Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to an HTML Injection on the plugin in the search area of the website.
Insert '"><a href="www.google.com">Clickme!</a> on the keyword search field or directly on the link https://example.com/index.php/performers/?ep_search=1&keyword='"><a href="https://www.google.com">Clickme!</a> and the Reflected HTML Injection would appear.