The plugin does not authorisation and does not sanitize as well as escape some parameters, which could allow users with a role as low as subscriber to perform Stored Cross-Site Scripting (XSS) attacks.
Traffic Manager by SedLex <= 1.4.5 - Subscriber+ Stored XSS
LANACOMMONVDB ID: 1664739f-6222-4d8f-8348-981e94196c7e