Hi Taylor,
I am being snowballed by emails from my security software saying there is this issue with Custom Contact Forms which I use on half a dozen sites. I also notice the plugin has not been updated for three years. Have you abandoned it? It is the best contact form around but... it needs to be safe and you did promise to extend it. Please let everyone know so that they can take a decision to migrate to something else.
Hi Taylor, I am being snowballed by emails from my security software saying there is this issue with Custom Contact Forms which I use on half a dozen sites. I also notice the plugin has not been updated for three years. Have you abandoned it? It is the best contact form around but... it needs to be safe and you did promise to extend it. Please let everyone know so that they can take a decision to migrate to something else.
Here is the report https://packetstormsecurity.com/files/112616/ I think it just needs some standard input sanitising code
Many thanks