With wpscan-team I noticed that file jwplayer.swf in WordPress plugin smart-flv
is vulnerable to reflected XSS vulnerability.
With user interaction (clicking the page):
WordPress guys could you report this to the developer since I don't know his/her
email address, thanks? Could you also tell me if there is a way to contact
plugin developers directly, thank you. Please include CVE to changelog if