Share
## https://sploitus.com/exploit?id=WPEX-ID:10283
Affected fields are in the settings of the plugin and will be triggered when the common soon page is displayed (either the preview or normal one):

Logo: x' onerror='alert(/XSS/)
Headlines: <script>alert(/XSS/</script> (for v < 5.1.1), <img src=x onerror=alert(/XSS/)/> (for v < 5.1.2)