Breadcrumb NavXT < 7.5.1 – Sensitive Information Exposure | CVE 2025-13842 | Plugin Vulnerabilities

Description

The plugin is vulnerable to authorization bypass through user-controlled key due to the Gutenberg block renderer trusting the $_REQUEST['post_id'] parameter without verification in the includes/blocks/build/breadcrumb-trail/render.php file. This makes it possible for unauthenticated attackers to enumerate and view breadcrumb trails for draft or private posts by manipulating the post_id parameter, revealing post titles and hierarchy that should remain hidden.

Affects Plugins

breadcrumb-navxt

Fixed in 7.5.1

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/62e25985-ac19-41a5-8027-eb053f4a6490

Classification

Type

IDOR

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

NosleeP++

Verified

No

WPVDB ID

e5df5ed8-3119-4ace-89f9-18a86eb83d84

Timeline

Publicly Published

2026-02-18 (about 2 months ago)

Added

2026-02-18 (about 2 months ago)

Last Updated

2026-02-18 (about 2 months ago)

Other

Published

Title

Published

2022-12-02

Title

Workreap < 2.6.4 - Subscriber+ Arbitrary Posts Deletion via IDOR

Published

2025-10-15

Title

Truelysell Core < 1.8.7 - Unauthenticated Arbitrary User Password Change

Published

2024-10-16

Title

WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin < 1.0.26 - Insecure Direct Object Reference to Unauthenticated Arbitrary User Password/Email Reset/Account Takeover

Published

2024-01-04

Title

Relevanssi (Free < 4.22.0, Premium < 2.25.0) - Unauthenticated Private/Draft Post Disclosure

Published

2023-06-07

Title

Directorist < 7.5.5 - Subscriber+ Insecure Direct Object Reference to Arbitrary Post Deletion