The tab parameter of the settings page of the plugin is vulnerable to a reflected Cross-Site Scripting (XSS) issue as user input is not properly sanitised or escaped before being output in an attribute.
The PoC will be displayed once the issue has been remediated
YouTube Video
2021-04-16 (about 2 years ago)
2021-04-27 (about 2 years ago)
2021-05-18 (about 2 years ago)