Cross-Site Scripting and XSS attacks are 84% of all security vulnerabilities on the Internet. The most growing flaw in WordPress plugins is Cross-Site Scripting.

Cross-Site Scripting's basic mechanism works this way: an attacker finds a way of getting a target to load webpages with vulnerable javascript scripts. Such scripts load and steal information from the app without the knowledge of the user. The hijacked form that appears to be located on your web site would be an example of a Scripting attack, and the data will be stolen if a user enters information in that form.