Contact Form Clean and Simple is vulnerable to Authenticated stored XSS. When a user has admin capabilities, malicious code can be submitted through the plugin's options. This code will then be executed on every page with the contact form on the front-end. Edit (WPScanTeam): January 22nd, 2020 - Escalated to WP plugins team as no response from the developer according to the researcher.
Share this page: