Wordpress FuneralPress Plugin 1.1.6 - Persistent XSS

Exploit for php platform in category web applications A low-privilege or guest user can inject code via the , and elements which are part of the wpfhuploadform form in http://site/obituaries/?id=ID&f=guestbook&m=add Scripts injected via the "photo-message" and "youtube-message" elements will be...

WordPress FuneralPress 1.1.6 Cross Site Scripting

WP FuneralPress - stored xss in guestbook "FuneralPress is an online website obituary management and guest book program for funeral homes and cemeteries" http://wpfuneralpress.com/ tested on: funeralpress version 1.1.6 / wordpress version 3.5.1 impact: malicious script execution as wordpress...