CVE-2026-8708

CVE-2026-8708 affects the Genzel breadcrumbs WordPress plugin (versions up to 1.2). The issue is a Cross-Site Request Forgery due to missing or incorrect nonce validation in the _options_page function, allowing unauthenticated attackers to modify plugin settings (templates, delimiter, home label/...

CVE-2025-50020 WordPress RDFa Breadcrumb plugin <= 2.3 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nitin Yawalkar RDFa Breadcrumb rdfa-breadcrumb allows Stored XSS.This issue affects RDFa Breadcrumb: from n/a through = 2.3...

WordPress plugin RDFa Breadcrumb 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A cross-site...

CVE-2023-35092

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Abhay Yadav Breadcrumb simple plugin = 1.3 versions...

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Abhay Yadav Breadcrumb simple plugin = 1.3 versions...

CVE-2023-35092

CVE-2023-35092 covers a stored XSS vulnerability in the WordPress breadcrumb-simple plugin up to version 1.3. The issue affects authenticated administrators (admin+) and can be triggered by malicious input stored by the plugin. Root cause is a stored XSS condition in the breadcrumb-simple plugin ...

PT-2023-25141 · Unknown · Abhay Yadav Breadcrumb Simple Plugin

Name of the Vulnerable Software and Affected Versions: Abhay Yadav Breadcrumb simple plugin versions 1.3 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that affects authenticated administrators. This vulnerability allows an attacker to inject...

CVE-2022-4836

The Breadcrumb WordPress plugin before 1.5.33 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...

CVE-2022-4836 Breadcrumb < 1.5.33 - Contributor+ Stored XSS via Shortcode

The Breadcrumb WordPress plugin before 1.5.33 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...

WordPress Breadcrumb Plugin < 1.5.33 is vulnerable to Cross Site Scripting (XSS)

Software Breadcrumb Type Plugin Vulnerable versions 1.5.33 Fixed in 1.5.33 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4836 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 68e0f577b655 Credits Lana Codes Required...

Cross site scripting

The Very Simple Breadcrumb WordPress plugin through 1.0 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

Very Simple Breadcrumb <= 1.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payload in the "Breadcrumb css class name" settings of the plugin: "alert/XSS/...

CVE-2020-12054

The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflected XSS via the s parameter a search query. Also affected are 16 themes if the plugin is enabled by the same author: Alchemist and Alchemist PRO, Izabel and Izabel PRO, Chique and Chique PRO, Clean Enterprise and Clean Enterprise...

Cross site scripting

The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflected XSS via the s parameter a search query. Also affected are 16 themes if the plugin is enabled by the same author: Alchemist and Alchemist PRO, Izabel and Izabel PRO, Chique and Chique PRO, Clean Enterprise and Clean Enterprise...

CVE-2020-12054

CVE-2020-12054 affects the WordPress Catch Breadcrumb plugin prior to 1.5.4 and is a reflected XSS via the s parameter (search query). The vulnerability also extends to 16 themes from the same author when the plugin is enabled (Alchemist, Izabel, Chique, Clean Enterprise, Bold Photography, Intuit...

CVE-2020-12054

The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflected XSS via the s parameter a search query. Also affected are 16 themes if the plugin is enabled by the same author: Alchemist and Alchemist PRO, Izabel and Izabel PRO, Chique and Chique PRO, Clean Enterprise and Clean Enterprise...