I was informed by one of our visitors of a XSS vulnerability in our site. Yikes! The offending plugin was Results Count, which we used in our search template to show a Google like count of the search results (and category and archive). I haven’t informed the author yet (will do so after posting this message), but considering the age of this plugin I think a formal warning is also needed here.
]]>