The plugin did not sanitise its input fields, leading to Stored Cross-Site scripting issues. The plugin was vulnerable to an Authenticated Stored Cross-Site Scripting (XSS) vulnerability within the Forms “Add new” field.
Step 1: Install and activate the plugin. Step 2: Go to the Forms–> Add New. Step 3: Enter the following payload in the “Title” Field and click on save button. Step 4: Now the script is stored and whenever the user goes to the plugin the script will be executed.