XSS Vulnerability found in WPForms Plugin < 1.5.9
https://www.getastra.comThe Contact Form by WPForms WordPress plugin has 3+ million active installations and can be used to create beautiful contact forms, feedback form, and other types of forms by drag & drop thus making it quite easy to use. In versions < 1.5.9, there is a XSS vulnerability that allows attackers to perform various malicious actions such as stealing the victim’s session cookies or login credentials, performing arbitrary actions on the victim’s behalf, logging their keystrokes and more.
The issue has been fixed in Version 1.5.9 which is available now from the WordPress Plugin Repo.