The Form Maker plugin for WordPress, created by 10Web, has a security vulnerability that allows attackers to inject harmful web scripts into pages. This can happen if a user is tricked into clicking on a link. The vulnerability affects all versions of the plugin up to and including 1.15.26.