WordPress Compfight Plugin <= 1.4 - XSS

This vulnerability is in the compfight-search.php. It allows authenticated users to inject arbitrary web script or HTML via the “search-value” parameter.

Solution

           Update the plugin.