The plugin does not sanitize user input as it reaches its style HTML attribute, allowing contributors to conduct stored XSS attacks via the pluginโs Gutenberg blocks.
Note: The exploit requires the Contact Form 7 plugin.
Exploit Additional CSS class(es) for โContact Form 7 Stylerโ Gutenberg block:
" onmouseover="alert(1)" style="background:red;"