The plugin does not sanitize user input as it reaches its style HTML attribute, allowing contributors to conduct stored XSS attacks via the plugin’s Gutenberg blocks.
Note: The exploit requires the Contact Form 7 plugin. Exploit Additional CSS class(es) for “Contact Form 7 Styler” Gutenberg block: " onmouseover=“alert(1)” style=“background:red;”