The Elementor page builder plugin itself patched a similar vulnerability in February 2021. This vulnerability affects add-on plugins for Elementor that are created by third parties.

WordPress publishers using the Metform Elementor Contact Form Builder should consider updating their plugin to version 3.2.3, the version that is fully patched.