Does CMS Navigation have any unpatched vulnerabilities?

No. All known vulnerabilities in CMS Navigation have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is CMS Navigation compatible with WordPress 2.7?

According to WordPress.org data, CMS Navigation 1.4.2 has been tested up to WordPress 2.7. Check the plugin's changelog for the latest compatibility information.

How often is CMS Navigation updated?

CMS Navigation was last updated on Dec 3, 2011. Frequent updates are generally a positive security signal.

What is CMS Navigation's security score?

CMS Navigation has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

CMS Navigation Security & Risk Analysis

wordpress.org/plugins/cms-navigation

Out-of-the-box support for full CMS navigation in your WordPress site including drop down menus, breadcrumbs trail and sidebar navigation.

20 active installs v1.4.2 PHP + WP 2.3+ Updated Dec 3, 2011

cmsdropdownmenumenusnavigation

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is CMS Navigation Safe to Use in 2026?

Generally Safe

Score 85/100

CMS Navigation has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 14yr ago

Risk Assessment

The "cms-navigation" plugin v1.4.2 presents a mixed security posture. While the attack surface appears to be zero and there are no recorded vulnerabilities (CVEs), the static analysis reveals significant concerns regarding data handling. Specifically, 100% of SQL queries are not using prepared statements, indicating a high risk of SQL injection vulnerabilities. Furthermore, a very low percentage of output is properly escaped, suggesting potential cross-site scripting (XSS) issues. The taint analysis, though limited, identified two flows with unsanitized paths, which could lead to further vulnerabilities if not addressed. The complete absence of capability checks and nonce checks on potential entry points (even though reported as zero) combined with raw SQL and unescaped output creates a worrying combination of weaknesses. In conclusion, while the lack of historical vulnerabilities is a positive sign, the static analysis highlights critical areas for immediate improvement to secure this plugin.

Key Concerns

100% of SQL queries lack prepared statements
Only 5% of outputs are properly escaped
2 taint flows with unsanitized paths
0 Nonce checks found
0 Capability checks found

Vulnerabilities

None known

CMS Navigation Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

CMS Navigation Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared7 total queries

Output Escaping

5% escaped42 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

cms_navigation_breadcrumb_has_migrated (CMS-Navigation.php:35)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

CMS Navigation Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 6

actionadmin_noticesCMS-Navigation.php:34

actionsave_postCMS-Navigation.php:294

actionadmin_headCMS-Navigation.php:324

actionadmin_headCMS-Navigation.php:361

actioninitCMS-Navigation.php:404

actionwp_headCMS-Navigation.php:408

Maintenance & Trust

CMS Navigation Maintenance & Trust

Maintenance Signals

WordPress version tested2.7

Last updatedDec 3, 2011

PHP min version

Downloads27K

Community Trust

Rating0/100

Number of ratings0

Active installs20

Alternatives

CMS Navigation Alternatives

Dropdown Menus

dropdown-menus

Display your WordPress menus as a dropdown select box. Great for mobile designs.

300 No CVEs

Accessible Dropdown Menus

accessible-dropdown-menus

Makes dropdown menus in many WordPress themes keyboard accessible.

200 No CVEs

Amathia: Accessible Dropdown Menus

amathia

100

Amathia makes dropdown menus accessible. It adds a button to each dropdown menu, which can be easily clicked to open the submenu.

30 No CVEs

Navigation menu as Dropdown Widget

navigation-menu-as-dropdown-widget

WordPress plugin which provides a widget with a clickable dropdown of a WordPress navigation menu. It supports one level of parent-child menu's.

3K 1 CVE

Ollie Menu Designer

ollie-menu-designer

100

Create custom dropdown & mobile menus using WordPress blocks. Design rich, responsive navigation with any block content in the block editor.

2K No CVEs

Developer Profile

CMS Navigation Developer Profile

Amir Helzer

9 plugins · 108K total installs

trust score

Avg Security Score

91/100

Avg Patch Time

53 days

View full developer profile

Detection Fingerprints

How We Detect CMS Navigation

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/cms-navigation/css/cms-navigation.css/wp-content/plugins/cms-navigation/js/cms-navigation.js

Script Paths

/wp-content/plugins/cms-navigation/js/cms-navigation.js

Version Parameters

cms-navigation/style.css?ver=cms-navigation/script.js?ver=

HTML / DOM Fingerprints

CSS Classes

cms-nav-top-menuselectedtrigger

HTML Comments

Data Attributes

data-cms-navigation-id

JS Globals

cms_nav_ie_ver

FAQ