Description
An attacker can control one or more parameter values of a sensitive HTML tag (e.g. link href). In some conditions this can cause security issues such as XSS (cross-site scripting).
Remediation
Your script should properly sanitize user input. Do not allow user-input to fully control important parameter tag values.
References
OWASP - Cross Site Scripting (XSS)
CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Related Vulnerabilities
WordPress Plugin WpGenius Job Listing Cross-Site Scripting (1.0.2)
WordPress Plugin WP Statistics Cross-Site Scripting (12.0.5)
WordPress Plugin Themify Portfolio Post Cross-Site Scripting (1.1.5)
WordPress Plugin Broken Link Checker Cross-Site Scripting (1.11.8)
WordPress Plugin Log HTTP Requests Cross-Site Scripting (1.3.1)