The WS Form LITE and Pro WordPress plugins before 1.8.176 do not sanitise and escape their Form Name, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.CreditsFelipe Restrepo RodriguezReferenceshttps://wpscan.com/vulnerability/1697351b-c201-4e85-891e-94fdccbdfb55
