The plugin does not properly sanitize inputs to prevent injection of arbitrary HTML within the plugin’s design customization options.
Go to the plugin’s Customize Design page and open the “Wizard menu”. Now scroll down and you will find an “Info Text” field where you can inject an XSS payload like “”. Click “Publish” to store the payload.