There is a reflected XSS vulnerability in the following php code ./sola-newsletters/includes/preview.php: 8: <a title="<?php _e('Return To Editor', 'sola'); ?>" class="button-primary" href="admin.php?page=sola-nl-menu&action=custom_template&camp_id=<?php echo $_GET['camp_id'] ?>"><?php _e('Return To Editor' ,'sola'); ?></a> 12: <a title="<?php _e('Return To Editor', 'sola'); ?>" class="button-primary" href="admin.php?page=sola-nl-menu&action=editor&camp_id=<?php echo $_GET['camp_id'] ?>"><?php _e('Return To Editor' ,'sola'); ?></a> 16: <a title="<?php _e('Confirm Campaign', 'sola'); ?>" class="button-primary sola_nl_next_btn" href="admin.php?page=sola-nl-menu&action=confirm_camp&camp_id=<?php echo $_GET['camp_id'] ?>"><?php _e('Confirm Campaign', 'sola'); ?></a> The variable camp_id appears to send unsanitized data back to the users browser.