Description
The Breadcrumb NavXT plugin for WordPress is vulnerable to authorization bypass through user-controlled key in versions up to and including 7.5.0. This is due to the Gutenberg block renderer trusting the $_REQUEST['post_id'] parameter without verification in the includes/blocks/build/breadcrumb-trail/render.php file. This makes it possible for unauthenticated attackers to enumerate and view breadcrumb trails for draft or private posts by manipulating the post_id parameter, revealing post titles and hierarchy that should remain hidden.
Published: 2026-02-19
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Sensitive Information Exposure
Action: Apply Patch
AI Analysis

Impact

The Breadcrumb NavXT plugin for WordPress is vulnerable to an authorization bypass that occurs when the plugin’s Gutenberg block renderer trusts the user‑controlled $_REQUEST['post_id'] parameter without verification. This flaw allows an unauthenticated attacker to query the breadcrumb trail endpoint and retrieve the titles and hierarchical positions of draft or private posts. The exposed information is post titles and parent relationships, which are intended to remain confidential to authorized editors or administrators, representing a direct breach of confidentiality.

Affected Systems

The vulnerability affects the Breadcrumb NavXT plugin from the vendor mtekk. Versions up to and including 7.5.0 are impacted. WordPress sites that have installed or are still using any version of Breadcrumb NavXT 7.5.0 or lower are at risk; newer releases are not affected.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity. The EPSS score of less than 1% signals a very low likelihood of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. An attacker need only supply a crafted post_id value in a request to the block renderer; no authentication is required and no privileged environment is needed. Once the mis‑handled parameter is used, the attacker can enumerate private or draft post keys and view their breadcrumb trails, thus obtaining sensitive post metadata.

Generated by OpenCVE AI on April 21, 2026 at 15:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Breadcrumb NavXT to the latest release, which removes the unchecked post_id validation in the Gutenberg block renderer.
  • After updating, verify that the plugin no longer accepts arbitrary post_id values from external requests by testing the breadcrumb block endpoint with a private post ID.
  • If an upgrade cannot be performed immediately, disable the Breadcrumb NavXT Gutenberg block or prevent the post_id parameter from reaching the render logic until the fix is applied.

Generated by OpenCVE AI on April 21, 2026 at 15:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 19 Feb 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 19 Feb 2026 10:30:00 +0000

Type Values Removed Values Added
First Time appeared Mtekk
Mtekk breadcrumb Navxt
Wordpress
Wordpress wordpress
Vendors & Products Mtekk
Mtekk breadcrumb Navxt
Wordpress
Wordpress wordpress

Thu, 19 Feb 2026 05:00:00 +0000

Type Values Removed Values Added
Description The Breadcrumb NavXT plugin for WordPress is vulnerable to authorization bypass through user-controlled key in versions up to and including 7.5.0. This is due to the Gutenberg block renderer trusting the $_REQUEST['post_id'] parameter without verification in the includes/blocks/build/breadcrumb-trail/render.php file. This makes it possible for unauthenticated attackers to enumerate and view breadcrumb trails for draft or private posts by manipulating the post_id parameter, revealing post titles and hierarchy that should remain hidden.
Title Breadcrumb NavXT <= 7.5.0 - Missing Authorization to Sensitive Information Exposure
Weaknesses CWE-639
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Mtekk Breadcrumb Navxt
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T16:57:10.579Z

Reserved: 2025-12-01T18:55:52.648Z

Link: CVE-2025-13842

cve-icon Vulnrichment

Updated: 2026-02-19T17:22:53.708Z

cve-icon NVD

Status : Deferred

Published: 2026-02-19T07:17:33.260

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-13842

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-21T16:00:13Z

Weaknesses