Genzel breadcrumbs Security & Risk Analysis

wordpress.org/plugins/genzel-breadcrumbs

Breadcrumbs nav links. Based on WP menu, can be configured and hooked. Use special rule tokens to determine behaviour of trail.

10 active installs v1.2 PHP + WP 4.1+ Updated Jul 8, 2018
breadcrumbbreadcrumbslinkmenunavigation
63
C · Use Caution
CVEs total1
Unpatched1
Last CVEMay 26, 2026
Safety Verdict

Is Genzel breadcrumbs Safe to Use in 2026?

Use With Caution

Score 63/100

Genzel breadcrumbs has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: May 26, 2026Updated 8yr ago
Risk Assessment

The genzel-breadcrumbs plugin v1.2 exhibits a mixed security posture. On the positive side, the static analysis reveals a very small attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events, and crucially, none of these entry points are left unprotected. The plugin also exclusively uses prepared statements for its SQL queries and makes no external HTTP requests. However, significant concerns arise from the presence of the `unserialize` function, which is inherently risky if used with untrusted input, and the extremely low percentage of properly escaped output. The absence of nonce checks and capability checks further exacerbates these risks, as there are no built-in mechanisms to verify user authorization or prevent cross-site request forgery.

The vulnerability history for genzel-breadcrumbs is clean, with no known CVEs or past issues recorded. This absence of historical vulnerabilities might suggest diligent security practices in previous versions or a lack of focused security auditing on the plugin. Despite the clean history, the static analysis reveals critical areas that require immediate attention. The presence of `unserialize` without apparent sanitization or authorization checks represents a potential deserialization vulnerability. Furthermore, the vast majority of outputs are not properly escaped, indicating a high likelihood of cross-site scripting (XSS) vulnerabilities.

In conclusion, while the plugin boasts a minimal attack surface and no known historical vulnerabilities, the static analysis flags several critical security weaknesses. The unchecked use of `unserialize` and the pervasive lack of output escaping are significant risks that outweigh the positive aspects of its limited attack surface and clean history. Immediate remediation of these identified code issues is strongly recommended to improve the plugin's security.

Key Concerns

  • Dangerous function unserialize found
  • Low percentage of properly escaped output
  • Missing nonce checks
  • Missing capability checks
Vulnerabilities
1 published

Genzel breadcrumbs Security Vulnerabilities

CVEs by Year

1 CVE in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2026-8708medium · 4.3Cross-Site Request Forgery (CSRF)

Genzel breadcrumbs <= 1.2 - Cross-Site Request Forgery to Settings Update via Plugin Settings Page

May 26, 2026Unpatched
Version History

Genzel breadcrumbs Release Timeline

No version history available.
Code Analysis
Analyzed Mar 17, 2026

Genzel breadcrumbs Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
38
1 escaped
Nonce Checks
0
Capability Checks
0
File Operations
3
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$data = unserialize(substr(@fread($this->mutex_options, filesize($this->optionFilename)), 8));gb.class.php:485

Output Escaping

3% escaped39 total outputs
Attack Surface

Genzel breadcrumbs Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 3
actionadmin_initgb.class.php:24
actionadmin_menugb.class.php:25
filterplugin_action_linksgb.class.php:26
Maintenance & Trust

Genzel breadcrumbs Maintenance & Trust

Maintenance Signals

WordPress version tested4.8.28
Last updatedJul 8, 2018
PHP min version
Downloads1K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Developer Profile

Genzel breadcrumbs Developer Profile

Ashraful Sarkar Naiem

46 plugins · 20K total installs

71
trust score
Avg Security Score
89/100
Avg Patch Time
111 days
View full developer profile
Detection Fingerprints

How We Detect Genzel breadcrumbs

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Version Parameters
genzel-breadcrumbs/style.css?ver=genzel-breadcrumbs/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
genzel-breadcrumbs-wrapgenzel-breadcrumbs-homegenzel-breadcrumbs-itemgenzel-breadcrumbs-linkgenzel-breadcrumbs-current
Data Attributes
data-genzel-breadcrumbs
Shortcode Output
[genzel_breadcrumbs]
FAQ

Frequently Asked Questions about Genzel breadcrumbs