Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
1. Click Simple Table Manager then “Export CSV” after selecting and saving a table in “Settings” tab. 2. Put the following in CSV file name then click Save: "> 3. An alert will load, and it will trigger each time an admin navigates to those settings.