After examining the XSS issue from this plugin I found that it is sending data to the plugin author Jon Fox.

function sl_send_data( $action, $data_fields ) {
        $data = array( 'action' => $action, 'data' => base64_encode( json_encode( $data_fields ) ) );

        return sl_http_query( 'https://jonefox.com/search-logs/rest.php', $data );
}

VERY VERY NOT COOL!!!

The plugin search log has a XSS vulnerability.

If a search is done using <script>alert(\'0wn3d\')</script> it is active on the admin side search log page.

Not cool.

Most excellent plugin.

I do have a feature request tho, Would it be possible to add the searcher ip number next to the date/time?

Cheers