CVE-2020-12054
Summary
| CVE | CVE-2020-12054 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-04-23 15:15:00 UTC |
| Updated | 2020-04-30 20:07:00 UTC |
| Description | The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflected XSS via the s parameter (a search query). Also affected are 16 themes (if the plugin is enabled) by the same author: Alchemist and Alchemist PRO, Izabel and Izabel PRO, Chique and Chique PRO, Clean Enterprise and Clean Enterprise PRO, Bold Photography PRO, Intuitive PRO, Devotepress PRO, Clean Blocks PRO, Foodoholic PRO, Catch Mag PRO, Catch Wedding PRO, and Higher Education PRO. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Catchplugins | Catch Breadcrumb | All | All | All | All |
| Application | Catchplugins | Catch Breadcrumb | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Catch Breadcrumb < 1.5.7 - Unauthenticated Reflected XSS Security Vulnerability | MISC | wpvulndb.com | Third Party Advisory |
| Catch Breadcrumb v1.5.4 WordPress plugin - Unauthenticated Reflected XSS - CXSecurity.com | MISC | cxsecurity.com | Exploit, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.