CVE-2020-12054 Information
Feb 14, 2021
cve
Description
The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflected XSS via the s parameter (a search query). Also affected are 16 themes (if the plugin is enabled) by the same author: Alchemist and Alchemist PRO Izabel and Izabel PRO Chique and Chique PRO Clean Enterprise and Clean Enterprise PRO Bold Photography PRO Intuitive PRO Devotepress PRO Clean Blocks PRO Foodoholic PRO Catch Mag PRO Catch Wedding PRO and Higher Education PRO.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Reference
https://cxsecurity.com/issue/WLB-2020040144 https://wpvulndb.com/vulnerabilities/10184
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
CHANGED
Integrity Impact
LOW
Availability Impact
LOW
Base Score
NONE
Base Severity
6.1
Share on: