The id GET parameter used by WP Floating menu does not correctly sanitise user input before reflecting the parameter back to the user, resulting in a reflected XSS vulnerability. Other sanitisation have been added to prevent other XSS issues as well as potential SQL injections.
/wp-admin/admin.php?page=wpfm-admin&action;=wpfm-edit-menu&id;=1">