MEDIUM
shra
CVE published 2026-05-27
CVE-2026-8708
The Genzel breadcrumbs plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in all versions up to and including 1.2. The vulnerability stems from missing or incorrect nonce validation on the `_options_page` function, allowing unauthenticated attackers to modify the plugin's breadcrumb configuration—including templates, delimiter, home label, home URI, and breadcrumb rules—via a forged r [truncated]