The plugin does not sanitize and escape some URL parameters, leading to Reflected Cross-Site Scripting.
Ensure WooCommerce is installed. Visit the following path, while logged in as an Admin: /wp-admin/admin.php?page=ppom&productmeta;_id=5&do;_meta=edit&">=1