Vulnerability Discovered in WP Forms Lite <= 1.6.0.1
https://fortiguard.comWPForms is a popular WordPress plugin with over 3+ million installations. WPForms allows you to create beautiful contact forms, feedback forms, subscription forms, payment forms, and other types of forms for your site in minutes.
A stored cross-site scripting vulnerability exists in WP Forms plugin (version 1.6.0.1 & below). The vulnerability is caused by improper input sanitization of user input in the choice label parameter inside the form builder that interacts with live preview.
The issue has been fixed in Version 1.6.0.2 which is available now from the WordPress Plugin Repo.