Does Bellows Accordion Menu have any unpatched vulnerabilities?

No. All known vulnerabilities in Bellows Accordion Menu have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Bellows Accordion Menu compatible with WordPress 6.8.5?

According to WordPress.org data, Bellows Accordion Menu 1.4.4 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Bellows Accordion Menu compatible with PHP 7.4+?

Bellows Accordion Menu requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Bellows Accordion Menu updated?

Bellows Accordion Menu was last updated on May 19, 2025. Frequent updates are generally a positive security signal.

What is Bellows Accordion Menu's security score?

Bellows Accordion Menu has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Bellows Accordion Menu Security & Risk Analysis

wordpress.org/plugins/bellows-accordion-menu

A flexible and robust accordion menu plugin

10K active installs v1.4.4 PHP 7.4+ WP 5.0+ Updated May 19, 2025

accordionimagesmenunavigationwidgets

A · Safe

CVEs total2

Unpatched0

Last CVEJun 5, 2025

Plugin page Download

Safety Verdict

Is Bellows Accordion Menu Safe to Use in 2026?

Generally Safe

Score 98/100

Bellows Accordion Menu has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Jun 5, 2025Updated 10mo ago

Risk Assessment

The bellows-accordion-menu plugin v1.4.4 exhibits a mixed security posture. While it demonstrates good practices by using prepared statements for all SQL queries and avoiding file operations and external HTTP requests, there are significant concerns regarding output escaping and the absence of nonces and capability checks on its entry points. The static analysis reveals a substantial number of output points (80) with a concerningly low percentage (36%) being properly escaped, indicating a high potential for Cross-Site Scripting (XSS) vulnerabilities. The complete lack of nonce checks across its entry points, coupled with only one instance of a capability check, suggests that many of its functionalities could be manipulated by unauthenticated or low-privileged users. The vulnerability history shows a past pattern of two medium severity CVEs, both related to XSS, which reinforces the static analysis findings and highlights a recurring weakness. Although there are no currently unpatched vulnerabilities, the historical pattern and the static analysis results concerning output escaping and lack of robust authentication/authorization controls point to a plugin that requires careful attention to mitigate potential risks.

Key Concerns

Low percentage of properly escaped output
No nonce checks on entry points
Limited capability checks on entry points
History of medium severity XSS vulnerabilities

Vulnerabilities

Bellows Accordion Menu Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2025-49242medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Bellows Accordion Menu <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jun 5, 2025 Patched in 1.4.4 (7d)

CVE-2023-5164medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Bellows Accordion Menu <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Oct 29, 2023 Patched in 1.4.3 (86d)

Code Analysis

Analyzed Mar 16, 2026

Bellows Accordion Menu Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

29 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

36% escaped80 total outputs

Attack Surface

Bellows Accordion Menu Attack Surface

Entry Points5

Unprotected0

Shortcodes 5

[bellows] includes\bellows.api.php:36

[bellows_section] includes\bellows.api.php:114

[bellows_terms] includes\bellows.api.php:220

[bellows_posts] includes\bellows.api.php:423

[bellows_menu] includes\bellows.api.php:480

WordPress Hooks 31

actionadmin_enqueue_scriptsadmin\settings-api.class.php:37

filterbellows_settings_panel_sectionsadmin\settings.control-panel.general.php:3

filterbellows_settings_panel_fieldsadmin\settings.control-panel.general.php:41

actionadmin_menuadmin\settings.control-panel.php:16

actionadmin_enqueue_scriptsadmin\settings.control-panel.php:71

actionadmin_initadmin\settings.control-panel.php:99

actionbellows_settings_before_titleadmin\settings.control-panel.php:208

actionbellows_settings_beforeadmin\settings.control-panel.php:220

actionadmin_initBellows.class.php:369

actionadmin_noticesBellows.class.php:375

actioncustomize_registercustomizer\customizer.php:18

actioncustomize_controls_enqueue_scriptscustomizer\customizer.php:223

actionwp_headcustomizer\customizer.php:242

actionbellows_after_menu_item_savecustomizer\customizer.styles.manager.php:22

actionbellows_settings_panel_updatedcustomizer\customizer.styles.manager.php:182

actioncustomize_save_aftercustomizer\customizer.styles.manager.php:183

actionbefore_delete_postcustomizer\customizer.styles.menu-item.php:52

actionbellows_after_menu_item_savecustomizer\customizer.styles.menu-item.php:78

actionwp_enqueue_scriptsincludes\asset.loader.php:50

actionwp_headincludes\asset.loader.php:61

filterwp_nav_menu_objectsincludes\bellows.api.php:106

filterwp_nav_menu_objectsincludes\bellows.api.php:209

filterwp_nav_menu_objectsincludes\bellows.api.php:368

actionplugins_loadedincludes\functions.php:173

filterwp_nav_menu_argsincludes\functions.php:235

filterwp_nav_menu_argsincludes\functions.php:246

actioninitincludes\skins.php:17

actionsave_postincludes\widget.php:31

actiondeleted_postincludes\widget.php:32

actionswitch_themeincludes\widget.php:33

actionwidgets_initincludes\widget.php:219

Maintenance & Trust

Bellows Accordion Menu Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedMay 19, 2025

PHP min version7.4

Downloads119K

Community Trust

Rating100/100

Number of ratings23

Active installs10K

Alternatives

Bellows Accordion Menu Alternatives

WP Widget in Navigation

wp-widget-in-navigation

100

Put your Widget in Navigation easily!

3K No CVEs

Menubar Widgets

menubar-widgets

A standard wordpress plugin that helps you add multiple widgets to navigation menu item.

100 No CVEs

Page Menus Widget

page-menus-widget

100

Menu with Page Assignment Widget

30 No CVEs

Easy Accordion Menu

easy-accordion-menu

100

Плагин Easy Accordion Menu позволяет организовать на вашем сайте простое и элегантное аккордеон меню (раскрывающееся меню).

10 No CVEs

ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor

elementskit-lite

Join millions who empower their websites with ElementsKit Elementor Addons. Get templates, & 100+ widgets like header-footer, mega menu, custom widget

2.0M 21 CVEs

Developer Profile

Bellows Accordion Menu Developer Profile

sevenspark

6 plugins · 126K total installs

trust score

Avg Security Score

89/100

Avg Patch Time

395 days

View full developer profile

Detection Fingerprints

How We Detect Bellows Accordion Menu

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/bellows-accordion-menu/css/bellows-accordion-menu.css/wp-content/plugins/bellows-accordion-menu/css/bellows-tooltip.css/wp-content/plugins/bellows-accordion-menu/js/bellows-accordion-menu.js/wp-content/plugins/bellows-accordion-menu/js/jquery.bxslider.min.js/wp-content/plugins/bellows-accordion-menu/js/isotope.pkgd.min.js/wp-content/plugins/bellows-accordion-menu/js/masonry.pkgd.min.js/wp-content/plugins/bellows-accordion-menu/js/imagesloaded.pkgd.min.js/wp-content/plugins/bellows-accordion-menu/js/waypoints.min.js+1 more

Script Paths

/wp-content/plugins/bellows-accordion-menu/js/jquery.bxslider.min.js/wp-content/plugins/bellows-accordion-menu/js/isotope.pkgd.min.js/wp-content/plugins/bellows-accordion-menu/js/masonry.pkgd.min.js/wp-content/plugins/bellows-accordion-menu/js/imagesloaded.pkgd.min.js/wp-content/plugins/bellows-accordion-menu/js/waypoints.min.js/wp-content/plugins/bellows-accordion-menu/js/bellows-animation.js+1 more

Version Parameters

bellows-accordion-menu/css/bellows-accordion-menu.css?ver=bellows-accordion-menu/css/bellows-tooltip.css?ver=bellows-accordion-menu/js/jquery.bxslider.min.js?ver=bellows-accordion-menu/js/isotope.pkgd.min.js?ver=bellows-accordion-menu/js/masonry.pkgd.min.js?ver=bellows-accordion-menu/js/imagesloaded.pkgd.min.js?ver=bellows-accordion-menu/js/waypoints.min.js?ver=bellows-accordion-menu/js/bellows-animation.js?ver=bellows-accordion-menu/js/bellows-accordion-menu.js?ver=

HTML / DOM Fingerprints

CSS Classes

bellows-containerbellows-accordion-menu-wrapbellows-sectionbellows-titlebellows-contentbellows-tooltip-triggerbellows-tooltipbellows-tooltip-arrow+8 more

HTML Comments

+1 more

Data Attributes

data-bellows-iddata-bellows-animationdata-bellows-speeddata-bellows-pausedata-bellows-easingdata-bellows-controls+4 more

JS Globals

bellowsAccordion

FAQ