CVE-2021-24967

Name of the Vulnerable Software and Affected Versions: Contact Form & Lead Form Elementor Builder WordPress plugin versions prior to 1.6.4

Description: The issue allows unauthenticated users to perform Cross-Site Scripting attacks against logged-in admins viewing the inserted leads, due to the plugin not sanitizing and escaping some lead values.

Recommendations: For versions prior to 1.6.4, update to version 1.6.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the lead viewing functionality until the update is applied.