WordPress Plugin Contact Form by BestWebSoft Email Header Injection (3.83)
Description
WordPress Plugin Contact Form by BestWebSoft is prone to an email header injection vulnerability because it fails to sufficiently sanitize input. Exploiting this issue may allow a remote attacker to insert arbitrary email headers into an HTTP response, which may aid in launching further attacks. WordPress Plugin Contact Form by BestWebSoft version 3.83 is vulnerable; other versions may also be affected.
Remediation
Edit the source code to ensure that newlines are stripped from the 'name' field