AHAthat WordPress Plugin Reflected Cross-Site Scripting Vulnerability

A reflected cross-site scripting vulnerability has been identified in the AHAthat WordPress plugin, affecting versions through 1.6. The issue arises because the plugin does not properly escape the 'REQUEST_URI' parameter from the server before outputting it in an attribute. This flaw could be exploited in older web browsers.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.