If an authenticated user who is able to edit Wordpress PHP code in any kind, clicks a malicious link, PHP code can be edited through XSS in Formidable Forms 4.09.04.
CVE-2021-24884 XSS2RCE in Formidable 40904 Formidable 40904 allowed to inject certain HTML Tags like <audio>,<video>,<img>,<a> and <button> This could allow an unauthenticated, remote attacker to exploit a HTML-injection by injecting a malicous link The HTML-injection may trick authenticated users to fo