The PowerPack Lite for Beaver Builder WordPress plugin before 1.2.9.3 does not sanitise and escape the tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site ScriptingCreditsKrzysztof ZającReferenceshttps://wpscan.com/vulnerability/564a66d5-7fab-4de0-868a-e19466a507afhttps://plugins.trac.wordpress.org/changeset/2655379
