The plugin did not sanitise its input fields, leading to Stored Cross-Site scripting issues. The plugin was vulnerable to an Authenticated Stored Cross-Site Scripting (XSS) vulnerability within the Forms “Add new” field.
Step 1: Install and activate the plugin.
Step 2: Go to the Forms--> Add New.
Step 3: Enter the following payload in the "Title" Field and click on save button.
<script>alert(1)</script>
Step 4: Now the script is stored and whenever the user goes to the plugin the script will be executed.