WordPress WP Smiley Plugin <= 1.4.1 - XSS

This vulnerability allows an authenticated user to inject arbitrary web script or HTML via the “s4w-more” parameter to wp-admin/options-general.php.

Solution

           Update the plugin.