WordPress Your Text Manager Plugin <= 0.3.0 - XSS

Because of this vulnerability in settings/pwsettings.php, the attackers can inject arbitrary web script or HTML via the "ytmpw" parameter. Solution Update the plugin...