Description I noticed, your website is very secure.
But you overlooked a flaw XSS
Proof of Concept
1 .Login vs admin demo account and access admin page.
2 .Create a category, Question with payload:
haido<script>alert(document.domain)</script>
3 .Select FAQ status published and Sticky
4 .Back to the homepage, detect Store XSS.
Video Poc
https://drive.google.com/file/d/1NBwnD1GXASK-B67997tP69hvHMA0-eUw/view?usp=sharing