The Social Slider Widget WordPress plugin before 1.8.5 allowed Authenticated Reflected XSS in the plugin settings page as the ??�??�?token_error??�??�?? parameter can be controlled by users and it is directly echoed without being sanitized