CVE-2025-5730

Name of the Vulnerable Software and Affected Versions: Contact Form Plugin WordPress plugin versions prior to 1.1.29

Description: The issue concerns the Contact Form Plugin WordPress plugin, where some settings are not properly sanitized and escaped, potentially allowing high-privilege users, such as contributors, to perform Stored Cross-Site Scripting attacks.

Recommendations: For versions prior to 1.1.29, update to version 1.1.29 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's settings to minimize the risk of exploitation.