The original submission stated that the HT Slider Range for Amazon affiliates plugin for WordPress had a reflected XSS vulnerability. After investigation (WPScanTeam), the cause was found to be test files from the php-mod/curl library, which was missing appropriate response headers before outputting user input. We contacted the vendor of the library, which issued a fix (v2.3.2) within a few hours. In the meantime, the entire WordPress plugins repository was scanned for the affected files and 4 additional plugins were identified to be affected as well
https://<lib-location>/tests/server/php-curl-test/post_file_path_upload.php?key=%3cimg%20src%20onerror%3dalert(%27XSS%27)%3e
curl -X POST -i --data '<script>alert(/XSS/)</script>' https://<lib-location>/tests/server/php-curl-test/post_multidimensional.php