## https://sploitus.com/exploit?id=WPEX-ID:6B71EB38-0A4A-49D1-96BC-84BBE675BE1E
Create a gallery with the "Gallery Theme" set to "Gallery Image 2", add an image and put the following payload in the "Image Description" field: <svg/onload=alert(/XSS/)>
Save the image and gallery and view a post/page where the gallery is embed to trigger the XSS
The "Image Title" field is also vulnerable, with a payload such as "><img src onerror=alert(/XSS/)> (fixed in 1.1.5)