The Pricing Table by Supsystic WordPress plugin before 1.9.5 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site ScriptingCredits0xB9Referenceshttps://wpscan.com/vulnerability/39e69487-aa53-4b78-a422-12515a6449bf
