Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
1. Add a pet and publish the listing
2. View the pet on the frontend of the site and get a valid post id (found on the `<body>` element as a class (i.e. `postid-9`)
3. Make a logged in admin open a link: `https://example.com/wp-admin/post.php?post=__POST_ID__HERE__&action=edit&cmb_force_send=true&cmb_send_label=test%27%29%3B%3C%2Fscript%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E`
4. See the XSS