156 matches found
WordPress Catch Breadcrumb <1.5.4 - Cross-Site Scripting
WordPress Catch Breadcrumb plugin before 1.5.4 contains a reflected cross-site scripting vulnerability via the s parameter a search query. Also affected are 16 themes if the plugin is enabled: Alchemist and Alchemist PRO, Izabel and Izabel PRO, Chique and Chique PRO, Clean Enterprise and Clean...
CVE-2026-8708
The Genzel breadcrumbs plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the optionspage function. This makes it possible for unauthenticated attackers to update the plugin's breadcru...
CVE-2026-8708
CVE-2026-8708 affects the Genzel breadcrumbs WordPress plugin (versions up to 1.2). The issue is a Cross-Site Request Forgery due to missing or incorrect nonce validation in the _options_page function, allowing unauthenticated attackers to modify plugin settings (templates, delimiter, home label/...
EUVD-2026-32090
The Genzel breadcrumbs plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the optionspage function. This makes it possible for unauthenticated attackers to update the plugin's breadcru...
CVE-2026-8708 Genzel breadcrumbs <= 1.2 - Cross-Site Request Forgery to Settings Update via Plugin Settings Page
The Genzel breadcrumbs plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the optionspage function. This makes it possible for unauthenticated attackers to update the plugin's breadcru...
PT-2026-43505
The Genzel breadcrumbs plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the options page function. This makes it possible for unauthenticated attackers to update the plugin's...
MAL-2026-991 Malicious code in vl-ui-breadcrumb (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81c270ce4308a58eda8d509b95c7598472480a53a99953d598e400e85440f563 The package vl-ui-breadcrumb was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in vl-ui-breadcrumb (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81c270ce4308a58eda8d509b95c7598472480a53a99953d598e400e85440f563 The package vl-ui-breadcrumb was found to contain malicious code. Source: ossf-package-analysis...
CVE-2025-13842
The Breadcrumb NavXT plugin for WordPress is vulnerable to authorization bypass through user-controlled key in versions up to and including 7.5.0. This is due to the Gutenberg block renderer trusting the $REQUEST'postid' parameter without verification in the...
CVE-2025-13842
The Breadcrumb NavXT plugin for WordPress is vulnerable to authorization bypass through user-controlled key in versions up to and including 7.5.0. This is due to the Gutenberg block renderer trusting the $REQUEST'postid' parameter without verification in the...
CVE-2025-13842
CVE-2025-13842 applies to the Breadcrumb NavXT WordPress plugin, affected up to version 7.5.0. The underlying issue is an authorization bypass: the Gutenberg block renderer trusts the $_REQUEST['post_id'] in includes/blocks/build/breadcrumb-trail/render.php, enabling unauthenticated users to enum...
CVE-2025-13842 Breadcrumb NavXT <= 7.5.0 - Missing Authorization to Sensitive Information Exposure
The Breadcrumb NavXT plugin for WordPress is vulnerable to authorization bypass through user-controlled key in versions up to and including 7.5.0. This is due to the Gutenberg block renderer trusting the $REQUEST'postid' parameter without verification in the...
CVE-2025-13842 Breadcrumb NavXT <= 7.5.0 - Missing Authorization to Sensitive Information Exposure
The Breadcrumb NavXT plugin for WordPress is vulnerable to authorization bypass through user-controlled key in versions up to and including 7.5.0. This is due to the Gutenberg block renderer trusting the $REQUEST'postid' parameter without verification in the...
PT-2026-20607
The Breadcrumb NavXT plugin for WordPress is vulnerable to authorization bypass through user-controlled key in versions up to and including 7.5.0. This is due to the Gutenberg block renderer trusting the $ REQUEST'post id' parameter without verification in the...
WordPress plugin Breadcrumb NavXT 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress Breadcrumb NavXT plugin <= 7.5.0 - Missing Authorization to Sensitive Information Exposure vulnerability
Missing Authorization to Sensitive Information Exposure vulnerability discovered by NosleeP++ in WordPress Plugin Breadcrumb NavXT versions = 7.5.0...
MAL-2026-804 Malicious code in breadcrumb-service (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 46f4e9359f962e7c7082988e5a0af26520798dd321ecda643cb8d14268ec9c5b The package breadcrumb-service was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in breadcrumb-service (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 46f4e9359f962e7c7082988e5a0af26520798dd321ecda643cb8d14268ec9c5b The package breadcrumb-service was found to contain malicious code. Source: ossf-package-analysis...
CVE-2025-68722
Axigen Mail Server before 10.5.57 and 10.6.x before 10.6.26 contains a Cross-Site Request Forgery CSRF vulnerability in the WebAdmin interface through improper handling of the s breadcrumb parameter. The application accepts state-changing requests via the GET method and automatically processes...
CVE-2025-68722
Axigen Mail Server before 10.5.57 and 10.6.x before 10.6.26 contains a Cross-Site Request Forgery CSRF vulnerability in the WebAdmin interface through improper handling of the s breadcrumb parameter. The application accepts state-changing requests via the GET method and automatically processes...