WP-Safety

MenuPilot – Preview-First Menu Import & Export Security & Risk Analysis

wordpress.org/plugins/menupilot

Safely import and export WordPress navigation menus with a preview-first workflow. Review and map menus before importing.

10 active installs v1.0.16 PHP 7.4+ WP 5.8+ Updated Mar 15, 2026
import-exportmenusmigrationnavigation
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is MenuPilot – Preview-First Menu Import & Export Safe to Use in 2026?

Generally Safe

Score 100/100

MenuPilot – Preview-First Menu Import & Export has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The "menupilot" v1.0.20 plugin exhibits a generally strong security posture based on the provided static analysis. The absence of any critical or high-severity taint flows, coupled with a very high percentage of prepared statements and properly escaped output, indicates good development practices in handling data and preventing common vulnerabilities like SQL injection and XSS. The presence of numerous nonce and capability checks on AJAX handlers further strengthens its defense against unauthorized actions. The plugin also has a clean vulnerability history, with no known CVEs, suggesting a mature and well-maintained codebase.

However, while the overall picture is positive, a small concern arises from the 10 AJAX handlers. Although the analysis states 0 unprotected handlers, the sheer number of entry points, even if secured, represents a potential area for future misconfigurations or subtle logic flaws that could be exploited. The presence of file operations, although not explicitly flagged as risky, warrants careful consideration in any security audit.

In conclusion, "menupilot" v1.0.20 appears to be a secure plugin with strong defensive coding practices. Its clean vulnerability history and robust implementation of security checks are commendable. The minor area of attention would be the number of AJAX handlers, which, while currently secured, still constitute a significant attack surface that requires ongoing vigilance.

Key Concerns

  • File operations present
Vulnerabilities
None known

MenuPilot – Preview-First Menu Import & Export Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

MenuPilot – Preview-First Menu Import & Export Release Timeline

No version history available.
Code Analysis
Analyzed Mar 16, 2026

MenuPilot – Preview-First Menu Import & Export Code Analysis

Dangerous Functions
0
Raw SQL Queries
6
20 prepared
Unescaped Output
6
260 escaped
Nonce Checks
14
Capability Checks
22
File Operations
2
External Requests
0
Bundled Libraries
0

SQL Query Safety

77% prepared26 total queries

Output Escaping

98% escaped266 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

5 flows
<class-ajax-handler> (includes\admin\class-ajax-handler.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

MenuPilot – Preview-First Menu Import & Export Attack Surface

Entry Points10
Unprotected0

AJAX Handlers 10

authwp_ajax_menupilot_export_menuincludes\admin\class-ajax-handler.php:57
authwp_ajax_menupilot_preview_importincludes\admin\class-ajax-handler.php:58
authwp_ajax_menupilot_import_menuincludes\admin\class-ajax-handler.php:59
authwp_ajax_menupilot_export_settingsincludes\admin\class-ajax-handler.php:60
authwp_ajax_menupilot_create_backupincludes\admin\class-ajax-handler.php:61
authwp_ajax_menupilot_restore_backupincludes\admin\class-ajax-handler.php:62
authwp_ajax_menupilot_list_backupsincludes\admin\class-ajax-handler.php:63
authwp_ajax_menupilot_export_backupincludes\admin\class-ajax-handler.php:64
authwp_ajax_menupilot_delete_backupincludes\admin\class-ajax-handler.php:65
authwp_ajax_menupilot_delete_all_backupsincludes\admin\class-ajax-handler.php:66
WordPress Hooks 19
actionadmin_footer-nav-menus.phpincludes\admin\class-backup-manager.php:507
actionadmin_headincludes\admin\class-backup-manager.php:730
actionadmin_initincludes\admin\class-settings-page.php:54
actionadmin_initincludes\admin\class-settings-page.php:437
actionadmin_initincludes\admin\class-tools-page.php:38
actionmenupilot_after_importincludes\class-history.php:140
actionmenupilot_import_failedincludes\class-history.php:141
actionrest_api_initincludes\class-init.php:117
actionadmin_menuincludes\class-init.php:148
actionadmin_initincludes\class-init.php:150
actionadmin_initincludes\class-init.php:151
actionload-nav-menus.phpincludes\class-init.php:152
actionadmin_post_menupilot_download_historyincludes\class-init.php:154
actionadmin_post_menupilot_clear_historyincludes\class-init.php:155
actionadmin_enqueue_scriptsincludes\class-init.php:156
filteradmin_body_classincludes\class-init.php:157
actionrest_api_initincludes\rest\class-rest-controller.php:61
filterrest_endpointsincludes\rest\class-rest-controller.php:64
actionplugins_loadedmenupilot.php:58
Maintenance & Trust

MenuPilot – Preview-First Menu Import & Export Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 15, 2026
PHP min version7.4
Downloads272

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

MenuPilot – Preview-First Menu Import & Export Alternatives

Responsive Navigation Block

Responsive Navigation Block

getdave-responsive-navigation-block

A
100

Complete control over your navigation menus based on screen size including styles and menu items.

1K No CVEs
Import Export Menu

Import Export Menu

import-export-menu

A
92

This plugin allows you to export and import menus in WordPress, making it easier to manage and migrate menu structures between sites.

1K No CVEs
Menu By User Roles

Menu By User Roles

menu-by-user-roles

A
100

Menu By User Roles allows you to control the visibility of menu items based on user roles.

1K No CVEs
Auto Subpage Menu

Auto Subpage Menu

auto-subpage-menu

A
85

By default wordpress menu system, wordpress can only automatically add/remove top-level page to/from menus

800 No CVEs
Better Menu Widget

Better Menu Widget

better-menu-widget

A
85

Better Menu Widget makes it easy to customize your menu widgets by adding css styles and a heading link.

600 No CVEs
Developer Profile

MenuPilot – Preview-First Menu Import & Export Developer Profile

Mayank Majeji

5 plugins · 70 total installs

91
trust score
Avg Security Score
95/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect MenuPilot – Preview-First Menu Import & Export

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/menupilot/assets/css/admin.css/wp-content/plugins/menupilot/assets/js/admin.js/wp-content/plugins/menupilot/assets/js/admin-pages.js
Script Paths
/wp-content/plugins/menupilot/assets/js/admin.js/wp-content/plugins/menupilot/assets/js/admin-pages.js
Version Parameters
menupilot/assets/css/admin.css?ver=menupilot/assets/js/admin.js?ver=menupilot/assets/js/admin-pages.js?ver=

HTML / DOM Fingerprints

CSS Classes
menupilot-adminmenupilot-admin-pagesmenupilot-history-wrappermenupilot-settings-wrappermenupilot-tools-wrappermenupilot-export-wrappermenupilot-import-wrappermenupilot-help-wrapper
Data Attributes
data-menupilot-settingsdata-menupilot-exportdata-menupilot-importdata-menupilot-toolsdata-menupilot-historydata-menupilot-help
JS Globals
menupilotData
REST Endpoints
/menupilot/v1
FAQ

Frequently Asked Questions about MenuPilot – Preview-First Menu Import & Export