{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-13842", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-12-01T18:55:52.648Z", "datePublished": "2026-02-19T04:36:13.093Z", "dateUpdated": "2026-04-08T16:57:10.579Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:57:10.579Z"}, "affected": [{"vendor": "mtekk", "product": "Breadcrumb NavXT", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "7.5.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Breadcrumb NavXT plugin for WordPress is vulnerable to authorization bypass through user-controlled key in versions up to and including 7.5.0. This is due to the Gutenberg block renderer trusting the $_REQUEST['post_id'] parameter without verification in the includes/blocks/build/breadcrumb-trail/render.php file. This makes it possible for unauthenticated attackers to enumerate and view breadcrumb trails for draft or private posts by manipulating the post_id parameter, revealing post titles and hierarchy that should remain hidden."}], "title": "Breadcrumb NavXT <= 7.5.0 - Missing Authorization to Sensitive Information Exposure", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/62e25985-ac19-41a5-8027-eb053f4a6490?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/breadcrumb-navxt/trunk/includes/blocks/build/breadcrumb-trail/render.php#L17"}, {"url": "https://plugins.trac.wordpress.org/changeset/3425008"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-639 Authorization Bypass Through User-Controlled Key", "cweId": "CWE-639", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "NosleeP"}], "timeline": [{"time": "2026-02-18T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-19T17:22:52.111987Z", "id": "CVE-2025-13842", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-19T17:36:59.299Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-13842", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-19T17:22:52.111987Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-19T17:22:53.708Z"}}], "cna": {"title": "Breadcrumb NavXT <= 7.5.0 - Missing Authorization to Sensitive Information Exposure", "credits": [{"lang": "en", "type": "finder", "value": "NosleeP"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}}], "affected": [{"vendor": "mtekk", "product": "Breadcrumb NavXT", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "7.5.0"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-02-18T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/62e25985-ac19-41a5-8027-eb053f4a6490?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/breadcrumb-navxt/trunk/includes/blocks/build/breadcrumb-trail/render.php#L17"}, {"url": "https://plugins.trac.wordpress.org/changeset/3425008"}], "descriptions": [{"lang": "en", "value": "The Breadcrumb NavXT plugin for WordPress is vulnerable to authorization bypass through user-controlled key in versions up to and including 7.5.0. This is due to the Gutenberg block renderer trusting the $_REQUEST['post_id'] parameter without verification in the includes/blocks/build/breadcrumb-trail/render.php file. This makes it possible for unauthenticated attackers to enumerate and view breadcrumb trails for draft or private posts by manipulating the post_id parameter, revealing post titles and hierarchy that should remain hidden."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-639", "description": "CWE-639 Authorization Bypass Through User-Controlled Key"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-02-19T04:36:13.093Z"}}}, "cveMetadata": {"cveId": "CVE-2025-13842", "state": "PUBLISHED", "dateUpdated": "2026-02-19T17:36:59.299Z", "dateReserved": "2025-12-01T18:55:52.648Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-02-19T04:36:13.093Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Breadcrumb NavXT plugin for WordPress is vulnerable to authorization bypass through user-controlled key in versions up to and including 7.5.0. This is due to the Gutenberg block renderer trusting the $_REQUEST['post_id'] parameter without verification in the includes/blocks/build/breadcrumb-trail/render.php file. This makes it possible for unauthenticated attackers to enumerate and view breadcrumb trails for draft or private posts by manipulating the post_id parameter, revealing post titles and hierarchy that should remain hidden."}, {"lang": "es", "value": "El plugin Breadcrumb NavXT para WordPress es vulnerable a una omisi\u00f3n de autorizaci\u00f3n a trav\u00e9s de una clave controlada por el usuario en versiones hasta la 7.5.0 inclusive. Esto se debe a que el renderizador de bloques de Gutenberg conf\u00eda en el par\u00e1metro $_REQUEST['post_id'] sin verificaci\u00f3n en el archivo includes/blocks/build/breadcrumb-trail/render.php. Esto hace posible que atacantes no autenticados enumeren y vean rutas de navegaci\u00f3n para publicaciones borrador o privadas manipulando el par\u00e1metro post_id, revelando t\u00edtulos de publicaciones y jerarqu\u00eda que deber\u00edan permanecer ocultos."}], "id": "CVE-2025-13842", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2026-02-19T07:17:33.260", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/breadcrumb-navxt/trunk/includes/blocks/build/breadcrumb-trail/render.php#L17"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3425008"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/62e25985-ac19-41a5-8027-eb053f4a6490?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,7.5.0]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Breadcrumb NavXT", "source": "cna", "vendor": "mtekk"}, "product": "breadcrumb_navxt", "vendor": "mtekk"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-21T15:55:05.832246+00:00", "value": {"mitigation_remediation": ["Upgrade Breadcrumb NavXT to the latest release, which removes the unchecked post_id validation in the Gutenberg block renderer.", "After updating, verify that the plugin no longer accepts arbitrary post_id values from external requests by testing the breadcrumb block endpoint with a private post ID.", "If an upgrade cannot be performed immediately, disable the Breadcrumb NavXT Gutenberg block or prevent the post_id parameter from reaching the render logic until the fix is applied."], "summary": {"action": "Apply Patch", "impact": "Sensitive Information Exposure"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the Breadcrumb NavXT plugin from the vendor mtekk. Versions up to and including 7.5.0 are impacted. WordPress sites that have installed or are still using any version of Breadcrumb NavXT 7.5.0 or lower are at risk; newer releases are not affected.", "description_and_impact": "The Breadcrumb NavXT plugin for WordPress is vulnerable to an authorization bypass that occurs when the plugin\u2019s Gutenberg block renderer trusts the user\u2011controlled $_REQUEST['post_id'] parameter without verification. This flaw allows an unauthenticated attacker to query the breadcrumb trail endpoint and retrieve the titles and hierarchical positions of draft or private posts. The exposed information is post titles and parent relationships, which are intended to remain confidential to authorized editors or administrators, representing a direct breach of confidentiality.", "risk_and_exploitability": "The CVSS score of 5.3 indicates moderate severity. The EPSS score of less than 1% signals a very low likelihood of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. An attacker need only supply a crafted post_id value in a request to the block renderer; no authentication is required and no privileged environment is needed. Once the mis\u2011handled parameter is used, the attacker can enumerate private or draft post keys and view their breadcrumb trails, thus obtaining sensitive post metadata."}}}}, "created": "2026-02-19T10:07:13.003024+00:00", "updated": "2026-04-21T16:00:13.277366+00:00", "vendors": ["mtekk", "mtekk$PRODUCT$breadcrumb_navxt", "wordpress", "wordpress$PRODUCT$wordpress"]}