Per Page Add to Head <= 1.4.4 - Authenticated Stored XSS
The plugin does not properly sanitise one of its setting, allowing malicious HTML to be inserted by high privilege users even when the unfiltered_html capability is disallowed, which could lead to Cross-Site Scripting issues.
Note: The plugin is no longer maintained.
Proof of Concept
Put the following payload in the HTML setting of the plugin, then access any page in the frontend to trigger it: <img src onerror=alert(/XSS/)>