Persistent XSS in wordpress plugin rockhoist-badges v1.2.2

["Larry W. Cashdollar" <larry0 () me com>]

Title: Persistent XSS in wordpress plugin rockhoist-badges v1.2.2
Author: Larry W. Cashdollar, @_larry0
Date: 2017-02-20
Download Site: https://wordpress.org/plugins/rockhoist-badges/
Vendor: https://profiles.wordpress.org/esserq/
Vendor Notified: 2017-02-20
Vendor Contact:
Description: A Stack Overflow inspired plugin for WordPress which allows users to acquire badges for contributing 
website content. Badges are created and managed through the WordPress Dashboard.
Vulnerability:
There is a persistent cross site scripting vulnerability in the plugin Rockhoist Badges.  A user with the 
ability to edit_posts can inject malicious javascript.  Into the badge description or title field.

Line 603 doesn't sanitize user input before sending it to the browser in file ./rockhoist-badges/rh-badges.php:

-> 603: <span class="delete"><a href="?page=badges&action=deletecondition&badge_ID=<?php echo $_GET['badge_ID']; 
?>&badge_condition_ID=<?php echo $badge_condition->badge_condition_id; ?>" class="delete-tag">Delete</a></span>

CVE-ID: CVE-2017-6102
Exploit Code:
        • "><script>alert(1);</script> in the title or description field will inject js.
Screen Shots: [http://www.vapidlabs.com/m/badges.jpg]
Advisory: http://www.vapidlabs.com/advisory.php?v=176