Does Hide Admin Menu have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Hide Admin Menu compatible with WordPress 6.8.5?

According to WordPress.org data, Hide Admin Menu 1.1.2 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is Hide Admin Menu updated?

Hide Admin Menu was last updated on May 20, 2025. Frequent updates are generally a positive security signal.

What is Hide Admin Menu's security score?

Hide Admin Menu has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Hide Admin Menu Security & Risk Analysis

wordpress.org/plugins/hide-admin-menu

Using this plugin, we can hide the admin menu easily.

20K active installs v1.1.2 PHP + WP 4.6+ Updated May 20, 2025

admin-menu-hideadmin-menu-pluginadmin-menu-showmenu-hideuser-role

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Hide Admin Menu Safe to Use in 2026?

Generally Safe

Score 100/100

Hide Admin Menu has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 12mo ago

Risk Assessment

The 'hide-admin-menu' plugin version 1.1.2 demonstrates a generally strong security posture based on the provided static analysis. The absence of any identified dangerous functions, SQL injection vulnerabilities through prepared statements, file operations, or external HTTP requests is commendable. Furthermore, the plugin includes a nonce check and a capability check, indicating an effort to implement basic security controls. The taint analysis revealing no unsanitized paths is also a positive sign.

However, a significant concern arises from the output escaping. With 30 total outputs and only 73% properly escaped, there's a potential for Cross-Site Scripting (XSS) vulnerabilities in the remaining 27% of outputs. This is the primary area where the plugin falls short of best practices, as unsanitized output can lead to malicious code execution in the user's browser.

The plugin's vulnerability history is clean, with no known CVEs, which is a strong indicator of its current safety. This, combined with the lack of a large attack surface, suggests that if the output escaping issue were addressed, this plugin would represent a very secure option. Overall, while the plugin is built on a solid foundation with no critical code-level flaws detected, the incomplete output escaping presents a tangible risk that requires attention.

Key Concerns

Unescaped output exists

Vulnerabilities

None known

Hide Admin Menu Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Hide Admin Menu Release Timeline

v1.1.2Current

v1.1.1

v1.1.0

v1.0.9

v1.0.8

v1.0.7

v1.0.6

v1.0.5

v1.0.4

v1.0.3

v1.0.2

v1.0.1

v1.0.0

Code Analysis

Analyzed Mar 16, 2026

Hide Admin Menu Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

22 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

73% escaped30 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

2 flows

bhm_get_menu_list (menu-list.php:17)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Hide Admin Menu Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 5

actionadmin_menuinit.php:42

actionadmin_enqueue_scriptsmenu-list.php:4

actionadmin_menumenu-list.php:457

actionadmin_bar_menumenu-list.php:490

filteradmin_footer_textmenu-list.php:507

Maintenance & Trust

Hide Admin Menu Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedMay 20, 2025

PHP min version

Downloads125K

Community Trust

Rating98/100

Number of ratings13

Active installs20K

Alternatives

Hide Admin Menu Alternatives

Advanced Access Manager – Access Governance for WordPress

advanced-access-manager

Access Governance for WordPress. Control roles, users, content, admin areas, and APIs to prevent broken access controls and excessive privileges.

100K 11 CVEs

PublishPress Capabilities – User Role Editor, Access Permissions, User Capabilities, Admin Menus

capability-manager-enhanced

PublishPress Capabilities is the access control plugin. You can manage user capabilities, permissions, user roles, admin menus and more.

100K 5 CVEs

Hide Admin Bar Based on User Roles

hide-admin-bar-based-on-user-roles

100

Hide the WordPress Admin Bar for specific user roles, capabilities, devices, pages, or time windows. The ultimate toolbar control plugin for membershi …

20K 1 CVE

User Roles and Capabilities

user-roles-and-capabilities

Manage user roles and Capabilities, create new roles and change default role.

8K 1 unpatched

Product Visibility by User Role for WooCommerce

product-visibility-by-user-role-for-woocommerce

100

Display WooCommerce products by customer's user role.

7K No CVEs

Developer Profile

Hide Admin Menu Developer Profile

Bhavin Thummar

1 plugin · 20K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Hide Admin Menu

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/hide-admin-menu/css/style-admin.css

Version Parameters

hide-admin-menu/css/style-admin.css?ver=1.0.2

HTML / DOM Fingerprints

CSS Classes

containercol-md-6

HTML Comments

soi_output_bufferadd_action('init', 'app_output_buffer')check administrator access requiredcheck wpnonce+20 more

Data Attributes

name="save"name="menu_list"name="sub_menu_list"name="top_menu_list"name="default"name="page"

JS Globals

wp_sessionwp_rolesall_side_menusall_side_sub_menusall_top_menus

FAQ