Forms < 1.12.3 - Authenticated Stored Cross-Site Scripting (XSS)
The plugin did not sanitise its input fields, leading to Stored Cross-Site scripting issues. The plugin was vulnerable to an Authenticated Stored Cross-Site Scripting (XSS) vulnerability within the Forms "Add new" field.
Proof of Concept
Step 1: Install and activate the plugin.
Step 2: Go to the Forms--> Add New.
Step 3: Enter the following payload in the "Title" Field and click on save button.
Step 4: Now the script is stored and whenever the user goes to the plugin the script will be executed.