To replicate this vulnerability, follow these steps:

1. Go to the plugin dashboard, click "Add New" form.
2. Under "Field Name", enter "Name" and under "Field Type", select "Name", then click "Save Form".
3. Navigate to the form list, click "Edit" under the form you created.
4. In the "Field Name" section, change "Name" to the following payload: `<script>alert(document.domain)</script>` and click "Update Form".
5. Navigate back to the form list, copy the shortcode, publish it on a new page, and visit the page. This will trigger the XSS payload.