Does If Menu – Visibility control for Menus have any unpatched vulnerabilities?

No. All known vulnerabilities in If Menu – Visibility control for Menus have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is If Menu – Visibility control for Menus compatible with WordPress 6.7.5?

According to WordPress.org data, If Menu – Visibility control for Menus 0.19.2 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is If Menu – Visibility control for Menus compatible with PHP 6.0+?

If Menu – Visibility control for Menus requires PHP 6.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is If Menu – Visibility control for Menus updated?

If Menu – Visibility control for Menus was last updated on Dec 5, 2024. Frequent updates are generally a positive security signal.

What is If Menu – Visibility control for Menus's security score?

If Menu – Visibility control for Menus has a WP-Safety security score of 91/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

If Menu – Visibility control for Menus Security & Risk Analysis

wordpress.org/plugins/if-menu

Display tailored menu items to each visitor with visibility rules

60K active installs v0.19.2 PHP 6.0+ WP + Updated Dec 5, 2024

hidemenurolesrulesvisibility

A · Safe

CVEs total2

Unpatched0

Last CVEDec 6, 2024

Plugin page Download

Safety Verdict

Is If Menu – Visibility control for Menus Safe to Use in 2026?

Generally Safe

Score 91/100

If Menu – Visibility control for Menus has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Dec 6, 2024Updated 1yr ago

Risk Assessment

The "if-menu" plugin version 0.19.2 exhibits a mixed security posture. While it demonstrates good practices in areas like SQL query handling and a lack of dangerous functions, significant concerns arise from its attack surface and output sanitization. The presence of a single unprotected REST API route is a critical vulnerability, directly exposing functionality to unauthenticated users. This is further exacerbated by the taint analysis revealing unsanitized paths, indicating a potential for attackers to manipulate data flow within the plugin. The plugin's vulnerability history, though currently showing no unpatched issues, reveals past medium-severity vulnerabilities, with a common theme of missing authorization. This pattern suggests recurring authorization flaws. Overall, the plugin has strengths in its internal code handling but suffers from critical external exposure points and ongoing challenges with proper authorization and sanitization. The unprotected REST API is the most pressing issue that requires immediate attention.

Key Concerns

Unprotected REST API route
Flows with unsanitized paths (Taint Analysis)
Output escaping is not fully proper (69%)
Past medium vulnerabilities (Missing Authorization)

Vulnerabilities

If Menu – Visibility control for Menus Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2024-7894medium · 5.3Missing Authorization

If Menu <= 0.19.1 - Missing Authorization to License Key Update

Dec 6, 2024 Patched in 0.19.2 (1d)

CVE-2022-41698medium · 5.3Missing Authorization

If Menu <= 0.16.3 - Missing Authorization to Admin Settings Modification

Mar 22, 2023 Patched in 0.17 (307d)

Code Analysis

Analyzed Mar 16, 2026

If Menu – Visibility control for Menus Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

200 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

Output Escaping

69% escaped288 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

6 flows4 with unsanitized paths

start_el (src\if-menu-nav-menu-4.5.php:26)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

If Menu – Visibility control for Menus Attack Surface

Entry Points1

Unprotected1

REST API Routes 1

GET/wp-json/if-menu/v1/did-you-made-this-requestif-menu.php:357

WordPress Hooks 22

actionrest_api_initif-menu.php:23

actionadmin_enqueue_scriptsif-menu.php:26

actionwp_update_nav_menu_itemif-menu.php:27

filterwp_edit_nav_menu_walkerif-menu.php:31

actionwp_nav_menu_item_custom_fieldsif-menu.php:34

actionwp_nav_menu_item_custom_titleif-menu.php:35

actionadmin_footerif-menu.php:36

filterwp_get_nav_menu_itemsif-menu.php:39

filterwp_get_nav_menu_itemsif-menu.php:42

actionwp_enqueue_scriptsif-menu.php:43

actionadmin_noticesif-menu.php:387

actionplugins_loadedif-menu.php:396

actionplugins_loadedif-menu.php:397

actionadmin_initsrc\Admin.php:11

actionadmin_menusrc\Admin.php:12

actionadmin_enqueue_scriptssrc\Admin.php:13

filterif_menu_conditionssrc\conditions-basic.php:3

filterif_menu_conditionssrc\conditions-multiple-options.php:3

filteruser_ipsrc\user-info.php:12

filteruser_country_codesrc\user-info.php:40

filteruser_country_codesrc\user-info.php:41

filteruser_country_codesrc\user-info.php:42

Maintenance & Trust

If Menu – Visibility control for Menus Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedDec 5, 2024

PHP min version6.0

Downloads1.1M

Community Trust

Rating82/100

Number of ratings130

Active installs60K

Alternatives

If Menu – Visibility control for Menus Alternatives

If Widget – Visibility control for Widgets

if-widget

Control what widgets your site’s visitors see, with custom visibility rules

1K No CVEs

Different Menu in Different Pages – Conditional Menu

different-menus-in-different-pages

Easily assign different menus to pages, posts, user roles, devices, and custom URLs using advanced conditional menu visibility rules.

4K 1 CVE

Menu By User Roles

menu-by-user-roles

100

Menu By User Roles allows you to control the visibility of menu items based on user roles.

1K No CVEs

Menu Visibility Control

menu-visibility-control

100

Control WordPress menu item visibility based on login status, user roles, device type, or specific pages — lightweight and theme-agnostic.

200 No CVEs

Hide Menu Items by Role

hide-menu-items-by-role

A simple WordPress plugin to hide menu items based on user roles.

70 No CVEs

Developer Profile

If Menu – Visibility control for Menus Developer Profile

Andrei

3 plugins · 61K total installs

trust score

Avg Security Score

89/100

Avg Patch Time

154 days

View full developer profile

Detection Fingerprints

How We Detect If Menu – Visibility control for Menus

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/if-menu/assets/if-menu-site.css/wp-content/plugins/if-menu/assets/select2.min.css/wp-content/plugins/if-menu/assets/if-menu.css/wp-content/plugins/if-menu/assets/select2.min.js/wp-content/plugins/if-menu/assets/if-menu.js

Script Paths

/wp-content/plugins/if-menu/assets/if-menu.js

Version Parameters

if-menu.css?ver=if-menu.js?ver=select2.min.css?ver=select2.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

if-menu-peekif-menu-enableif-menu-conditionsif-menu-dialog-premiumif-menu-dialog-btn

Data Attributes

data-tooltipdata-action

JS Globals

IfMenu

FAQ