CVE-2026-8172

UNKNOWN 0.0

Simple Basic Contact Form <= 20250114 - Reflected XSS

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

The Simple Basic Contact Form WordPress plugin through 20250114 does not escape user-supplied input before reflecting it into the contact form output on validation errors, leading to a Reflected Cross-Site Scripting vulnerability that unauthenticated attackers can exploit against site visitors via a crafted link or cross-site form submission.

Vendor	unknown
Product	simple basic contact form
Published	Jun 23, 2026

Stay Ahead of the Next One

Get instant alerts for unknown simple basic contact form

Be the first to know when new unknown vulnerabilities affecting unknown simple basic contact form are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Unknown / Simple Basic Contact Form

0 ≤ 20250114

References

NVD ↗ CVE.org ↗ EPSS Data ↗

wpscan.com: https://wpscan.com/vulnerability/535ec1a1-b822-43c9-8264-6442199493d3/

Credits

Juthawong Naisanguansee WPScan