The plugin does not sanitise and escape the wcj_create_products_xml_result parameter before outputting back in the admin dashboard when the Product XML Feeds module is enabled, leading to a Reflected Cross-Site Scripting issue
The "Product XML Feeds" module needs to be enabled in "Woocommerce -> Booster Settings".
https://example.com/wp-admin/admin.php?page=wc-settings&tab=jetpack&wcj-cat=products§ion=products_xml&wcj_create_products_xml_result=1<script>alert(%2FXSS%2F)<%2Fscript>