Description The plugin does not sanitise and escape some of its Pet settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting attacks.
1. Go to “Pets > Add Pet” 2. In the “Address” field add the payload " style=animation-name:rotation onanimationstart=alert(/XSS/)//
3. Save and reload to see the XSS