The Quick Contact Form plugin for WordPress has an issue that makes it vulnerable to unauthenticated attackers. This means that someone who is not an authorized user can gain access to private information like messages and email lists. This vulnerability is present in all versions of the plugin up to and including 8.0.3.1 and is caused by a lack of protection against malicious requests. If a malicious user can trick a site administrator into clicking on a link or taking some other action