Description
WordPress Plugin Contact Form by BestWebSoft is prone to an email header injection vulnerability because it fails to sufficiently sanitize input. Exploiting this issue may allow a remote attacker to insert arbitrary email headers into an HTTP response, which may aid in launching further attacks. WordPress Plugin Contact Form by BestWebSoft version 3.83 is vulnerable; other versions may also be affected.
Remediation
Edit the source code to ensure that newlines are stripped from the 'name' field
References
Related Vulnerabilities
MySQL CVE-2017-3243 Vulnerability (CVE-2017-3243)
WordPress Plugin Analytics-Gtag Restricted File Upload (1.8.1)
MongoDb Insertion of Sensitive Information into Log File Vulnerability (CVE-2025-6711)
WordPress Plugin Custom Field Template Cross-Site Request Forgery (2.5.1)
WordPress Plugin JobSearch WP Job Board Cross-Site Scripting (1.5.2)