The Contact Bank plugin for WordPress is vulnerable to a security issue called Cross-Site Scripting. This means that people with bad intentions can inject malicious code into the plugin. This affects versions of the plugin before 2.0.226 and could allow attackers to execute malicious code in someone else’s browser. It is caused by the plugin not properly sanitizing data input and not properly escaping data output.