RDFa Breadcrumb Security & Risk Analysis
wordpress.org/plugins/rdfa-breadcrumbAn easy template tag for showing a breadcrumb menu on your site and on google search results with built in RDFa Markup.
Is RDFa Breadcrumb Safe to Use in 2026?
Use With Caution
Score 63/100RDFa Breadcrumb has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.
The "rdfa-breadcrumb" plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by having no observed AJAX handlers, REST API routes, shortcodes, or cron events contributing to its attack surface. Furthermore, all SQL queries are properly prepared, and there are no indications of dangerous functions, file operations, or external HTTP requests, which are excellent security indicators. The presence of a nonce check is also a positive sign.
However, significant concerns arise from the output escaping results, where only 27% of outputs are properly escaped. This is a considerable weakness, as it leaves the plugin susceptible to cross-site scripting (XSS) vulnerabilities where user-supplied data could be injected into the output without proper sanitization. The vulnerability history further exacerbates this concern, with one unpatched medium severity CVE related to XSS, last documented in mid-2025. This indicates a recurring issue with input sanitization or output escaping, and the fact that it remains unpatched is a direct security risk.
In conclusion, while the plugin has a minimal attack surface and good practices regarding SQL and external requests, the poor output escaping and the presence of an unpatched XSS vulnerability represent critical security weaknesses. Users should be cautious and prioritize applying any available patches for this plugin.
Key Concerns
- Unpatched CVE (medium severity)
- Low output escaping percentage (27%)
RDFa Breadcrumb Security Vulnerabilities
CVEs by Year
Severity Breakdown
1 total CVE
RDFa Breadcrumb <= 2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
RDFa Breadcrumb Release Timeline
RDFa Breadcrumb Code Analysis
Output Escaping
RDFa Breadcrumb Attack Surface
WordPress Hooks 8
Maintenance & Trust
RDFa Breadcrumb Maintenance & Trust
Maintenance Signals
Community Trust
RDFa Breadcrumb Alternatives
Flexy Breadcrumb
flexy-breadcrumb
Flexy Breadcrumb is a super light weight plugin that is easy to navigate through current page hierarchy.
Breadcrumb Trail
breadcrumb-trail
A powerful script for adding breadcrumbs to your site that supports Schema.org HTML5-valid microdata.
Catch Breadcrumb
catch-breadcrumb
Catch Breadcrumb lets you display Breadcrumb Navigation anywhere on your website elegantly.
Instant Breadcrumbs
instant-breadcrumbs
Instant Breadcrumbs adds a breadcrumb trail to your WordPress blog's primary navigation menu. No theme editing required!
Menu Breadcrumb
menu-breadcrumb
Generate a breadcrumb trail from a WordPress Menu
RDFa Breadcrumb Developer Profile
4 plugins · 740 total installs
How We Detect RDFa Breadcrumb
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/rdfa-breadcrumb/rdfa-breadcrumb.css/wp-content/plugins/rdfa-breadcrumb/rdfa-breadcrumb.js/wp-content/plugins/rdfa-breadcrumb/rdfa-breadcrumb.jsrdfa-breadcrumb/rdfa-breadcrumb.css?ver=rdfa-breadcrumb/rdfa-breadcrumb.js?ver=HTML / DOM Fingerprints
breadcrumbs-titleseparatorbreadcrumbbreadcrumbsrdfa-breadcrumbRDFa Breadcrumbs Plugin by Nitin Yawalkartypeof="v:Breadcrumb"rel="v:url"property="v:title"xmlns:v="http://rdf.data-vocabulary.org/#"