Report of Security Vulnerability in Qubely Plugin

Dear Support Team,

I have identified a security vulnerability within the WP All Import plugin.?
I am providing the details below.

"CWE 80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"

Flaw Category: Cross-Site Scripting

Description: This call contains a cross-site scripting (XSS) flaw. The application
populates the HTTP response with untrusted input, allowing an attacker
 to embed malicious content, such as Javascript code, which will be
 executed in the context of the victim's browser. XSS vulnerabilities are
 commonly exploited to steal or manipulate cookies, modify presentation
 of content, and compromise confidential information, with new attack
 vectors being discovered on a regular basis.

Remediation: Use contextual escaping on all untrusted data before using it to
 construct any portion of an HTTP response. The escaping method
 should be chosen based on the specific use case of the untrusted data,
otherwise it may not protect fully against the attack. For example, if the
 data is being written to the body of an HTML page, use HTML entity
 escaping; if the data is being written to an attribute, use attribute
 escaping; etc. When a web framework provides built-in support for
 automatic XSS escaping, do not disable it. Both the OWASP Java
 Encoder library for Java and the Microsoft AntiXSS library provide
 contextual escaping methods. For more details on contextual escaping,
see https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_
Prevention_Cheat_Sheet.html. In addition, as a best practice, always
validate untrusted input to ensure that it conforms to the expected
format, using centralized data validation routines when possible.


Following are the errors associated with the issue.

QUBELY.add_ block_inline_css

Please provide further details or clarifications regarding the errors.

Thank you.