1. Use a proxy such as BurpSuite to add the following header to all requests:

X-Forwarded-For:<img src=x onerror=alert(1)>

2. Create a gallery and add its shortcode to a page.
3. As an unauthenticated user, upload an image to the gallery from the frontend.
4. As an administrator, click on "Contest Gallery" in the sidebar and click "Edit Gallery" on the gallery entry to trigger the XSS.