WordPress · Contact Form · CVE-2021-24718
**Name of the Vulnerable Software and Affected Versions**
Contact Form, Survey & Popup Form Plugin for WordPress versions prior to 1.5
**Description**
The issue allows high privilege users to perform Cross-Site Scripting attacks due to improper sanitization of some settings, even when the unfiltered html capability is disallowed.
**Recommendations**
For versions prior to 1.5, update to version 1.5 or later to resolve the issue.