CVE-2022-1326

Name of the Vulnerable Software and Affected Versions The Form - Contact Form WordPress plugin versions prior to 1.2.1

Description The issue allows high-privileged users, such as admins, to perform Cross-Site Scripting attacks. This is possible because the plugin does not properly sanitize and escape Custom text fields, even when unfiltered html is disallowed.

Recommendations For The Form - Contact Form WordPress plugin versions prior to 1.2.1, update to version 1.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to Custom text fields for high-privileged users until the update is applied.