Description
WordPress Plugin Contact Form by BestWebSoft is prone to an email header injection vulnerability because it fails to sufficiently sanitize input. Exploiting this issue may allow a remote attacker to insert arbitrary email headers into an HTTP response, which may aid in launching further attacks. WordPress Plugin Contact Form by BestWebSoft version 3.83 is vulnerable; other versions may also be affected.
Remediation
Edit the source code to ensure that newlines are stripped from the 'name' field
References
Related Vulnerabilities
Moodle Resource Management Errors Vulnerability (CVE-2015-5332)
Apache Tomcat 7PK - Security Features Vulnerability (CVE-2002-0493)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4297)
Oracle Database Server CVE-2020-2527 Vulnerability (CVE-2020-2527)
WordPress Plugin WP Admin UI Customize Cross-Site Scripting (1.5.2.6)