Catch Breadcrumb < 1.5.7 - Unauthenticated Reflected XSS

Description

=== [ DESCRIPTION - REFLECTED XSS ] ========================================
# Catch Breadcrumb 1.5.4 plugin for WordPress allow Reflected XSS via a search query when used with one of the theme from the same author: Alchemist & Alchemist PRO, Izabel & Izabel PRO, Chique & Chique PRO, Clean Enterprise & Clean Enterprise PRO, Bold Photography PRO, Intuitive PRO, Devotepress PRO, Clean Blocks PRO, Foodoholic PRO, Catch Mag PRO, Catch Wedding PRO, Higher Education PRO.

=== [ AFFECTED CATCH THEMES ] ==============================================
# 00 - ALCHEMIST & ALCHEMIST PRO [ https://catchthemes.com/demo/alchemist/ ]
# 01 - IZABEL & IZABEL PRO [ https://catchthemes.com/demo/izabel/ ]
# 02 - CHIQUE & CHIQUE PRO [ https://catchthemes.com/demo/chique/ ]
# 03 - CLEAN ENTERPRISE & CLEAN ENTERPRISE PRO [ https://catchthemes.com/demo/clean-enterprise/ ]
# 04 - BOLD PHOTOGRAPHY PRO [ https://catchthemes.com/demo/bold-photography/ ]
# 05 - INTUITIVE PRO [ https://catchthemes.com/demo/intuitive/ ]
# 06 - DEVOTEPRESS PRO [ https://catchthemes.com/demo/devotepress/ ]
# 07 - CLEAN BLOCKS PRO [ https://catchthemes.com/demo/clean-blocks/ ]
# 08 - FOODOHOLIC PRO [ https://catchthemes.com/demo/foodoholic/ ]
# 09 - CATCH MAG PRO [ https://catchthemes.com/demo/catch-mag/ ]
# 10 - CATCH WEDDING PRO [ https://catchthemes.com/themes/catch-wedding-pro/ ]
# 11 - HIGHER EDUCATION PRO [ https://catchthemes.com/themes/higher-education-pro/ ]

Edit (WPScanTeam):
April 22nd, 2020 - Escalated to WP Plugins Team. Plugin Closed
April 23rd to 25th, 2020 - Various versions released, to add validation and sanitisation