Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against unauthenticated and admin-level users
Note: This requires WooCommerce to be installed.
1. Go to "Fancy Product Designer > Products"
2. Click "New" and save a new product (use any name, for example 'Reflected')
3. Add a product in WooCommerce.
4. Set a price for the product
5. In the side panel under "Fancy Product Designer", assign a product (ex: 'Reflected' from above).
6. Save the product.
7. Access the product at https://wps-test.ddev.site/?product=__INSERT_PRODUCT_PAGE_&cart_item_key=%22%3E%3Cscript%3Ealert(1)%3C/script%3E
8. See the XSS