Does Menu In Post have any unpatched vulnerabilities?

Yes — Menu In Post currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Menu In Post compatible with WordPress 6.9.4?

According to WordPress.org data, Menu In Post 1.4.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Menu In Post compatible with PHP 7.4+?

Menu In Post requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Menu In Post updated?

Menu In Post was last updated on Jan 17, 2026. Frequent updates are generally a positive security signal.

What is Menu In Post's security score?

Menu In Post has a WP-Safety security score of 78/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Menu In Post Security & Risk Analysis

wordpress.org/plugins/menu-in-post

A simple but flexible plugin to allow the use of menus in posts and pages.

2K active installs v1.4.1 PHP 7.4+ WP 5.0+ Updated Jan 17, 2026

display-menumenumenu-in-pagemenu-in-postshortcode

B · Generally Safe

CVEs total1

Unpatched1

Last CVEDec 30, 2025

Download

Safety Verdict

Is Menu In Post Safe to Use in 2026?

Mostly Safe

Score 78/100

Menu In Post is generally safe to use. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Dec 30, 2025Updated 2mo ago

Risk Assessment

The 'menu-in-post' plugin v1.4.1 exhibits a generally strong security posture in its static analysis, with excellent adherence to best practices like prepared SQL statements and proper output escaping. The absence of dangerous functions, file operations, and external HTTP requests is also a positive indicator. Furthermore, the presence of nonce and capability checks on its entry points suggests a good understanding of WordPress security fundamentals.

However, the plugin's vulnerability history is a significant concern. It has a known medium severity CVE which is currently unpatched, indicating a potential for exploitation. The fact that the last reported vulnerability was in the future (2025-12-30) is highly unusual and likely an error in the provided data; regardless, the existence of an unpatched vulnerability is a direct risk.

In conclusion, while the code itself appears to be written with security in mind, the presence of an unpatched vulnerability overshadows these strengths. Users should exercise extreme caution and prioritize patching this vulnerability to mitigate the identified risk.

Key Concerns

Unpatched CVE (medium severity)

Vulnerabilities

Menu In Post Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2026-22349medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Menu In Post <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 30, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

Menu In Post Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

129 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped129 total outputs

Attack Surface

Menu In Post Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[menu_in_post_menu] menu-in-post.php:70

WordPress Hooks 5

actionadmin_initadmin\admin.php:104

actionadmin_menuadmin\admin.php:333

actionadmin_enqueue_scriptsadmin\admin.php:838

actioninitadmin\admin.php:866

actionwp_enqueue_scriptsmenu-in-post.php:163

Maintenance & Trust

Menu In Post Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 17, 2026

PHP min version7.4

Downloads42K

Community Trust

Rating100/100

Number of ratings8

Active installs2K

Alternatives

Menu In Post Alternatives

Shortcode in Menus

shortcode-in-menus

100

Allows you to add shortcodes in WordPress Navigation Menus.

50K No CVEs

Popular Brand Icons – Simple Icons

simple-icons

An easy to use lightweight SVG icons plugin with over 1500+ brand icons. Use these icons in your menus, widgets, posts, or pages.

3K 1 unpatched

Advanced Menu Manager Pro – Built for Content-heavy WordPress Sites to Add, Filter, Lock, and Edit Menus Easily

advance-menu-manager

Create and manage menus of any size of your content-heavy wordpress blogs and websites. Simplified search and new comprehensive layout.

500 5 CVEs

Show Menu Shortcode

show-menu-shortcode

Provides a [show-menu] shortcode for displaying a menu within a post or page.

400 No CVEs

Shortcode Toggle

shortcode-toggle

Add Useful Toggle Menu to your blog simply by shortcode.

100 No CVEs

Developer Profile

Menu In Post Developer Profile

linux4me2

1 plugin · 2K total installs

trust score

Avg Security Score

78/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Menu In Post

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/menu-in-post/js/main-min.js/wp-content/plugins/menu-in-post/js/main.js

Script Paths

/wp-content/plugins/menu-in-post/js/main-min.js/wp-content/plugins/menu-in-post/js/main.js

Version Parameters

menu_in_post_frontend_script

HTML / DOM Fingerprints

CSS Classes

mip-drop-nav

Data Attributes

data-mip-options

JS Globals

menu_in_post_options

Shortcode Output

[menu_in_post_menu<select class="mip-drop-nav"<option value="#">

FAQ