CVE-2018-20963

The contact-form-to-email plugin before 1.2.66 for WordPress has XSS.
Source: NIST
CVE-2018-20963