Add the following payload in the Title or Description of a Video added in a List/Gallery: "onmouseover=alert(/XSS/)//
Then view the page/post with the embed gallery and move the mouse over the related video to trigger the XSS
If the theme used is TwentyTwentyOne, the following payload can be used to trigger the XSS with minimal user interaction: a" style="animation-name:twentytwentyone-close-button-transition" onanimationend="alert(/XSS/)//
3. Go to Video Galleries > First Video Gallery
I have used the existing gallery where I see YouTube with a girl that is embedded in the video.
4. In the description field I remove everything and the only thing that is in the description field is what I’ve added: "onmouseover=alert()//
5. Create a new page and name it testpage
6. Add the shortcode that comes with the gallery, in this example it’s:
Save and publish the page.
7. Logout of wordpress.
8. Go to the published page.
9. Hover over the youtube video with your mouse.
10. and you can see that the stored XSS is popping up if you hover over the video.