## https://sploitus.com/exploit?id=WPEX-ID:B257DAF2-9540-4A0F-A560-54B47D2B913F
As admin, create/edit an Enhanced Text widget and put the following payload in the Title, URL or "CSS Classes" fields: " onmouseover="alert(/XSS/)"
The XSS will be triggered when a user move their mouse over
- the title of the widget on page where the widget is output
- the related field when editing the widget
Other payload, for the URL field to trigger in the frontend: ' onmouseover=alert(/XSS-URL/)// and javascript:alert(/XSS/)