WordPress Yahoo! Updates Plugin <= 1.0 - Multiple XSS

Because of these multiple vulnerabilities in yupdatesapplication.php, the attackers can inject arbitrary web script or HTML via the 3 parameters: "secret", appid" or "key". Solution Update the plugin...