The plugin does not sanitise and escape the wcj_delete_role parameter before outputting back in the admin dashboard when the General module is enabled, leading to a Reflected Cross-Site Scripting issue
The “General” module needs to be enabled in “Woocommerce -> Booster Settings -> Booster”. https://example.com/wp-admin/admin.php?page=wcj-tools&tab;=custom_roles&wcj;_delete_role=