The Form Maker plugin for WordPress, up to and including version 1.13.39, has a security vulnerability that allows unauthenticated attackers to inject malicious web scripts into pages that execute when a user clicks on a link or performs some other action. This is because the plugin does not properly sanitize input or escape output.