WP-Safety

Export Import Menus Security & Risk Analysis

wordpress.org/plugins/export-import-menus

A plugin that lets you export and import your WordPress menus in our own website under Appearance section to Export/Import Menus.

10K active installs v1.9.2 PHP 5.6.31+ WP 4.9.5+ Updated Dec 27, 2024
export-menusexporterimport-menusmenus-backupwordpress-menus
90
A · Safe
CVEs total2
Unpatched0
Last CVEJan 6, 2025
Plugin page Download
Safety Verdict

Is Export Import Menus Safe to Use in 2026?

Generally Safe

Score 90/100

Export Import Menus has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Jan 6, 2025Updated 1yr ago
Risk Assessment

The 'export-import-menus' plugin version 1.9.2 presents a mixed security posture. On the positive side, it exhibits good practices in several areas, including the complete absence of direct SQL injection vulnerabilities due to 100% prepared statement usage and a limited attack surface with only one AJAX handler, which appears to be protected by authorization checks. The presence of nonces and capability checks also contributes to a stronger defense. However, significant concerns arise from the use of the `unserialize` function, which is a known risk for object injection vulnerabilities if the serialized data is not strictly controlled. While the static analysis did not directly flag critical or high severity taint flows, the presence of `unserialize` inherently introduces a risk that could be exploited if untrusted data reaches it. The vulnerability history reveals a pattern of past issues, including missing authorization and unrestricted file uploads, with a recent medium severity vulnerability. This history suggests a need for ongoing vigilance and thorough code reviews to prevent recurring types of vulnerabilities. Although there are no currently unpatched CVEs, the past issues, combined with the presence of `unserialize`, indicate that the plugin is not without its risks.

Key Concerns

  • Use of unserialize function
  • Output escaping only 45% proper
  • History of medium/high severity CVEs
  • History of common vulnerability types
Vulnerabilities
2

Export Import Menus Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

High
1
Medium
1

2 total CVEs

CVE-2024-10866medium · 5.3Missing Authorization

Export Import Menus <= 1.9.1 - Missing Authorization to Unauthenticated Menu Export

Jan 6, 2025 Patched in 1.9.2 (1d)
CVE-2023-34385high · 8.8Unrestricted Upload of File with Dangerous Type

Export Import Menus <= 1.8.0 - Authenticated (Subscriber+) Arbitrary File Upload

Sep 4, 2023 Patched in 1.9.0 (141d)
Code Analysis
Analyzed Mar 16, 2026

Export Import Menus Code Analysis

Dangerous Functions
3
Raw SQL Queries
0
0 prepared
Unescaped Output
6
5 escaped
Nonce Checks
2
Capability Checks
5
File Operations
4
External Requests
1
Bundled Libraries
0

Dangerous Functions Found

unserializeif(is_serialized($val[0]) && !empty(unserialize($val[0])))models\DspExportImportModel.php:243
unserialize$temp = unserialize($val[0]);models\DspExportImportModel.php:245
unserializeupdate_post_meta( $post_id, '_ubermenu_settings', unserialize($val[0]));models\DspExportImportModel.php:288

Output Escaping

45% escaped11 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
dspDownloadJson (main.php:161)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Export Import Menus Attack Surface

Entry Points1
Unprotected0

AJAX Handlers 1

authwp_ajax_dspImportMenusmain.php:124
WordPress Hooks 8
actioninitmain.php:58
actionadmin_menumain.php:62
actionadmin_enqueue_scriptsmain.php:63
actionadmin_enqueue_scriptsmain.php:64
actionadmin_noticesmain.php:65
filterupload_mimesmodels\DspExportImportModel.php:150
filterupload_dirmodels\DspExportImportModel.php:151
filtermap_meta_capmodels\DspExportImportModel.php:152
Maintenance & Trust

Export Import Menus Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedDec 27, 2024
PHP min version5.6.31
Downloads181K

Community Trust

Rating72/100
Number of ratings53
Active installs10K
Alternatives

Export Import Menus Alternatives

WPS Menu Exporter

WPS Menu Exporter

wps-menu-exporter

A
100

WPS Menu Exporter lets you export only your WordPress menus via the WordPress Export page.

10K No CVEs
Export WordPress Menus

Export WordPress Menus

wp-export-menus

A
85

Export WordPress Menus plugin allows you to export your WordPress Menus. You can also export menus month wise. A filter is provided to export menus fo &hellip;

1K No CVEs
One Menu Export Import

One Menu Export Import

one-menu-export-import

A
100

Easily export and import your WordPress menus with a modern, user-friendly interface. Perfect for backups, migrations, or cloning menus between sites.

10 No CVEs
Widget Importer & Exporter

Widget Importer & Exporter

widget-importer-exporter

A
100

Import and export your widgets.

200K No CVEs
Import and export users and customers

Import and export users and customers

import-users-from-csv-with-meta

A
93

Import and export users and customers including user meta, roles, and other. Compatible with many plugins. Do it from the front end or using cron.

80K 20 CVEs
Developer Profile

Export Import Menus Developer Profile

Akshay Menariya

1 plugin · 10K total installs

81
trust score
Avg Security Score
90/100
Avg Patch Time
71 days
View full developer profile
Detection Fingerprints

How We Detect Export Import Menus

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/export-import-menus/assets/DspExportImportCss.css/wp-content/plugins/export-import-menus/assets/DspExportImportScript.js
Script Paths
/wp-content/plugins/export-import-menus/assets/DspExportImportScript.js

HTML / DOM Fingerprints

CSS Classes
dsp-export-import-menus
JS Globals
dspexportmenus
FAQ

Frequently Asked Questions about Export Import Menus