Share
## https://sploitus.com/exploit?id=WPEX-ID:46ED56DB-9B9D-4390-80FC-343A01FCC3C9
Create/edit a campaign (such as a Black Friday one), check the "Use Opt-in / Subscription / Lead capture form" settings and put the following payload in the "message_data[6130][form_header]" and "message_data[6130][form_footer]" fields: <img src onerror=alert(/XSS/)>

The XSS will be triggered when viewing/previewing the campaign