The plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient escaping and the use of $_SERVER[‘PHP_SELF’] found in the ~/options-fotobook.php file which allows attackers to inject arbitrary web scripts onto the page
www.wordfence.com/vulnerability-advisories/#CVE-2022-03801