Share
## https://sploitus.com/exploit?id=WPEX-ID:6BBEA7FE-E966-406B-AD06-0206FCC6F0A0
Add the following payload in the Title or Description of a Video added in a List/Gallery: "onmouseover=alert(/XSS/)//
Then view the page/post with the embed gallery and move the mouse over the related video to trigger the XSS

If the theme used is TwentyTwentyOne, the following payload can be used to trigger the XSS with minimal user interaction: a" style="animation-name:twentytwentyone-close-button-transition" onanimationend="alert(/XSS/)//


Original PoC:
3. Go to Video Galleries > First Video Gallery
I have used the existing gallery where I see YouTube with a girl that is embedded in the video.
4. In the description field I remove everything and the only thing that is in the description field is what I’ve added: "onmouseover=alert()// 
5. Create a new page and name it testpage
6. Add the shortcode that comes with the gallery, in this example it’s: 
[origincode_videogallery id="1"]
Save and publish the page.
7. Logout of wordpress.
8. Go to the published page.
9. Hover over the youtube video with your mouse.
10. and you can see that the stored XSS is popping up if you hover over the video.