The plugin does not properly sanitize or escape inputs in the plugin’s settings.
Open "Chained Quiz > Social Sharing" in the WP admin panel.
Under title field enter the payload :
"><script>alert(document.domain)</script>
Click on Save All Setting and the XSS will fire every time the Social Sharing page is loaded.