Description The plugin does not properly sanitize input and escape output, resulting in a vulnerability to Reflected Cross-Site Scripting via prototype pollution. This could lead to the injection of arbitrary web scripts in pages that execute when a user is tricked into performing an action like clicking a link.