cleantalk
Vulnerabilities and Security Researches

Simple Basic Contact Form, CVE-2026-8172

CVE, Research URL

CVE-2026-8172

Home page URL

Security reports for Simple Basic Contact Form

Application

Simple Basic Contact Form

Published on
Jun 23, 2026
Research Description
The Simple Basic Contact Form WordPress plugin through 20250114 does not escape user-supplied input before reflecting it into the contact form output on validation errors, leading to a Reflected Cross-Site Scripting vulnerability that unauthenticated attackers can exploit against site visitors via a crafted link or cross-site form submission.
Affected versions
max -.
Status
vulnerable
Previous vulnerability researches
WP Travel Engine – Best Travel Booking WordPress Plugin (CVE-2025-30870) , May 06, 2025
WP Travel Engine – Best Travel Booking WordPress Plugin (CVE-2024-37944) , Jul 14, 2024
WP Travel Engine – Best Travel Booking WordPress Plugin (CVE-2026-49770) , Jun 11, 2026
WP Travel Engine – Best Travel Booking WordPress Plugin (CVE-2024-10606) , Nov 24, 2024
WP Travel Engine – Best Travel Booking WordPress Plugin (CVE-2026-2437) , Apr 13, 2026
New vulnerability
Infility Global (CVE-2026-7842) , Jun 25, 2026
Infility Global (CVE-2026-8163) , Jun 25, 2026
Motors – Car Dealer, Classifieds & Listing (CVE-2026-54828) , Jun 25, 2026
130+ Widgets | Best Addons For Elementor – FREE (CVE-2026-11614) , Jun 25, 2026
MIR blocks and shortcodes (CVE-2026-8896) , Jun 25, 2026