UCan Post plugin is prone to a stored cross-site scripting vulnerability. It causes such problems as:
name field and post title are not sanitized and it is injectable with a payload and email field is not sanitized but can it will check for a valid email address.
Update the plugin.
Type XSS (Cross Site Scripting) OWASP Top 10 A3: Cross Site Scripting (XSS)