Themes Vulnerabilities
Enfold Theme < 4.8.4 - Reflected Cross-Site Scripting (XSS)
Description
The Enfold theme was vulnerable to Reflected Cross-Site Scripting (XSS). The vulnerability is present on Enfold versions previous than 4.8.4 which use Avia Page Builder.
Proof of Concept
The issue appears when pagination comes in place while navigating on a WordPress site with Enfold theme active. When that occurs, the parameter “avia-element-paging” appears.
https://[website]/paginated-entry/........&avia-element-paging=2
It is possible for an attacker to add some input text in the URL that is reflected on the response. Therefore, there is a XSS vulnerability that can be exploited crafting a customized URL which includes a link to a paginated entry:
https://[website]/paginated-entry/?ProofOfConcept
"ProofOfConcept" text will be reflected on the server's response. It will be included on generated page buttons.
The attacker can exploit this issue by sending the following payload:
?%2527%253E%253Cscript%253Eeval%2528atob%2528%2522Y29uc29sZS5sb2coZG9jdW1lbnQuY29va2llKQ%253D%253D%2522%2529%2529%253C%252Fscript%253E
which can be decoded as:
'><script>eval(atob("Y29uc29sZS5sb2coZG9jdW1lbnQuY29va2llKQ=="))</script>
and the Base64 payload decoded as:
console.log(document.cookie);
Affects Themes
Fixed in 4.8.4 References
CVE
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
David Álvarez Robles, Francisco Díaz-Pache Alonso & Sergio Corral Cristo
Submitter
David Álvarez Robles
Submitter website
Submitter twitter
Verified
No
WPVDB ID
Timeline
Publicly Published
2021-09-06 (about 2 years ago)
Added
2021-09-09 (about 2 years ago)
Last Updated
2022-04-12 (about 2 years ago)
WPScan 