Does Import Export Menu have any unpatched vulnerabilities?

No. All known vulnerabilities in Import Export Menu have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Import Export Menu compatible with WordPress 6.7.5?

According to WordPress.org data, Import Export Menu 2.0.3 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is Import Export Menu compatible with PHP 7.4+?

Import Export Menu requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Import Export Menu updated?

Import Export Menu was last updated on Apr 19, 2025. Frequent updates are generally a positive security signal.

What is Import Export Menu's security score?

Import Export Menu has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Import Export Menu Security & Risk Analysis

wordpress.org/plugins/import-export-menu

This plugin allows you to export and import menus in WordPress, making it easier to manage and migrate menu structures between sites.

1K active installs v2.0.3 PHP 7.4+ WP 6.0+ Updated Apr 19, 2025

exportimportmenumenusnavigation

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Import Export Menu Safe to Use in 2026?

Generally Safe

Score 100/100

Import Export Menu has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11mo ago

Risk Assessment

This plugin exhibits a mixed security posture. On the positive side, it demonstrates strong practices regarding SQL queries, utilizing prepared statements exclusively, and all identified output is properly escaped. Furthermore, there are no known vulnerabilities or CVEs associated with this plugin, suggesting a history of stability and security. The absence of critical or high-severity taint flows is also a positive indicator.

However, significant concerns arise from the attack surface analysis. The plugin exposes four AJAX handlers, and alarmingly, all of them lack authentication checks. This creates a substantial risk of unauthorized access and execution of plugin functionalities. While there are no direct indications of critical code flaws in the static analysis or taint flows, the unprotected entry points are a major vulnerability. The plugin's reliance on nonce checks is present but insufficient given the lack of capability checks on AJAX handlers.

In conclusion, while the plugin's internal code hygiene is commendable regarding SQL and output handling, the complete absence of authentication on its AJAX endpoints presents a critical security flaw. This oversight dramatically increases the risk of exploitation, overshadowing the otherwise good coding practices. Remediation of these unprotected AJAX handlers should be the highest priority.

Key Concerns

AJAX handlers without authentication
No capability checks on AJAX handlers

Vulnerabilities

None known

Import Export Menu Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Import Export Menu Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

23 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped23 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

handle_get_import (admin\class-import-export-menu-admin.php:460)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

Import Export Menu Attack Surface

Entry Points4

Unprotected4

AJAX Handlers 4

authwp_ajax_action-get-exportincludes\class-import-export-menu.php:164

noprivwp_ajax_action-get-exportincludes\class-import-export-menu.php:165

authwp_ajax_action-get-importincludes\class-import-export-menu.php:168

noprivwp_ajax_action-get-importincludes\class-import-export-menu.php:169

WordPress Hooks 6

actionplugins_loadedincludes\class-import-export-menu.php:139

actionadmin_enqueue_scriptsincludes\class-import-export-menu.php:153

actionadmin_enqueue_scriptsincludes\class-import-export-menu.php:154

actionadmin_menuincludes\class-import-export-menu.php:155

filterupload_mimesincludes\class-import-export-menu.php:158

actionadmin_initincludes\class-import-export-menu.php:161

Maintenance & Trust

Import Export Menu Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedApr 19, 2025

PHP min version7.4

Downloads14K

Community Trust

Rating80/100

Number of ratings6

Active installs1K

Alternatives

Import Export Menu Alternatives

MenuPilot – Preview-First Menu Import & Export

menupilot

100

Safely import and export WordPress navigation menus with a preview-first workflow. Review and map menus before importing.

10 No CVEs

Export Import Menus

export-import-menus

A plugin that lets you export and import your WordPress menus in our own website under Appearance section to Export/Import Menus.

10K 2 CVEs

Menu Export Import

menu-export-import

Easily export and import WordPress navigation menus between sites. A quick and reliable solution for duplicating or transferring menu structures.

100 No CVEs

One Menu Export Import

one-menu-export-import

100

Easily export and import your WordPress menus with a modern, user-friendly interface. Perfect for backups, migrations, or cloning menus between sites.

10 No CVEs

WPS Menu Exporter

wps-menu-exporter

100

WPS Menu Exporter lets you export only your WordPress menus via the WordPress Export page.

10K No CVEs

Developer Profile

Import Export Menu Developer Profile

yukyhendiawan

4 plugins · 1K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Import Export Menu

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/import-export-menu/assets/css/import-export-menu-admin.min.css/wp-content/plugins/import-export-menu/assets/js/sweetalert.min.js/wp-content/plugins/import-export-menu/assets/js/import-export-menu-admin.js/wp-content/plugins/import-export-menu/assets/js/admin-menu.min.js

Script Paths

/wp-content/plugins/import-export-menu/assets/js/sweetalert.min.js/wp-content/plugins/import-export-menu/assets/js/import-export-menu-admin.js/wp-content/plugins/import-export-menu/assets/js/admin-menu.min.js

Version Parameters

import-export-menu/assets/css/import-export-menu-admin.min.css?ver=import-export-menu/assets/js/sweetalert.min.js?ver=import-export-menu/assets/js/import-export-menu-admin.js?ver=import-export-menu/assets/js/admin-menu.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

import-export-menu-wrapimport-export-menu-containerimport-export-menu-contentimport-export-menu-headerimport-export-menu-bodyimport-export-menu-footerimport-export-menu-export-formimport-export-menu-import-form

HTML Comments

Data Attributes

data-plugin-name="import-export-menu"data-plugin-version="2.0.3"

JS Globals

ajaxObject

FAQ