CVE-2025-13842

The Breadcrumb NavXT plugin for WordPress is vulnerable to authorization bypass through user-controlled key in versions up to and including 7.5.0. This is due to the Gutenberg block renderer trusting the $REQUEST'postid' parameter without verification in the...

CVE-2025-13842

CVE-2025-13842 applies to the Breadcrumb NavXT WordPress plugin, affected up to version 7.5.0. The underlying issue is an authorization bypass: the Gutenberg block renderer trusts the $_REQUEST['post_id'] in includes/blocks/build/breadcrumb-trail/render.php, enabling unauthenticated users to enum...

CVE-2025-13842 Breadcrumb NavXT <= 7.5.0 - Missing Authorization to Sensitive Information Exposure

The Breadcrumb NavXT plugin for WordPress is vulnerable to authorization bypass through user-controlled key in versions up to and including 7.5.0. This is due to the Gutenberg block renderer trusting the $REQUEST'postid' parameter without verification in the...

WordPress plugin Breadcrumb NavXT 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress Breadcrumb NavXT plugin <= 7.5.0 - Missing Authorization to Sensitive Information Exposure vulnerability

Missing Authorization to Sensitive Information Exposure vulnerability discovered by NosleeP++ in WordPress Plugin Breadcrumb NavXT versions = 7.5.0...

WordPress Breadcrumb NavXT Plugin Information Disclosure

A vulnerability exists in WordPress Breadcrumb NavXT plugin. Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitive information...

WordPress Breadcrumb NavXT plugin <= 6.1.0 - Username Disclosure via REST API

Username Disclosure via REST API issue found by Janek Vind in WordPress Breadcrumb NavXT plugin versions = 6.1.0. Solution Update the WordPress Breadcrumb NavXT plugin to the latest available version at least 6.2.0...

Breadcrumb NavXT <= 6.1.0 - Username Disclosure via REST API

The Breadcrumb NavXT WordPress plugin was affected by an Username Disclosure via REST API security vulnerability. http://www.example.com/wp-json/bcn/v1/author/1...

Wordpress Plugin Breadcrumb NavXT Username Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. Wordpress plugin Breadcrumb NavXT suffers from a username information disclosure vulnerability, which can be exploited by attackers to launch password brute-force...

WordPress Breadcrumb NavXT 6.1.0 Username Disclosure

Exploit for php platform in category web applications Username Disclosure in Breadcrumb NavXT Wordpress plugin ============================================================ Author: Janek Vind "waraxe" Date: 26. September 2018 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-108.html...