## https://sploitus.com/exploit?id=WPEX-ID:8EDBDEA1-F9BB-407A-BCD1-FFF3E146984C 1. Create a new book item (with whatever role, even if it's an Administrator). 2. Connect to a user with a role as low as Contributor+ and create a new post. 3. Insert the following shortcode in a post: [ipages id='1' class='XSS" onmouseover="alert(1)'] 4. Hover over the book inserted by going to the post, the alert triggers successfully.