WP-Safety

Catch Breadcrumb Security & Risk Analysis

wordpress.org/plugins/catch-breadcrumb

Catch Breadcrumb lets you display Breadcrumb Navigation anywhere on your website elegantly.

2K active installs v2.4 PHP + WP 5.9+ Updated Feb 17, 2026
breadcrumbbreadcrumbsmenunavigationtrail
100
A · Safe
CVEs total1
Unpatched0
Last CVEApr 22, 2020
Plugin page Download
Safety Verdict

Is Catch Breadcrumb Safe to Use in 2026?

Generally Safe

Score 100/100

Catch Breadcrumb has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Apr 22, 2020Updated 2mo ago
Risk Assessment

The catch-breadcrumb plugin version 2.4 exhibits a generally good security posture based on the provided static analysis. A significant strength is the complete absence of unprotected entry points, including AJAX handlers, REST API routes, and shortcodes. The plugin also demonstrates strong adherence to security best practices with 100% of its SQL queries using prepared statements and a high rate of output escaping (93%). Furthermore, the presence of nonce and capability checks on all identified entry points indicates a proactive approach to access control. The lack of dangerous functions, file operations, and external HTTP requests further contributes to a reduced attack surface. However, the vulnerability history, although currently unpatched, does reveal a past medium-severity Cross-Site Scripting (XSS) vulnerability. While this issue is historical and has no currently unpatched CVEs, it serves as a reminder that even plugins with strong static analysis can be susceptible to certain types of vulnerabilities. The zero taint flows found in this analysis are positive, but it's worth noting that taint analysis capabilities might be limited. Overall, catch-breadcrumb v2.4 presents as a secure plugin with good development practices, with the only significant historical concern being a past XSS vulnerability.

Key Concerns

  • Historical medium severity XSS vulnerability
Vulnerabilities
1 published

Catch Breadcrumb Security Vulnerabilities

CVEs by Year

1 CVE in 2020
2020
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2020-12054medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Catch Breadcrumb <= 1.5.4 - Reflected Cross-Site Scripting

Apr 22, 2020 Patched in 1.5.5 (1371d)
Version History

Catch Breadcrumb Release Timeline

v2.4Current
v2.3
v2.2.1
v2.2
v2.1
v2.0
v1.9
v1.8
v1.7
v1.6
v1.5.9
v1.5.8
v1.5.7
v1.5.6
v1.5.5
v1.5.41 CVE
CVE-2020-12054
v1.5.31 CVE
CVE-2020-12054
v1.5.21 CVE
CVE-2020-12054
v1.5.11 CVE
CVE-2020-12054
v1.51 CVE
CVE-2020-12054
Code Analysis
Analyzed Mar 16, 2026

Catch Breadcrumb Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
14
176 escaped
Nonce Checks
4
Capability Checks
9
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

93% escaped190 total outputs
Attack Surface

Catch Breadcrumb Attack Surface

Entry Points4
Unprotected0

AJAX Handlers 3

authwp_ajax_query-themesincludes\CatchThemesThemePlugin.php:12
authwp_ajax_customize_load_themesincludes\CatchThemesThemePlugin.php:22
authwp_ajax_ctp_switchincludes\ctp-tabs-removal.php:101

Shortcodes 1

[catch-breadcrumb] includes\shortcodes.php:28
WordPress Hooks 24
actionadmin_enqueue_scriptsadmin\class-catch-breadcrumb-admin.php:69
actionadmin_enqueue_scriptsadmin\class-catch-breadcrumb-admin.php:70
actionadmin_menuadmin\class-catch-breadcrumb-admin.php:71
filterplugin_action_linksadmin\class-catch-breadcrumb-admin.php:72
actionadmin_initadmin\class-catch-breadcrumb-admin.php:74
actioninitcatch-breadcrumb.php:178
actionadmin_enqueue_scriptsincludes\CatchThemesThemePlugin.php:14
actioncustomize_registerincludes\CatchThemesThemePlugin.php:17
filterinstall_plugins_tabsincludes\CatchThemesThemePlugin.php:24
filterinstall_plugins_table_api_args_catchpluginsincludes\CatchThemesThemePlugin.php:25
actioninstall_plugins_catchpluginsincludes\CatchThemesThemePlugin.php:26
actionplugins_loadedincludes\class-catch-breadcrumb.php:134
actionadmin_enqueue_scriptsincludes\class-catch-breadcrumb.php:149
actionadmin_enqueue_scriptsincludes\class-catch-breadcrumb.php:150
actionadmin_menuincludes\class-catch-breadcrumb.php:151
actionadmin_initincludes\class-catch-breadcrumb.php:152
filterplugin_action_linksincludes\class-catch-breadcrumb.php:153
filterplugin_row_metaincludes\class-catch-breadcrumb.php:154
actionwp_enqueue_scriptsincludes\class-catch-breadcrumb.php:170
actionwp_enqueue_scriptsincludes\class-catch-breadcrumb.php:171
actionwp_enqueue_scriptsincludes\class-catch-breadcrumb.php:172
actionwp_footerincludes\class-catch-breadcrumb.php:173
actionadmin_initincludes\ctp-tabs-removal.php:22
actionwp_headpublic\partials\class-catch-breadcrumb-json-ld-schema.php:25
Maintenance & Trust

Catch Breadcrumb Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 17, 2026
PHP min version
Downloads64K

Community Trust

Rating100/100
Number of ratings5
Active installs2K
Alternatives

Catch Breadcrumb Alternatives

SEO Breadcrumbs

SEO Breadcrumbs

seo-breadcrumbs

A
85

SEO Breadcrumbs is powerful and easy to use plugin that can add five different breadcrumbs navigation to your wordpress website.

300 No CVEs
Breadcrumb NavXT

Breadcrumb NavXT

breadcrumb-navxt

A
98

Adds breadcrumb navigation showing the visitor's path to their current location.

800K 2 CVEs
Flexy Breadcrumb

Flexy Breadcrumb

flexy-breadcrumb

A
92

Flexy Breadcrumb is a super light weight plugin that is easy to navigate through current page hierarchy.

20K No CVEs
Breadcrumb Trail

Breadcrumb Trail

breadcrumb-trail

A
85

A powerful script for adding breadcrumbs to your site that supports Schema.org HTML5-valid microdata.

10K No CVEs
RDFa Breadcrumb

RDFa Breadcrumb

rdfa-breadcrumb

C
63

An easy template tag for showing a breadcrumb menu on your site and on google search results with built in RDFa Markup.

700 1 unpatched
Developer Profile

Catch Breadcrumb Developer Profile

Catch Themes

156 plugins · 226K total installs

79
trust score
Avg Security Score
100/100
Avg Patch Time
251 days
View full developer profile
Detection Fingerprints

How We Detect Catch Breadcrumb

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/catch-breadcrumb/admin/css/catch-breadcrumb-admin.css/wp-content/plugins/catch-breadcrumb/admin/js/catch-breadcrumb-admin.js/wp-content/plugins/catch-breadcrumb/public/css/catch-breadcrumb-public.css/wp-content/plugins/catch-breadcrumb/public/js/catch-breadcrumb-public.js
Script Paths
/wp-content/plugins/catch-breadcrumb/admin/js/catch-breadcrumb-admin.js/wp-content/plugins/catch-breadcrumb/public/js/catch-breadcrumb-public.js
Version Parameters
catch-breadcrumb/admin/css/catch-breadcrumb-admin.css?ver=catch-breadcrumb/admin/js/catch-breadcrumb-admin.js?ver=catch-breadcrumb/public/css/catch-breadcrumb-public.css?ver=catch-breadcrumb/public/js/catch-breadcrumb-public.js?ver=

HTML / DOM Fingerprints

CSS Classes
catch-breadcrumb
JS Globals
catch_breadcrumb_options
Shortcode Output
[catch_breadcrumb][catch_breadcrumb type="post"][catch_breadcrumb type="page"][catch_breadcrumb type="category"]
FAQ

Frequently Asked Questions about Catch Breadcrumb