The e-search WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting (XSS) security vulnerability.
http://www.example.com/wp-content/plugins/e-search/tmpl/date_select.php?date-from=“><” http://www.example.com/wp-content/plugins/e-search/tmpl/title_az.php?title_az=“><”