The plugin does not sanitize and escape Client IDs, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
### PoC
The PoC will be displayed on November 22, 2022, to give users the time to update.Read More