Simple stored Cross Site Scripting (XSS) found in WordPress Profile Builder Plugin version 5.2.7 and below.
This is just a PoC example, just fill in the minimum password length field with


After we save the changes, the injected JavaScript executed successfully. This indicates that the plugin has a stored XSS vulnerability.