WordPress Contact Form X plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is an application plugin for WordPress. A cross-site scripting vulnerability exists in WordPress Contact Form X plugin version 2.4 and earlier. The vulnerability stems from a lack of data validation filtering of user-supplied data and output in the &tab parameter. An attacker could exploit this vulnerability to execute JavaScript code.