CVE-2025-13842

Name of the Vulnerable Software and Affected Versions Breadcrumb NavXT versions prior to 7.5.1

Description The Breadcrumb NavXT plugin for WordPress has an authorization bypass issue. This occurs because the Gutenberg block renderer trusts the post id parameter without proper verification within the includes/blocks/build/breadcrumb-trail/render.php file. An attacker can manipulate the post id parameter to enumerate and view breadcrumb trails for draft or private posts, potentially revealing post titles and hierarchy that should not be accessible. The vulnerable parameter is post id.

Recommendations Update Breadcrumb NavXT to version 7.5.1 or later.