Tiến Dũng Nguyễn

**Name of the Vulnerable Software and Affected Versions** Forminator Forms plugin for WordPress versions prior to 1.50.3 **Description** The Forminator Forms plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to inadequate input sanitization and output escaping in the `form name` parameter. Successful exploitation allows authenticated attackers with administrator-level access to inject arbitrary web scripts into pages. These scripts will execute when a user accesses the compromised page. The plugin’s permission system, which allows administrators to grant form management access to lower-level users, could broaden the potential impact of this issue. **Recommendations** Update the Forminator Forms plugin to version 1.50.3 or later.