## https://sploitus.com/exploit?id=WPEX-ID:BED8C81C-04C7-412D-9563-CE4EB64B7754
Go to the plugin settings (Image Hover Effects > Image Hover Effects) and put the following payload in any input field (such as Category Name, Caption Description, Caption Heading, etc.) and save: "><img src=x onerror=alert(/XSS/)>
The XSS will be triggered when accessing the settings again, as well as in posts/pages where the caption is embedded via shortcode.