Filtered by vendor Mtekk
Subscriptions
Filtered by product Breadcrumb Navxt
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-13842 | 2 Mtekk, Wordpress | 2 Breadcrumb Navxt, Wordpress | 2026-02-19 | 5.3 Medium |
| The Breadcrumb NavXT plugin for WordPress is vulnerable to authorization bypass through user-controlled key in versions up to and including 7.5.0. This is due to the Gutenberg block renderer trusting the $_REQUEST['post_id'] parameter without verification in the includes/blocks/build/breadcrumb-trail/render.php file. This makes it possible for unauthenticated attackers to enumerate and view breadcrumb trails for draft or private posts by manipulating the post_id parameter, revealing post titles and hierarchy that should remain hidden. | ||||
Page 1 of 1.