Description The plugin does not sanitise and escape some of its Pet settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting attacks.
1. Go to "Pets > Add Pet"
2. In the "Address" field add the payload `" style=animation-name:rotation onanimationstart=alert(/XSS/)//`
3. Save and reload to see the XSS