WP-Safety

Navigation Du Lapin Blanc Security & Risk Analysis

wordpress.org/plugins/navigation-du-lapin-blanc

This plugin provides integrated navigation for your website. Use WordPress as a CMS for your website and think in navigation terms (main, sub etc.)

40 active installs v1.1.1 PHP + WP 2.8.0+ Updated Sep 29, 2017
cmscontent-management-systemmenunavigationsitemap
64
C · Use Caution
CVEs total1
Unpatched1
Last CVEJan 14, 2025
Plugin page Download
Safety Verdict

Is Navigation Du Lapin Blanc Safe to Use in 2026?

Use With Caution

Score 64/100

Navigation Du Lapin Blanc has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Jan 14, 2025Updated 8yr ago
Risk Assessment

The "navigation-du-lapin-blanc" plugin v1.1.1 presents a mixed security posture. On the positive side, it demonstrates good practices by avoiding dangerous functions, raw SQL queries, file operations, and external HTTP requests. Furthermore, there are no identified taint flows with unsanitized paths, and the attack surface is small with no unprotected entry points like AJAX handlers or REST API routes without proper callbacks.

However, significant concerns arise from the static analysis regarding output escaping. With 100% of outputs not being properly escaped, this plugin is highly susceptible to Cross-Site Scripting (XSS) vulnerabilities. The absence of nonce checks and capability checks on its shortcodes is another critical oversight, potentially allowing unauthorized actions or data manipulation if these shortcodes are used in conjunction with user-provided input.

The plugin's vulnerability history further exacerbates these concerns. It has a known medium severity CVE related to XSS that is currently unpatched. This, combined with the code analysis indicating a lack of output escaping, strongly suggests that the previous XSS vulnerability might still be present or that similar vulnerabilities could easily be introduced. While the plugin avoids some common pitfalls, the lack of output escaping and the unpatched XSS vulnerability represent substantial security risks.

Key Concerns

  • Unpatched CVE (Medium severity XSS)
  • Output escaping missing on all outputs
  • Missing nonce checks on shortcodes
  • Missing capability checks on shortcodes
Vulnerabilities
1

Navigation Du Lapin Blanc Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-22745medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Navigation Du Lapin Blanc <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jan 14, 2025Unpatched
Code Analysis
Analyzed Mar 16, 2026

Navigation Du Lapin Blanc Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
4
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

0% escaped4 total outputs
Attack Surface

Navigation Du Lapin Blanc Attack Surface

Entry Points2
Unprotected0

Shortcodes 2

[bjoerne_sitemap] navigation-du-lapin-blanc.php:828
[bjoerne_link] navigation-du-lapin-blanc.php:829
WordPress Hooks 3
actiontemplate_redirectnavigation-du-lapin-blanc.php:825
filterthe_contentnavigation-du-lapin-blanc.php:826
filterposts_wherenavigation-du-lapin-blanc.php:827
Maintenance & Trust

Navigation Du Lapin Blanc Maintenance & Trust

Maintenance Signals

WordPress version tested4.8.28
Last updatedSep 29, 2017
PHP min version
Downloads11K

Community Trust

Rating0/100
Number of ratings0
Active installs40
Alternatives

Navigation Du Lapin Blanc Alternatives

CMS Navigation

CMS Navigation

cms-navigation

A
85

Out-of-the-box support for full CMS navigation in your WordPress site including drop down menus, breadcrumbs trail and sidebar navigation.

20 No CVEs
Max Mega Menu

Max Mega Menu

megamenu

A
99

An easy to use mega menu plugin. Written the WordPress way.

300K 2 CVEs
Table of Contents Plus

Table of Contents Plus

table-of-contents-plus

A
89

A powerful yet user friendly plugin that automatically creates a table of contents. Can also output a sitemap listing all pages and categories.

200K 5 CVEs
Menu Icons by ThemeIsle

Menu Icons by ThemeIsle

menu-icons

A
98

Spice up your navigation menus with pretty icons, easily.

100K 2 CVEs
Menu Image, Icons made easy

Menu Image, Icons made easy

menu-image

A
99

Adds an image or icon in the menu items. You can choose the position of the image (after, before, above, below) or even hide the menu item title.

100K 2 CVEs
Developer Profile

Navigation Du Lapin Blanc Developer Profile

bjoerne

4 plugins · 10K total installs

80
trust score
Avg Security Score
80/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Navigation Du Lapin Blanc

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/navigation-du-lapin-blanc/css/navigation-du-lapin-blanc.css/wp-content/plugins/navigation-du-lapin-blanc/js/navigation-du-lapin-blanc.js
Script Paths
/wp-content/plugins/navigation-du-lapin-blanc/js/navigation-du-lapin-blanc.js
Version Parameters
navigation-du-lapin-blanc/style.css?ver=navigation-du-lapin-blanc.js?ver=

HTML / DOM Fingerprints

CSS Classes
bjoerne_navigationbjoerne_sub_navigationbjoerne_current_pathbjoerne_selected_itembjoerne_selected_item_parentbjoerne_sitemap
HTML Comments
<!-- NAVIGATION DU LAPIN BLANC start --><!-- NAVIGATION DU LAPIN BLANC end --><!-- bjoerne_sitemap start --><!-- bjoerne_sitemap end -->+2 more
Data Attributes
data-bjoerne-page-typedata-bjoerne-category-iddata-bjoerne-category-namedata-bjoerne-url
JS Globals
bjoerne_root_nodesbjoerne_current_nodebjoerne_current_pathbjoerne_navigation_nodesbjoerne_name_resolversbjoerne_default_name_resolver+2 more
Shortcode Output
[bjoerne_sitemap][bjoerne_navigation_menu]
FAQ

Frequently Asked Questions about Navigation Du Lapin Blanc