The WooSidebars plugin for WordPress is vulnerable to a security issue called Reflected Cross-Site Scripting. This vulnerability can be found in versions of the plugin up to and including 1.4.1. It is caused by the plugin not properly checking the input it receives or properly escaping the output, and by using a tool called remove_query_arg. This means that attackers who are not authenticated may be able to inject malicious web scripts into pages that will then execute if someone is tricked into taking an action such as clicking on a link. It is important to note that while the CVE has this listed as an Open Redirect, this patch is actually related to Cross-Site Scripting.