WP-Safety

Iconic Navigation Security & Risk Analysis

wordpress.org/plugins/iconic-navigation

Adds image/font responsive icons to menu items via upload or Media Library or over 1400 of Font Icons choice. Custom options for each location.

100 active installs v1.1.6 PHP + WP 3.5+ Updated Oct 6, 2015
flat-iconiconmenumenu-image-uploadnavigation
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Iconic Navigation Safe to Use in 2026?

Generally Safe

Score 85/100

Iconic Navigation has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago
Risk Assessment

The iconic-navigation plugin v1.1.6 exhibits a mixed security posture. On the positive side, there are no recorded vulnerabilities in its history, and the static analysis shows a zero attack surface concerning AJAX, REST API, shortcodes, and cron events. Furthermore, there are no detected dangerous functions, file operations, external HTTP requests, or bundled libraries that could introduce known risks. This suggests a cautious approach to directly exposed functionalities and third-party code. However, significant concerns arise from the code analysis. A single SQL query is present and is not using prepared statements, posing a direct SQL injection risk. The output escaping is also weak, with only 35% of outputs properly escaped, leaving the plugin vulnerable to cross-site scripting (XSS) attacks. The taint analysis revealing two flows with unsanitized paths further supports these concerns, indicating potential for data manipulation or injection if these paths are reachable. The absence of nonce and capability checks on potential entry points, while the attack surface is reported as zero, warrants further investigation if any undocumented entry points exist.

Key Concerns

  • Raw SQL query without prepared statements
  • Low percentage of properly escaped output
  • Taint flows with unsanitized paths
  • Missing nonce checks
  • Missing capability checks
Vulnerabilities
None known

Iconic Navigation Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Iconic Navigation Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
0 prepared
Unescaped Output
79
43 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

0% prepared1 total queries

Output Escaping

35% escaped122 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
start_el (iconavs_menu_fun.php:88)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Iconic Navigation Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 14
actioninitclasses\cadreu_plugin.php:24
actioninitclasses\cadreu_plugin.php:26
filterplugin_action_linksclasses\cadreu_plugin.php:28
actionwp_enqueue_scriptsclasses\cadreu_plugin.php:29
actionadmin_enqueue_scriptsclasses\cadreu_plugin.php:30
actionadmin_menuclasses\cadreu_plugin_options.php:19
actionadmin_initclasses\cadreu_plugin_options.php:20
actionwp_headclasses\cadreu_plugin_options.php:21
filterwp_nav_menu_argsiconavs_menu_fun.php:15
filterwalker_nav_menu_start_eliconavs_menu_fun.php:82
filterwp_edit_nav_menu_walkericonavs_menu_fun.php:353
filterwp_setup_nav_menu_itemiconavs_menu_fun.php:361
actionwp_update_nav_menu_itemiconavs_menu_fun.php:376
actionplugins_loadediconic-navigation.php:20
Maintenance & Trust

Iconic Navigation Maintenance & Trust

Maintenance Signals

WordPress version tested4.3.34
Last updatedOct 6, 2015
PHP min version
Downloads20K

Community Trust

Rating70/100
Number of ratings4
Active installs100
Alternatives

Iconic Navigation Alternatives

Menu Icons by ThemeIsle

Menu Icons by ThemeIsle

menu-icons

A
98

Spice up your navigation menus with pretty icons, easily.

100K 2 CVEs
Menu Image, Icons made easy

Menu Image, Icons made easy

menu-image

A
99

Adds an image or icon in the menu items. You can choose the position of the image (after, before, above, below) or even hide the menu item title.

100K 2 CVEs
Easy Menu Icons – Awesome Menu Icons

Easy Menu Icons – Awesome Menu Icons

easy-menu-icons

A
100

The Easy Menu Icons Plugin for WordPress menu icon plugin where can decoration your menu item with different types icon.

600 No CVEs
The Menu: Custom mobile navigation with icons

The Menu: Custom mobile navigation with icons

the-menu

A
100

Create beautiful mobile navigation menus with custom icons, role-based visibility, and extensive style options for your WordPress site.

400 No CVEs
Material UI Menu Icons – Nifty Menu Options

Material UI Menu Icons – Nifty Menu Options

nifty-menu-options

A
85

Adds beautiful icons to your WordPress menu items. More menu item options are coming soon!

200 No CVEs
Developer Profile

Iconic Navigation Developer Profile

indybook

1 plugin · 100 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Iconic Navigation

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/iconic-navigation/css/screen.css/wp-content/plugins/iconic-navigation/css/binary-icon-font.css/wp-content/plugins/iconic-navigation/js/lte-ie7.js/wp-content/plugins/iconic-navigation/js/respond.min.js/wp-content/plugins/iconic-navigation/css/img/cadrosSite.png
Script Paths
/wp-content/plugins/iconic-navigation/js/lte-ie7.js/wp-content/plugins/iconic-navigation/js/respond.min.js/wp-content/plugins/iconic-navigation/js/admin_myscripts.js

HTML / DOM Fingerprints

CSS Classes
cadreu_linkcadreu_creditscadro_logosetting_page_titlecadreu_pluginFormbuttbutton-primary
Data Attributes
data-cadreu-plugin-name
JS Globals
window.cadreuHelp
FAQ

Frequently Asked Questions about Iconic Navigation