024-03-29

Title

WooCommerce Bookings Calendar <= 1.0.36 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2016-07-29

Title

WP-Polls <= 2.73 - Authenticated Reflected Cross-Site Scripting (XSS)

Published

2023-12-05

Title

WP Photo Album Plus < 8.6.01.005 - Cross-Site Scripting