CVE-2013-3529
The CVE concerns the WP FuneralPress WordPress plugin, affecting version(s) before 1.1.7. The vulnerability is a Cross-Site Scripting (XSS) in the file path user/obits.php, where the parameters (message, photo-message, youtube-message) can be exploited to inject arbitrary script/HTML. Root cause:...