Share
## https://sploitus.com/exploit?id=WPEX-ID:F51D8345-3927-4BE2-8145-E201371C8C43
Customise a template from the plugin (/wp-admin/admin.php?page=cscs_templates) and put the following payload in the Paragraph Text or Descriptive Text field (depending on the template): <script>alert(/XSS/)</script>

XSS will be trigged when previewing, as well as when the "Enable Coming Soon or Site Offline" general option is enabled and the frontend is accessed