Authenticated Arbitrary Redirect / Reflected XSS vulnerability discovered by JrXnm in WordPress All In One WP Security plugin (versions <= 4.4.10).
Update the WordPress All In One WP Security plugin to the latest available version (at least 4.4.11).