The Quick Contact Form plugin used in WordPress has a security vulnerability called Reflected Cross-Site Scripting. This means that malicious code can be injected into the plugin, allowing hackers to potentially control a user’s actions if they click on a certain link. This vulnerability exists in all versions of the plugin up to and including version 8.2.1.