The formcraft3 plugin before 3.4 for WordPress has stored XSS via the "New Form > Heading > Heading Text" field.Referenceshttps://wpvulndb.com/vulnerabilities/8877
