For contact form block author told me to post there, 5 days ago, and to stop writting email because this is a free plugin.
I haven’t stopped.
You wrote to me on the Jan 13, 15:55 (JST), I replied to you on the Jan 14, 12:29, then you sent two messages on the Jan 17, 16:00 and Jan 17, 18:50. Now we are Saturday 18. So basically, I replied to you quite quickly, in private, and looked at the code to understand the issues you are having.
That’s why, I’m happy to have tried (for 5 days) to help the Contact Form Block Author, even if he didn’t care about my suggestions.
I do care, and I replied in time I believe. But this is not a security issue. Have a look here: https://premium.wpmudev.org/blog/handling-form-submissions/. This is how to handle forms with WordPress. And yes, it is using the same solution as I do. In fact, there is no choice, this is the way to do it, and it’s safe.
I mean I feel crazy that a contact form plugin author doesn’t care about any lack of security in its source code…
Don’t feel crazy. Try to understand that it’s normal for the developer of a free plugin to not replying to you after 6pm on a Friday. And also that you might not be right, that it is not about security, that something else might be going on.
Feel free to try another plugin.