Description
This script is vulnerable to Cross Site Scripting (XSS) attacks.
Cross site scripting (also referred to as XSS) is a vulnerability that allows an attacker to send malicious code (usually in the form of Javascript) to another user.
The server opens arbitrary URLs and puts the content retrieved from the URL into the response without filtering.
Remediation
Your server side code should verify if the URL from the user input is allowed to be retrieved and displayed or filter the response from the URL according to the context in which it is displayed.
References
Acunetix Cross Site Scripting Attack
VIDEO: How Cross-Site Scripting (XSS) Works
Related Vulnerabilities
WordPress Plugin Wordpress Countdown Widget Cross-Site Scripting (3.1.9.2)
WordPress Plugin Advanced WP Columns Cross-Site Scripting (2.0.6)
WordPress Plugin Wordfence Security-Firewall & Malware Scan Multiple Vulnerabilities (5.2.3)
WordPress Plugin Google +1 by BestWebSoft Cross-Site Scripting (1.1.6)