Title: Security issue
Last modified: August 21, 2016

---

# Security issue

 *  Resolved [yappare](https://wordpress.org/support/users/yappare/)
 * (@yappare)
 * [12 years, 10 months ago](https://wordpress.org/support/topic/security-issue-29/)
 * It seems the latest version is vulnerable to XSS attack.
    To reproduce
 * 1: go to [http://site.com/contact-us/](http://site.com/contact-us/) (tested on
   [http://bestwebsoft.com/contacts/contact-us/](http://bestwebsoft.com/contacts/contact-us/)
   and it works as well)
    2: put xss payload in any form 3: submit it with incomplete
   form (e.g invalid captcha) 4: payload used xxx”<>/**/onmouseover=confirm(1)<>/**/;//
 * [http://wordpress.org/plugins/contact-form-plugin/](http://wordpress.org/plugins/contact-form-plugin/)

Viewing 1 replies (of 1 total)

 *  Plugin Author [bestwebsoft](https://wordpress.org/support/users/bestwebsoft/)
 * (@bestwebsoft)
 * [12 years, 9 months ago](https://wordpress.org/support/topic/security-issue-29/#post-4019925)
 * Hi,
 * We fixed that in the recent version of the plugin V3.52.
 * Kind regards

Viewing 1 replies (of 1 total)

The topic ‘Security issue’ is closed to new replies.

 * ![](https://ps.w.org/contact-form-plugin/assets/icon-256x256.gif?rev=2565795)
 * [Contact Form by BestWebSoft - Advanced WP Contact Form Builder for WordPress](https://wordpress.org/plugins/contact-form-plugin/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/contact-form-plugin/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/contact-form-plugin/)
 * [Active Topics](https://wordpress.org/support/plugin/contact-form-plugin/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/contact-form-plugin/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/contact-form-plugin/reviews/)

## Tags

 * [xss](https://wordpress.org/support/topic-tag/xss/)

 * 1 reply
 * 2 participants
 * Last reply from: [bestwebsoft](https://wordpress.org/support/users/bestwebsoft/)
 * Last activity: [12 years, 9 months ago](https://wordpress.org/support/topic/security-issue-29/#post-4019925)
 * Status: resolved