This script is possibly vulnerable to Cross Frame Scripting (XFS) attacks.
This is an attack technique used to trick a user into thinking that fake web site content is legitimate data.
- Your script should filter metacharacters from user input.
- WordPress Plugin Time Sheets Multiple Cross-Site Scripting Vulnerabilities (1.5.1)
- WordPress Plugin Share Buttons by AddThis Cross-Site Scripting (4.0.7)
- WordPress 3.4.1 Multiple Vulnerabilities (2.0 - 3.4.1)
- WordPress Plugin Nofollow Links Cross-Site Scripting (1.0.10)
- WordPress Plugin Gravity Forms Cross-Site Scripting (1.9.5)