During a security research I found an authenticated Stored XSS vulnerability.

The name of the plugin is: Top Bar < 3.0.4

Description

The plugin does not sanitise and escape some of its settings before 
outputting them in frontend pages, which could allow high privilege users 
such as admin to perform Stored Cross-Site Scripting attacks 
even when the unfiltered_html capability is disallowed 
(for example in multisite setup)

POC

The PoC will be displayed on October 03, 2022, 
to give users the time to update. 

Additional information

WPSCAN link: https://wpscan.com/vulnerability/25a0d41f-3b6f-4d18-b4d5-767ac60ee8a8

Plugin has more than 20,000+ active installations.