The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflected XSS via the s parameter (a search query). Also affected are 16 themes (if the plugin is enabled) by the same author: Alchemist and Alchemist PRO, Izabel and Izabel PRO, Chique and Chique PRO, Clean Enterprise and Clean Enterprise PRO, Bold Photography PRO, Intuitive PRO, Devotepress PRO, Clean Blocks PRO, Foodoholic PRO, Catch Mag PRO, Catch Wedding PRO, and Higher Education PRO.
References
Link | Resource |
---|---|
https://cxsecurity.com/issue/WLB-2020040144 | Exploit Third Party Advisory |
https://wpvulndb.com/vulnerabilities/10184 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-04-23T12:39:32
Updated: 2020-04-23T12:39:32
Reserved: 2020-04-21T00:00:00
Link: CVE-2020-12054
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-04-23T15:15:14.280
Modified: 2020-04-30T20:07:02.557
Link: CVE-2020-12054
JSON object: View
Redhat Information
No data.
CWE