This script is possibly vulnerable to Cross Site Scripting (XSS) attacks.
Your server side code should verify if the URL from the user input is allowed to be retrieved and displayed or filter the response from the URL according to the context in which it is displayed.
Acunetix Cross Site Scripting Attack
VIDEO: How Cross-Site Scripting (XSS) Works
XSS Filter Evasion Cheat Sheet
WordPress Plugin Additional Variation Images for WooCommerce Cross-Site Scripting (1.1.28)
WordPress Plugin YOP Poll Multiple Cross-Site Scripting Vulnerabilities (6.3.0)
WordPress Plugin Popups, Welcome Bar, Optins and Lead Generation-Icegram Cross-Site Scripting (22.214.171.124)
WordPress Plugin UserPro-Community and User Profile Cross-Site Scripting (4.9.33)