Does ImageMenu have any unpatched vulnerabilities?

No. All known vulnerabilities in ImageMenu have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is ImageMenu compatible with WordPress 6.7.5?

According to WordPress.org data, ImageMenu 0.4 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is ImageMenu compatible with PHP 7.4+?

ImageMenu requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is ImageMenu updated?

ImageMenu was last updated on Feb 6, 2026. Frequent updates are generally a positive security signal.

What is ImageMenu's security score?

ImageMenu has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

ImageMenu Security & Risk Analysis

wordpress.org/plugins/imagemenu

Create a menu using the featured image of a page.

10 active installs v0.4 PHP 7.4+ WP 5.0+ Updated Feb 6, 2026

imagemenu

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is ImageMenu Safe to Use in 2026?

Generally Safe

Score 100/100

ImageMenu has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The "imagemenu" v0.4 plugin exhibits a generally positive security posture based on the static analysis. The absence of dangerous functions, SQL injection vulnerabilities, file operations, and external HTTP requests are strong indicators of good coding practices. The presence of prepared statements for all SQL queries and a high percentage of properly escaped output further bolster this assessment. The plugin also has no recorded history of vulnerabilities, which is an encouraging sign for its stability and security.

However, there are areas for concern. The lack of nonce checks and capability checks on the identified entry points (shortcodes) presents a potential weakness. While the static analysis did not reveal any specific taint flows or unescaped output that would be immediately exploitable through these shortcodes, the absence of these fundamental security measures means that malicious actors could potentially craft requests that interfere with or exploit the shortcode functionality if input validation is not robustly handled within the shortcode's execution. The total number of entry points is low, which is good, but the lack of authentication or authorization on these few points is a notable oversight.

In conclusion, "imagemenu" v0.4 has a solid foundation in terms of preventing common web vulnerabilities. Its strength lies in its clean code regarding database interactions and output handling. The primary weakness lies in the absence of authentication and authorization checks on its shortcode entry points, which, while not leading to a direct vulnerability in this analysis, creates an unnecessary attack surface that could be exploited in conjunction with other potential weaknesses not immediately apparent from static analysis alone. Further review of the shortcode implementation for input sanitization would be recommended.

Key Concerns

Missing nonce checks on entry points
Missing capability checks on entry points

Vulnerabilities

None known

ImageMenu Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

ImageMenu Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

14 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

88% escaped16 total outputs

Attack Surface

ImageMenu Attack Surface

Entry Points2

Unprotected0

Shortcodes 2

[imagemenu] ImageMenu.php:49

[im] ImageMenu.php:50

WordPress Hooks 5

actioninitblocks\imagemenu-block.php:105

filterblock_categories_allblocks\imagemenu-block.php:152

actionwp_enqueue_scriptsImageMenu.php:71

actionadmin_menuoptions.php:58

actionadmin_initoptions.php:62

Maintenance & Trust

ImageMenu Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedFeb 6, 2026

PHP min version7.4

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

ImageMenu Alternatives

Menu Image, Icons made easy

menu-image

Adds an image or icon in the menu items. You can choose the position of the image (after, before, above, below) or even hide the menu item title.

100K 2 CVEs

Bellows Accordion Menu

bellows-accordion-menu

A flexible and robust accordion menu plugin

10K 2 CVEs

Nav Menu Images

nav-menu-images

Display image as a menu item content.

6K No CVEs

WP Menu Image

wp-menu-image

Empower your WordPress menus with images. Easily add, position, and customize images for a unique menu experience.

2K 1 CVE

Iconic Navigation

iconic-navigation

Adds image/font responsive icons to menu items via upload or Media Library or over 1400 of Font Icons choice. Custom options for each location.

100 No CVEs

Developer Profile

ImageMenu Developer Profile

timhodson

2 plugins · 910 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

981 days

View full developer profile

Detection Fingerprints

How We Detect ImageMenu

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/imagemenu/css/imagemenu.css/wp-content/plugins/imagemenu/js/imagemenu.js

Script Paths

/wp-content/plugins/imagemenu/js/imagemenu.js

Version Parameters

imagemenu/css/imagemenu.css?ver=imagemenu/js/imagemenu.js?ver=

HTML / DOM Fingerprints

CSS Classes

imagemenuimagemenu-titleimagemenu-title-

HTML Comments

Data Attributes

id="imagemenu-class="imagemenu-title imagemenu-title-

Shortcode Output

<div id="imagemenu" class="imagemenu<li id="imagemenu-<span class="imagemenu-title imagemenu-title-</ul></div>

FAQ