The tab GET parameter of the settings page is not sanitised or escaped when being output back in an HTML attribute, leading to a reflected XSS issue.CreditsiohexReferenceshttps://wpscan.com/vulnerability/6ccd9990-e15f-4800-b499-f7c74b480051
