Does Breadcrumbs Shortcode have any unpatched vulnerabilities?

No. All known vulnerabilities in Breadcrumbs Shortcode have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Breadcrumbs Shortcode compatible with WordPress 6.5.8?

According to WordPress.org data, Breadcrumbs Shortcode 1.48 has been tested up to WordPress 6.5.8. Check the plugin's changelog for the latest compatibility information.

How often is Breadcrumbs Shortcode updated?

Breadcrumbs Shortcode was last updated on Oct 30, 2024. Frequent updates are generally a positive security signal.

What is Breadcrumbs Shortcode's security score?

Breadcrumbs Shortcode has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Breadcrumbs Shortcode Security & Risk Analysis

wordpress.org/plugins/breadcrumbs-shortcode

[ ✅ 𝐒𝐄𝐂𝐔𝐑𝐄 𝐏𝐋𝐔𝐆𝐈𝐍𝐒 b𝓎 𝒫𝓊𝓋𝑜𝓍 ] Show breadcrumbs for posts, pages and categories

100 active installs v1.48 PHP + WP 6.0+ Updated Oct 30, 2024

breadcrumbscategorypostshortcode

A · Safe

CVEs total1

Unpatched0

Last CVEAug 1, 2022

Plugin page Download

Safety Verdict

Is Breadcrumbs Shortcode Safe to Use in 2026?

Generally Safe

Score 92/100

Breadcrumbs Shortcode has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Aug 1, 2022Updated 1yr ago

Risk Assessment

The "breadcrumbs-shortcode" plugin v1.48 exhibits a mixed security posture. While it boasts a zero attack surface, zero shortcodes, and a notable percentage of SQL queries using prepared statements, there are significant areas of concern. The presence of the `unserialize` function is a critical red flag, as it can lead to Remote Code Execution if user-controlled data is unserialized without proper validation. This is further exacerbated by taint analysis revealing flows with unsanitized paths, including one of high severity. The plugin's history shows one medium severity Cross-Site Scripting (XSS) vulnerability discovered in August 2022, indicating a past struggle with output sanitization. Although there are no currently unpatched CVEs, the past XSS vulnerability and the current code signals, particularly the `unserialize` function and unsanitized taint flows, suggest a non-negligible risk. The plugin demonstrates some good practices like capability checks and nonces, but these are undermined by the potential for deserialization vulnerabilities and inadequate input sanitization in critical flows.

Key Concerns

Presence of unserialize function
High severity taint flow found
Flows with unsanitized paths found
Past medium severity XSS vulnerability
Only 52% of output properly escaped

Vulnerabilities

Breadcrumbs Shortcode Security Vulnerabilities

CVEs by Year

1 CVE in 2022

2022

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

WF-986957ab-7394-457e-9a6f-f6b96b56cd15-breadcrumbs-shortcodemedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Breadcrumbs Shortcode <= 1.44 - Reflected Cross-Site Scripting

Aug 1, 2022 Patched in 1.45 (540d)

Code Analysis

Analyzed Mar 16, 2026

Breadcrumbs Shortcode Code Analysis

Dangerous Functions

Raw SQL Queries

46 prepared

Unescaped Output

80 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserializeif ( @unserialize($serialized_string) !== false ) return $serialized_string;library.php:3813

SQL Query Safety

77% prepared60 total queries

Output Escaping

52% escaped153 total outputs

Data Flows

6 unsanitized

Data Flow Analysis

8 flows6 with unsanitized paths

force_redirect_to_https (library.php:103)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Breadcrumbs Shortcode Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 34

filterthe_contentindex.php:80

actionwp_headlibrary.php:4768

actionadmin_headlibrary.php:4769

actionwp_enqueue_scriptslibrary_wp.php:73

actionadmin_enqueue_scriptslibrary_wp.php:74

actionadmin_footerlibrary_wp.php:148

actioninitlibrary_wp.php:163

actionadmin_initlibrary_wp.php:210

filtermce_external_pluginslibrary_wp.php:212

filtermce_buttons_2library_wp.php:213

filtertiny_mce_versionlibrary_wp.php:215

actionwplibrary_wp.php:231

actionplugins_loadedlibrary_wp.php:540

actionwplibrary_wp.php:550

actionwp_footerlibrary_wp.php:700

actioninitlibrary_wp.php:711

actionwp_loadedlibrary_wp.php:854

actionshutdownlibrary_wp.php:859

actioninitlibrary_wp.php:1732

actionadmin_headlibrary_wp.php:1743

actioncurrent_screenlibrary_wp.php:1744

actionwplibrary_wp.php:1753

filterupload_mimeslibrary_wp.php:1759

filterwp_handle_uploadlibrary_wp.php:1760

actioninitlibrary_wp.php:1822

actionnetwork_admin_menulibrary_wp.php:1912

actionadmin_menulibrary_wp.php:1914

actionactivated_pluginlibrary_wp.php:1916

actionnetwork_admin_noticeslibrary_wp.php:2103

actionadmin_noticeslibrary_wp.php:2104

filterwp_php_error_messagelibrary_wp.php:2187

actionwp_footerlibrary_wp.php:2375

filterwidget_textlibrary_wp.php:2399

filtersite_transient_update_pluginslibrary_wp.php:3266

Maintenance & Trust

Breadcrumbs Shortcode Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8

Last updatedOct 30, 2024

PHP min version

Downloads6K

Community Trust

Rating100/100

Number of ratings3

Active installs100

Alternatives

Breadcrumbs Shortcode Alternatives

Category Posts Shortcode

category-posts-shortcode

A simple plugin that adds a shortcode to display posts from a specified category.

100 No CVEs

Posts by Category

posts-by-category

Display a list of posts from a specific category or tag.

100 No CVEs

KS Elementor Shortcode Slider

ks-elementor-shortcode-slider

KS Elementor Shortcode Slider is a plugin for creating custom sliders in Elementor using shortcodes or posts, with category selection.

40 No CVEs

Display Category Posts Via Shortcode Lite

display-category-posts-via-shortcode-lite

Displays posts with their featured images from a specified category in a responsive grid using a simple shortcode. After installation simply go to Se …

20 No CVEs

MD Taxonomy Totals

md-taxonomy-totals

100

Display total published posts count using the [mdtt_total_posts] shortcode, with optional filtering by category or tag.

0 No CVEs

Developer Profile

Breadcrumbs Shortcode Developer Profile

Puvox Software

16 plugins · 51K total installs

trust score

Avg Security Score

94/100

Avg Patch Time

540 days

View full developer profile

Detection Fingerprints

How We Detect Breadcrumbs Shortcode

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/breadcrumbs-shortcode/assets/breadcrumbs.css

Version Parameters

breadcrumbs-shortcode/assets/breadcrumbs.css?ver=

HTML / DOM Fingerprints

CSS Classes

delimiterdelimiter1

Data Attributes

data-shortcodedata-shortcode-id

Shortcode Output

[breadcrumbs<span class="delimiter"><span class="delimiter1">

FAQ