## https://sploitus.com/exploit?id=WPEX-ID:71662B72-311C-42DB-86C5-A0276D25535C
XSS Payload : <img src=x onerror=alert('xss') >
Steps to reproduce:
1. Install subscribe2 plugin (https://wordpress.org/plugins/subscribe2/)
2. Install FluentSMTP
3. Configure FluentSMTP to use custom SMTP (for testing use mailtrap).
4. As another user (needs Author+ role), send an email using subscribe2 plugin with email content as xss payload.
5. View logs and click on preview icon to trigger XSS.