The popular WordPress plugin, WPForms, was found to be vulnerable to Authenticated Cross-Site Scripting (XSS). The Form Description and Field Description fields in the WPForms plugin’s Form Builder module was found to be vulnerable to stored XSS, as they did not sanitize user given input properly.