Vulnerability Discovered in Form Maker by 10Web < 1.13.40
https://twitter.comForm Maker by 10Web WordPress plugin has 100,000+ active installations and can be used for building forms of any complexity in just a few clicks. In versions prior to 1.13.40, there is a vulnerability. A logged-in site administrator who follows a crafted link will trigger arbitrary JavaScript code to be run in their browser in the context of their privileged account on the WordPress site.
The issue has been fixed in Version 1.13.40 which is available now from the WordPress Plugin Repo.