Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
1) After the installing the plugin, create a new table at /wp-admin/admin.php?page=pyt-tables&tab=tables-new, and insert the following malicious XSS payload in its "Title" field: `"><img src=x onerror=confirm(1)>`
2) Save the payload, and notice the injection alert() box popping up when viewing the full list of tables in `/wp-admin/admin.php?page=pyt-tables&tab=tables`