Description The plugin does not sanitise and escape some of its Post settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks.
As a contributor, create a new Post, at the bottom of the page put the following payload in the "SEO Title" field and save: ;<img src=x onerror=alert(/XSS/)><
The XSS will be triggered upon saving, as well as when any user will edit the post