Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
patchstackRob ArmstrongPATCHSTACK:3BF80B722B87F4B4C25124AC2ECE1DC7
HistoryApr 02, 2013 - 12:00 a.m.

WordPress FuneralPress Plugin 1.1.6 - Persistent XSS

2013-04-0200:00:00
Rob Armstrong
patchstack.com
4

EPSS

0.024

Percentile

90.0%

JSON

FuneralPress plugin is prone to a persistent cross-site scripting vulnerabilities. These vulnerabilities allow attackers to host malicious Javascript on another site, enter a path to a local image
in <input type=“file” name=“photo” id=“wpfh_message_file”>, if Photo was selected. Also, attackers can submit the form with the following entered into <textareastyle=“width:100%;height:70px” name=“photo-message”></textarea>.

Solution

           For some basics XSS protection, use . Or update the plugin.

Related

wpvulndb 1
prion 1
cve 1
cvelist 1
exploitdb 1
nvd 1
wpvulndb
wpvulndb
FuneralPress 1.1.6 - Stored XSS
2014-08-01 10:58:59
prion
prion
Cross site scripting
2013-05-10 21:55:00
cve
cve
CVE-2013-3529
2013-05-10 21:55:02
cvelist
cvelist
CVE-2013-3529
2013-05-10 21:00:00
exploitdb
exploitdb
WordPress Plugin FuneralPress 1.1.6 - Persistent Cross-Site Scripting
2013-04-02 00:00:00
nvd
nvd
CVE-2013-3529
2013-05-10 21:55:02

EPSS

0.024

Percentile

90.0%

JSON
Related for PATCHSTACK:3BF80B722B87F4B4C25124AC2ECE1DC7
wpvulndb1prion1cve1cvelist1exploitdb1nvd1