CVE-2021-24896

Name of the Vulnerable Software and Affected Versions: Caldera Forms WordPress plugin versions prior to 1.9.5

Description: The issue allows high privilege users to perform Cross-Site Scripting attacks due to the lack of sanitization and escaping of the Form Name before outputting it in attributes, even when the unfiltered html capability is disallowed.

Recommendations: For versions prior to 1.9.5, update to version 1.9.5 or later to resolve the issue. As a temporary workaround, consider restricting the ability of high privilege users to input Form Names until the update is applied.