## https://sploitus.com/exploit?id=WPEX-ID:D89EFF7D-A3E6-4876-AA0E-6D17E206AF83
As unauthenticated, on a page/post where there is a contact form created via the plugin, put the following payload in the Name, Subject and Message fields: <img src onerror=alert(/XSS/)>
The XSS will be triggered when an admin will view the related entry