CVE-2026-8172
Simple Basic Contact Form <= 20250114 - Reflected XSS
The Simple Basic Contact Form WordPress plugin through 20250114 does not escape user-supplied input before reflecting it into the contact form output on validation errors, leading to a Reflected Cross-Site Scripting vulnerability that unauthenticated attackers can exploit against site visitors via a crafted link or cross-site form submission.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Affected products
Unknown · Simple Basic Contact Formpublic PoCs found — 1
cve_referencewpscan.com/vulnerability/535ec1a1-b822-43c9-8264-6442199493d3/unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →