During a security research I found an authenticated Stored XSS vulnerability.

The name of the plugin is: Meks Easy Social Share < 1.2.8


The plugin does not sanitise and escape some of its settings, which could 
allow high privilege users such as admin to perform Stored Cross-Site Scripting 
attacks even when the unfiltered_html capability is 
disallowed (for example in multisite setup)


The PoC will be displayed on October 10, 2022, 
to give users the time to update. 

Additional information

WPSCAN link: https://wpscan.com/vulnerability/9dec8ac7-befd-4c9d-9a9e-7da9e395dbf2

Plugin has more than 20,000+ active installations.