Cross-Site Request Forgery in Genzel Breadcrumbs Plugin for WordPress
CVE-2026-8708

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Genzel Breadcrumbs
Vendor: CVE Published:; 27 May 2026

What is CVE-2026-8708?

The Genzel Breadcrumbs Plugin for WordPress is affected by a Cross-Site Request Forgery vulnerability due to inadequate nonce validation in the _options_page function. This flaw allows attackers to craft deceptive requests, potentially altering the plugin's breadcrumb settings—including templates, labels, and rules—if they can convince a site administrator to execute an action like clicking a malicious link. It is crucial for users to ensure they are using the latest version of the plugin and to implement strong security measures to mitigate the risk of exploitation.

Affected Version(s)

Genzel breadcrumbs 0 <= 1.2

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/genzel-breadcr...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
May 15, 2026

Credit

Muhammad Nur Ibnu Hubab

CVE-2026-8708 Data

JSON