CVE-2021-24744

Name of the Vulnerable Software and Affected Versions: WordPress Contact Forms by Cimatti WordPress plugin versions prior to 1.4.12

Description: The issue arises from the lack of sanitization and escaping of the Form Title before it is outputted in some admin pages. This could allow high privilege users to perform Cross-Site Scripting attacks, even in scenarios where the unfiltered html is disallowed.

Recommendations: For versions prior to 1.4.12, update to version 1.4.12 or later to resolve the issue. As a temporary workaround, consider restricting access to admin pages where the Form Title is outputted to minimize the risk of exploitation.