CVE Catalog

CVE-2026-8172

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

6th percentile — higher than 6% of all known CVEs

Summary

The Simple Basic Contact Form WordPress plugin through version 20250114 does not escape user-supplied input before reflecting it into the contact form output on validation errors, leading to a Reflected Cross-Site Scripting vulnerability.

Risk Assessment

Unauthenticated attackers can exploit this vulnerability against site visitors via a crafted link or cross-site form submission.

Recommendation

It is recommended to update the plugin to the latest version that fixes this vulnerability and review the code to ensure proper input data sanitization.

Original NVD description (English source)

The Simple Basic Contact Form WordPress plugin through 20250114 does not escape user-supplied input before reflecting it into the contact form output on validation errors, leading to a Reflected Cross-Site Scripting vulnerability that unauthenticated attackers can exploit against site visitors via a crafted link or cross-site form submission.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS