Vulnerability CVE-2020-12054


Published: 2020-04-23

Description:
The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflected XSS via the s parameter (a search query). Also affected are 16 themes (if the plugin is enabled) by the same author: Alchemist and Alchemist PRO, Izabel and Izabel PRO, Chique and Chique PRO, Clean Enterprise and Clean Enterprise PRO, Bold Photography PRO, Intuitive PRO, Devotepress PRO, Clean Blocks PRO, Foodoholic PRO, Catch Mag PRO, Catch Wedding PRO, and Higher Education PRO.

See advisories in our WLB2 database:
Topic
Author
Date
Low
Catch Breadcrumb v1.5.4 WordPress plugin - Unauthenticated Reflected XSS
Ex.Mi
22.04.2020

Type:

CWE-79

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Catchplugins -> Catch breadcrumb 

 References:
https://cxsecurity.com/issue/WLB-2020040144
https://wpvulndb.com/vulnerabilities/10184

Copyright 2024, cxsecurity.com

 

Back to Top