BigBlueButton <= 3.0.0-beta.4 is vulnerable to Reflected Cross Site Scripting (XSS) vulnerability

The BigBlueButton plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the username and temp_entry_pass parameters in versions up to, and including, 3.0.0-beta.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.