## https://sploitus.com/exploit?id=WPEX-ID:078F33CD-0F5C-46FE-B858-2107A09C6B69
As a contributor, create a blank form and add custom html field with the following content in the "Text" tab of the field editor:
<p>Some description about this section</p><p><iframe srcdoc="<script>alert(document.cookie)</script>"></iframe></p>
Do not decode the payload. And please ensure that payload is added when editor has Text tab selected. Save the form, it will trigger xss payload.