Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to an HTML Injection on the plugin in the search area of the website.
Insert ‘">Clickme! on the keyword search field or directly on the link https://example.com/index.php/performers/?ep_search=1&keyword;=’">Clickme! and the Reflected HTML Injection would appear.