The Contact Bank – Contact Form Builder for WordPress plugin is vulnerable to a type of cyber attack known as Reflected Cross-Site Scripting. This is an issue in versions before 2.1.23 due to insufficient security measures. This means an attacker could inject malicious code into a page if they can convince a user to do an action such as clicking a link.