There is a reflected XSS vulnerability in the following php code ./wp2yt-uploader/inc/upload_content.php: 309: <input type="text" id="video-title" name="video-title" placeholder="Enter Search Term" <?php if ( isset($_GET['video-title']) ) { ?> value="<?php echo $_GET['video-title']; ?> " <?php } ?> required> 313: <textarea id="video-details" name="video-details" placeholder="Video Details" <?php if ( isset($_GET['video-details']) ) { ?> value="<?php echo $_GET['video-details']; ?> " <?php } ?>><?php if ( isset($_GET['video-details']) ) { echo $_GET['video-details']; } ?></textarea> The variable video-title appears to send unsanitized data back to the users browser.