Stored Cross-Site Scripting (XSS) vulnerability discovered by Mohammed Aadhil Ashfaq in WordPress Contact Form Email plugin (versions <= 1.3.24).
Update the WordPress Contact Form Email plugin to the latest available version (at least 1.3.25).