The plugin called “Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)” on WordPress has a security issue. This is because it does not properly clean and protect against harmful code that a user may add. This means that someone with contributor-level or higher access can add their own code to a page, which will then run whenever someone visits that page.