Contact Form & SMTP Plugin

Authenticated (Admin+) Stored CrossSite Scripting vulnerability <= 2.5.2

Admin+ Stored XSS vulnerability < 2.6.0

Unauthenticated Arbitrary Shortcode Execution vulnerability <= 2.6.0

HTML Injection vulnerability <= 1.5.1

CrossSite Request Forgery (CSRF) vulnerability <= 1.5.1