Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
1. Go to "WP Google Reviews> Templates" and click on "Add New Reviews Template"
2. Save the settings and intercept the request.
3. Change the `wprevpro_template_misc_bgcolor1` parameter to `#asd"onmouseover=alert(112312)//`
4. Reload the template and select the BG color and mouseover to see the XSS