Description

WordPress Plugin Contact Form by BestWebSoft is prone to an email header injection vulnerability because it fails to sufficiently sanitize input. Exploiting this issue may allow a remote attacker to insert arbitrary email headers into an HTTP response, which may aid in launching further attacks. WordPress Plugin Contact Form by BestWebSoft version 3.83 is vulnerable; other versions may also be affected.

Remediation

Edit the source code to ensure that newlines are stripped from the 'name' field

References

Related Vulnerabilities