The A Forms WordPress plugin was affected by an a-forms.php aform_css_file_selector() Function css_file_selection Parameter XSS security vulnerability.