These vulnerabilities allow the attackers to inject arbitrary web script or HTML via the “usces_referer” parameter to: includes/edit-form-advanced.php, includes/edit-form-advanced34.php, classes/usceshop.class.php, includes/member_edit_form.php, includes/order_list.php, includes/order_edit_form.php, includes/usces_item_master_list.php, related to admin.php or includes/edit-form-advanced30.php.
Update the plugin.