Link Juice Keeper <= 2.0.2 is vulnerable to Cross Site Scripting (XSS) vulnerability

The Link Juice Keeper plugin for WordPress is vulnerable to stored cross-site scripting in versions up to, and including, 2.0.2 via the 'redirect_link' and 'notify_to' options due to insufficient input sanitization and output escaping. This allows authenticated attackers with administrator-level capabilities to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note that this primarily impacts multi-site installations and installations where unfiltered_html has been disabled.