During a security research I found an authenticated Stored XSS vulnerability.

The name of the plugin is: Social Media Follow Buttons Bar plugin <= 4.73


The plugin does not sanitise and escape some of its settings, which could 
allow high privilege users such as admin to perform Stored Cross-Site Scripting 
attacks even when the unfiltered_html capability is 
disallowed (for example in multisite setup)


Authenticated Stored Cross-Site Scripting (XSS) 
vulnerability discovered by Asif Nawaz Minhas 
(Patchstack Alliance) in WordPress Social Media Follow 
Buttons Bar plugin (versions <= 4.73).

Additional information

PATCHSTACK link: https://patchstack.com/database/vulnerability/social-media-buttons-toolbar/wordpress-social-media-follow-buttons-bar-plugin-4-73-authenticated-stored-cross-site-scripting-xss-vulnerability

Plugin has more than 20,000+ active installations.