Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
1. Go to "Ultimate Social Media Icons"
2. Under "Which icons do you want to show on your site?", select X
3. Under "What do you want the icons to do?", in the field "Follow me on X" add the payload: `(https://asd\\\\\\\"onmouseover=alert(112312)//)`
4. Save the settings
5. Then add the "Ultimate Social Media Icons" widget to your site's widget area
6. View the frontend of the site and move your mouse over the X menu and submenu to see the XSS