WP-Safety

Breadcrumb NavXT Security & Risk Analysis

wordpress.org/plugins/breadcrumb-navxt

Adds breadcrumb navigation showing the visitor's path to their current location.

800K active installs v7.5.1 PHP 7.0+ WP 5.8+ Updated Dec 22, 2025
blockbreadcrumbbreadcrumbsnavigationtrail
98
A · Safe
CVEs total2
Unpatched0
Last CVEFeb 18, 2026
Plugin page Download
Safety Verdict

Is Breadcrumb NavXT Safe to Use in 2026?

Generally Safe

Score 98/100

Breadcrumb NavXT has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Feb 18, 2026Updated 3mo ago
Risk Assessment

The breadcrumb-navxt plugin v7.5.1 exhibits a generally good security posture, with robust practices like 100% prepared SQL statements and nearly all output being properly escaped. The plugin also demonstrates a solid implementation of nonces and capability checks, which are crucial for WordPress security. However, a significant concern arises from the presence of one AJAX handler that lacks any authentication checks. This creates a direct attack vector that could be exploited by unauthenticated users to potentially trigger unintended actions within the plugin.

The vulnerability history reveals two past medium-severity CVEs, one of which was recently patched in 2026. The types of vulnerabilities (Authorization Bypass and Exposure of Sensitive Information) are notable and suggest that attackers have successfully found ways to circumvent authorization or access restricted data in previous versions. While there are no currently unpatched vulnerabilities, this history indicates a potential for such issues to reappear if not carefully managed.

In conclusion, while the plugin excels in many secure coding practices, the single unprotected AJAX endpoint represents a critical weakness that must be addressed immediately. The past CVEs, although patched, warrant continued vigilance to ensure that similar authorization and information exposure issues do not re-emerge in future development. The plugin's strengths lie in its SQL and output handling, but the identified entry point and historical patterns necessitate a cautious approach.

Key Concerns

  • Unprotected AJAX handler
  • Medium severity vulnerabilities in history (x2)
Vulnerabilities
2

Breadcrumb NavXT Security Vulnerabilities

CVEs by Year

1 CVE in 2018
2018
1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-13842medium · 5.3Authorization Bypass Through User-Controlled Key

Breadcrumb NavXT <= 7.5.0 - Missing Authorization to Sensitive Information Exposure

Feb 18, 2026 Patched in 7.5.1 (1d)
WF-3f3c556d-8baf-4d75-a331-51b76ee084ee-breadcrumb-navxtmedium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

Breadcrumb NavXT <= 6.1.0 - Sensitive Data Exposure

Sep 26, 2018 Patched in 6.2.0 (1945d)
Code Analysis
Analyzed Mar 16, 2026

Breadcrumb NavXT Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
1 prepared
Unescaped Output
5
241 escaped
Nonce Checks
10
Capability Checks
5
File Operations
1
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared1 total queries

Output Escaping

98% escaped246 total outputs
Attack Surface
1 unprotected

Breadcrumb NavXT Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_mtekk_admin_message_dismissincludes\adminKit\class-mtekk_adminkit.php:267
WordPress Hooks 24
actionadmin_noticesbreadcrumb-navxt.php:42
actionrest_api_initbreadcrumb-navxt.php:85
actioninitbreadcrumb-navxt.php:87
actionwidgets_initbreadcrumb-navxt.php:89
filterbcn_allowed_htmlbreadcrumb-navxt.php:97
filtermtekk_adminkit_allowed_htmlbreadcrumb-navxt.php:98
filtertha_breadcrumb_navigationbreadcrumb-navxt.php:100
filterbcn_register_rest_endpointbreadcrumb-navxt.php:135
actionplugins_loadedbreadcrumb-navxt.php:749
actionadmin_noticesclass.bcn_admin.php:32
actionnetwork_admin_menuclass.bcn_network_admin.php:49
actionadmin_noticesclass.bcn_rest_controller.php:32
actionrest_api_initclass.bcn_rest_controller.php:52
actionadmin_initincludes\adminKit\class-mtekk_adminkit.php:110
actionadmin_menuincludes\adminKit\class-mtekk_adminkit.php:112
actionwp_loadedincludes\adminKit\class-mtekk_adminkit.php:115
filterplugin_action_linksincludes\adminKit\class-mtekk_adminkit.php:246
actionadmin_noticesincludes\adminKit\class-mtekk_adminkit.php:703
actionadmin_noticesincludes\adminKit\class-mtekk_adminkit.php:788
actionadmin_noticesincludes\adminKit\class-mtekk_adminkit.php:932
actionadmin_noticesincludes\adminKit\class-mtekk_adminkit.php:952
actionadmin_noticesincludes\adminKit\class-mtekk_adminkit.php:974
actionadmin_noticesincludes\adminKit\class-mtekk_adminkit.php:1023
actionadmin_noticesoptions_upgrade.php:32
Maintenance & Trust

Breadcrumb NavXT Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 22, 2025
PHP min version7.0
Downloads17.0M

Community Trust

Rating92/100
Number of ratings132
Active installs800K
Alternatives

Breadcrumb NavXT Alternatives

X3P0: Breadcrumbs

X3P0: Breadcrumbs

x3p0-breadcrumbs

A
100

Add breadcrumb navigation to any site. Works with block and classic themes. Auto-detects site structure and custom post types. Improves SEO.

100 No CVEs
Catch Breadcrumb

Catch Breadcrumb

catch-breadcrumb

A
100

Catch Breadcrumb lets you display Breadcrumb Navigation anywhere on your website elegantly.

2K 1 CVE
SEO Breadcrumbs

SEO Breadcrumbs

seo-breadcrumbs

A
85

SEO Breadcrumbs is powerful and easy to use plugin that can add five different breadcrumbs navigation to your wordpress website.

300 No CVEs
Breadcrumb NavXT Multidimension Extensions

Breadcrumb NavXT Multidimension Extensions

breadcrumb-navxt-multidimension-extensions

A
100

Automates the generation of multidimensional list breadcrumb trails with Breadcrumb NavXT.

200 No CVEs
WP Breadcrumb

WP Breadcrumb

breadcrumbs-builder

A
85

Breadcrumb Builder will allow you to add Breadcrumbs navigation section to your site and your visitors will know current path.

10 No CVEs
Developer Profile

Breadcrumb NavXT Developer Profile

John Havlik

3 plugins · 800K total installs

75
trust score
Avg Security Score
94/100
Avg Patch Time
973 days
View full developer profile
Detection Fingerprints

How We Detect Breadcrumb NavXT

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/breadcrumb-navxt/css/bcn_editor_styles.css/wp-content/plugins/breadcrumb-navxt/css/bcn_styles.css/wp-content/plugins/breadcrumb-navxt/includes/blocks/build/style.css/wp-content/plugins/breadcrumb-navxt/includes/blocks/build/editor.css
Script Paths
/wp-content/plugins/breadcrumb-navxt/js/bcn_admin.js/wp-content/plugins/breadcrumb-navxt/js/bcn_frontend.js/wp-content/plugins/breadcrumb-navxt/includes/blocks/build/index.js
Version Parameters
breadcrumb-navxt/css/bcn_editor_styles.css?ver=breadcrumb-navxt/css/bcn_styles.css?ver=breadcrumb-navxt/js/bcn_admin.js?ver=breadcrumb-navxt/js/bcn_frontend.js?ver=breadcrumb-navxt/includes/blocks/build/style.css?ver=breadcrumb-navxt/includes/blocks/build/editor.css?ver=breadcrumb-navxt/includes/blocks/build/index.js?ver=

HTML / DOM Fingerprints

CSS Classes
bcn_breadcrumbs
Data Attributes
data-bcn-rest-noncedata-bcn-rest-url
JS Globals
bcn_globals
REST Endpoints
/wp-json/breadcrumb-navxt/v1/trail
FAQ

Frequently Asked Questions about Breadcrumb NavXT