Does Menu Image, Icons made easy have any unpatched vulnerabilities?

No. All known vulnerabilities in Menu Image, Icons made easy have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Menu Image, Icons made easy compatible with WordPress 6.7.5?

According to WordPress.org data, Menu Image, Icons made easy 3.13 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

How often is Menu Image, Icons made easy updated?

Menu Image, Icons made easy was last updated on Jul 20, 2025. Frequent updates are generally a positive security signal.

What is Menu Image, Icons made easy's security score?

Menu Image, Icons made easy has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Menu Image, Icons made easy Security & Risk Analysis

wordpress.org/plugins/menu-image

Adds an image or icon in the menu items. You can choose the position of the image (after, before, above, below) or even hide the menu item title.

100K active installs v3.13 PHP + WP 4.4.0+ Updated Jul 20, 2025

iconsimagemenunav-menunavigation

A · Safe

CVEs total2

Unpatched0

Last CVEDec 19, 2023

Plugin page Download

Safety Verdict

Is Menu Image, Icons made easy Safe to Use in 2026?

Generally Safe

Score 99/100

Menu Image, Icons made easy has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Dec 19, 2023Updated 8mo ago

Risk Assessment

The "menu-image" plugin v3.13 presents a mixed security posture. While it demonstrates good practices such as 100% use of prepared statements for SQL queries and a significant percentage of properly escaped output, there are notable areas of concern. The presence of an unprotected AJAX handler significantly increases the attack surface, providing an entry point for unauthenticated malicious actions.

Taint analysis indicates a potential for unsanitized paths, although thankfully no critical or high severity flows were identified in this version. The plugin's vulnerability history is concerning, with two known medium severity Cross-Site Scripting (XSS) vulnerabilities, the last of which was identified relatively recently in December 2023. Although currently unpatched CVEs are zero, this pattern suggests a tendency towards issues that could expose users to XSS attacks if not carefully addressed.

In conclusion, the plugin benefits from secure database interactions and reasonable output sanitization. However, the unprotected AJAX handler and past XSS vulnerabilities represent the most significant risks. Continued vigilance and prompt patching of any newly discovered vulnerabilities are crucial for maintaining a secure environment.

Key Concerns

AJAX handler without authentication
Flows with unsanitized paths
Past medium severity XSS vulnerabilities (2)
Output escaping is only 65% proper

Vulnerabilities

Menu Image, Icons made easy Security Vulnerabilities

CVEs by Year

1 CVE in 2022

2022

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2023-50826medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Menu Image, Icons made easy <= 3.10 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings

Dec 19, 2023 Patched in 3.11 (35d)

CVE-2022-0450medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Menu Image, Icons made easy <= 3.0.7 - Authenticated Cross-Site Scripting

Mar 7, 2022 Patched in 3.0.8 (687d)

Code Analysis

Analyzed Mar 16, 2026

Menu Image, Icons made easy Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

30 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Freemius1.0

Output Escaping

65% escaped46 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths

get_menu_image_item_settings (menu-image.php:78)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Menu Image, Icons made easy Attack Surface

Entry Points5

Unprotected1

AJAX Handlers 5

authwp_ajax_set-menu-item-settingsmenu-image.php:115

authwp_ajax_set-menu-item-thumbnailmenu-image.php:125

authwp_ajax_get_menu_image_item_settingsmenu-image.php:126

authwp_ajax_get_resized_thumbnailmenu-image.php:127

authwp_ajax_dismiss_wp_menu_image_famenu-image.php:201

WordPress Hooks 23

actionadmin_menumenu-image.php:104

actionadmin_initmenu-image.php:106

actionafter_uninstallmenu-image.php:110

actioninitmenu-image.php:114

actionadmin_head-nav-menus.phpmenu-image.php:121

actiontoplevel_page_menu-image-optionsmenu-image.php:122

actionwp_enqueue_scriptsmenu-image.php:123

actionadmin_action_delete-menu-item-imagemenu-image.php:124

actionwp_update_nav_menu_itemmenu-image.php:129

actionadmin_initmenu-image.php:135

actionwp_nav_menu_item_custom_fieldsmenu-image.php:137

filterfile_is_displayable_imagemenu-image.php:144

filterjetpack_photon_override_image_downsizemenu-image.php:150

filterwp_get_attachment_image_attributesmenu-image.php:156

filtermegamenu_nav_menu_link_attributesmenu-image.php:164

filtermegamenu_the_titlemenu-image.php:170

filterwp_setup_nav_menu_itemmenu-image.php:179

filternav_menu_link_attributesmenu-image.php:180

filtermanage_nav-menus_columnsmenu-image.php:186

filternav_menu_item_titlemenu-image.php:187

filterthe_titlemenu-image.php:193

actionadmin_enqueue_scriptsmenu-image.php:209

actionadmin_noticesmenu-image.php:1065

Maintenance & Trust

Menu Image, Icons made easy Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedJul 20, 2025

PHP min version

Downloads2.1M

Community Trust

Rating90/100

Number of ratings123

Active installs100K

Alternatives

Menu Image, Icons made easy Alternatives

Menu Icons by ThemeIsle

menu-icons

Spice up your navigation menus with pretty icons, easily.

100K 2 CVEs

Easy Menu Icons – Awesome Menu Icons

easy-menu-icons

100

The Easy Menu Icons Plugin for WordPress menu icon plugin where can decoration your menu item with different types icon.

600 No CVEs

Material UI Menu Icons – Nifty Menu Options

nifty-menu-options

Adds beautiful icons to your WordPress menu items. More menu item options are coming soon!

200 No CVEs

Bellows Accordion Menu

bellows-accordion-menu

A flexible and robust accordion menu plugin

10K 2 CVEs

Nav Menu Images

nav-menu-images

Display image as a menu item content.

6K No CVEs

Developer Profile

Menu Image, Icons made easy Developer Profile

Rui Guerreiro

4 plugins · 180K total installs

trust score

Avg Security Score

91/100

Avg Patch Time

421 days

View full developer profile

Detection Fingerprints

How We Detect Menu Image, Icons made easy

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/menu-image/css/menu-image.css/wp-content/plugins/menu-image/css/menu-image-admin.css/wp-content/plugins/menu-image/js/menu-image.js/wp-content/plugins/menu-image/js/menu-image-admin.js

Script Paths

/wp-content/plugins/menu-image/js/menu-image.js/wp-content/plugins/menu-image/js/menu-image-admin.js

Version Parameters

menu-image/css/menu-image.css?ver=menu-image/css/menu-image-admin.css?ver=menu-image/js/menu-image.js?ver=menu-image/js/menu-image-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

menu-image-item-settings-contentmenu-image-modal-headermenu-image-close-overlaymenu-image-icon-settingsmenu-image-button-settingsmenu-image-notifications-settings

Data Attributes

data-menu-iddata-menu-item-id

JS Globals

menuImage

REST Endpoints

/wp-json/menu-image/v1/settings

FAQ