Edit - WPScanTeam: The reported issue has been fixed in 0.14.5. Other sanitisation checks have been implemented in newest versions (such as 0.14.6 and 0.14.8) while the plugin was closed, so the fixed in is set to 0.14.8
Video POC : https://drive.google.com/file/d/1TtiTruCEGGg3U7LDC10gacvNfbGku6Gi/view?usp=sharing