Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against administrators.
http://vulnerable-site.tld/wp-admin/admin.php?page=ari-cf7connector-log&format;=html&log;=