1 - Install and activate "Generate PDF using Contact Form 7 Version 3.5"
2 - Click on "Contact -> Add new" which is present at left side bar and create test contact form and save it.
3 - Click "Contact -> PDF with CF7" select test contact form from the drop down.
4 - Now add below mentioned xss script to each and every input field as shown in video poc
"><img src=x onerror=confirm(document.cookie)>
5 - Now Click on Save Changes, once the page loaded completely you will see xss popup with your cookies
6 - Now let's check with another admin user, login with 2nd admin user
9 - Click on the "Contact -> PDF with CF7" which is present at the left side bar and select test contact form from the drop down.
10 - 2nd admin account also gets xss popup with cookies