CVE-2021-24159

Name of the Vulnerable Software and Affected Versions: Contact Form 7 Style WordPress plugin versions prior to 3.1.9

Description: The issue arises from the lack of sanitization and nonce protection in the custom CSS feature, allowing an attacker to inject malicious JavaScript into a site. This can be achieved by tricking a site's administrator into clicking a link or attachment, which then updates the CSS settings to include the malicious code.

Recommendations: For versions prior to 3.1.9, update to version 3.1.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the custom CSS feature to minimize the risk of exploitation.