The Yellow Yard Searchbar WordPress plugin before 2.8.2 does not escape some URL parameters before outputting them back to the user, leading to Reflected Cross-Site ScriptingCreditsVictor PasmanWPScanReferenceshttps://wpscan.com/vulnerability/c9a106e1-29ae-47ad-907b-01086af3d3fb
