Description The plugin does not sanitize and escape some fields in the plugin settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowed (for example in a multisite setup).
Put the following payload in the “Read more text” setting of the plugin and save: 1">