The vulnerable function is exposed to unauthenticated users over wp_ajax_nopriv_fv_wp_flowplayer_email_signup
ajax hook. It saves anything that user provides in email
POST parameter.
Send POST request to wp-admin/admin-ajax.php with body content: “action=fv_wp_flowplayer_email_signup&list;=1&email;[email protected]” The provided email input is then rendered on email export screen.
CPE | Name | Operator | Version |
---|---|---|---|
fv-wordpress-flowplayer | lt | 7.3.14.727 |