The WHMCS Bridge WordPress plugin before 6.4b does not sanitise and escape the error parameter before outputting it back in admin dashboard, leading to a Reflected Cross-Site Scripting
https://wpscan.com/vulnerability/4aae2dd9-8d51-4633-91bc-ddb53ca3471c