The phpfreechat WordPress plugin was affected by a lib/csstidy-1.2/css_optimiser.php url Parameter XSS security vulnerability.