The contact-form-plugin plugin before 4.0.2 for WordPress has XSS.Referenceshttps://wordpress.org/plugins/contact-form-plugin/#developers
