Share 
## https://sploitus.com/exploit?id=WPEX-ID:BB5D94AD-E1CE-44E2-8403-D73FE75A146A
Put the following payload in the "Note title" and "Note message" settings of the plugin: "><script>alert(/XSS-Title/)</script> and </textarea><script>alert(/XSS-Msg/)</script>

Then visit the Admin Dashboard homepage or the plugin's settings (/wp-admin/admin.php?page=Splash_Header_Display&tab=homepage)  to trigger the XSS

https://github.com/xiahao90/CVEproject/blob/main/wordpress_Splashheader_XSS.md