CVE-2021-24283
The tab GET parameter of the settings page is not sanitised or escaped when being output back in an HTML attribute, leading to a reflected XSS issue.
Date published : 2021-05-14
https://wpscan.com/vulnerability/6ccd9990-e15f-4800-b499-f7c74b480051