Vulnerability Brief

CVE-2026-8172

What this means for your business

A security vulnerability in the Simple Basic Contact Form WordPress plugin could allow an attacker to inject malicious code into your website, potentially stealing sensitive information or taking control of your site. This could lead to financial losses, damage to your reputation, and even the loss of customer trust. By addressing this vulnerability, you can protect your business and maintain a secure online presence.

Severity: HIGH
CVSS score: 7.1

Technical summary

The Simple Basic Contact Form WordPress plugin through 20250114 does not escape user-supplied input before reflecting it into the contact form output on validation errors, leading to a Reflected Cross-Site Scripting vulnerability that unauthenticated attackers can exploit against site visitors via a crafted link or cross-site form submission.