Description The plugin does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks
1. Create a contact form
2. Embed the contact form shortcode on a post or page.
3. As an Unauthitncated user, inject the inputs for a malicious script such as
`<script>alert("MalekAlthubiany")</script>` into the name field
4. Go to the "Leads" section as an admin
5. See the XSS