Medium severity6.1NVD Advisory· Published Apr 23, 2020· Updated Jun 17, 2026
CVE-2020-12054
CVE-2020-12054
Description
The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflected XSS via the s parameter (a search query). Also affected are 16 themes (if the plugin is enabled) by the same author: Alchemist and Alchemist PRO, Izabel and Izabel PRO, Chique and Chique PRO, Clean Enterprise and Clean Enterprise PRO, Bold Photography PRO, Intuitive PRO, Devotepress PRO, Clean Blocks PRO, Foodoholic PRO, Catch Mag PRO, Catch Wedding PRO, and Higher Education PRO.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Catch Breadcrumb plugindescription
- Range: <1.5.4
Patches
Vulnerability mechanics
References
2- cxsecurity.com/issue/WLB-2020040144nvdExploitThird Party Advisory
- wpvulndb.com/vulnerabilities/10184nvdThird Party Advisory
News mentions
0No linked articles in our index yet.