## https://sploitus.com/exploit?id=WPEX-ID:C5CBE3B4-2829-4FD2-8194-4B3A2AE0E257
Tick the "Enable Highlight" setting of the plugin, and put the following payload in the CustomCSS setting as well: </style><script>alert(/XSS-aaa/)</script>
Then visit the homepage to trigger the XSS
https://github.com/xiahao90/CVEproject/blob/main/wordpress_Highlight_XSS.md