## https://sploitus.com/exploit?id=WPEX-ID:A642F313-CC3E-4D75-B207-1DCEB6A7FBAE
1. Install and activate the Ninja Forms WordPress
2. As an admin with the unfiltered_html capability, create a new form.
3. In the form settings, add a new text field.
4. In the field label, enter the following code: <img src=x onerror=alert(1)>, or Name<a href=javascript:alert(/XSS-1/) onfocus=alert(/XSS-2/) autofocus>ClickME, maybe</a>
5. Save the form.
The XSS will be triggered when viewing the form in the frontend, as well as when editing the form in the backend