The tab parameter of the settings page of the plugin is vulnerable to a reflected Cross-Site Scripting (XSS) issue as user input is not properly sanitised or escaped before being output in an attribute.
Proof of Concept
The PoC will be displayed once the issue has been remediated
No known fix - plugin closed
2021-04-16 (about 3 months ago)
2021-04-27 (about 2 months ago)
2021-05-18 (about 2 months ago)