## https://sploitus.com/exploit?id=WPEX-ID:3E8BD875-2435-4A15-8EE8-8A00882B499C
In the plugin's settings, active Under Contraction feature, select "Display a custom page using your own HTML" then put the following payload in the "Under Construction Page HTML" field: <svg onload=alert(/XSS/)>
The XSS will be triggered in the homepage (when viewed as non admin)