The vulnerable function is exposed to unauthenticated users over `wp_ajax_nopriv_fv_wp_flowplayer_email_signup` ajax hook. It saves anything that user provides in `email` POST parameter.
Send POST request to wp-admin/admin-ajax.php with body content: "action=fv_wp_flowplayer_email_signup&list=1&email=<svg/onload=prompt(1)>@test.com" The provided email input is then rendered on email export screen.
WebARX Security
WebARX Security
No
2019-05-20 (about 4 years ago)
2019-05-20 (about 4 years ago)
2020-09-22 (about 2 years ago)