CVE-2021-24168

Name of the Vulnerable Software and Affected Versions: Easy Contact Form Pro WordPress plugin versions prior to 1.1.1.9

Description: The issue arises from the improper sanitization of text fields, such as Email Subject and Email Recipient, when creating or editing a form. This leads to an authenticated stored cross-site scripting issue, allowing medium privilege accounts, like authors and editors, to perform XSS attacks against high privilege ones, such as administrators.

Recommendations: For versions prior to 1.1.1.9, update to version 1.1.1.9 or later to resolve the issue. As a temporary workaround, consider restricting access to form creation and editing features to high privilege accounts only, until the update can be applied.