Menus History Security & Risk Analysis
wordpress.org/plugins/menus-historyProvides history of changes to Wordpress menus
Is Menus History Safe to Use in 2026?
Generally Safe
Score 85/100Menus History has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "menus-history" plugin v1.0.2 exhibits several critical security weaknesses despite its clean vulnerability history and absence of dangerous functions. The most significant concern is the presence of two AJAX handlers that lack any authentication or capability checks. This creates a substantial attack surface, allowing any authenticated user, regardless of their role or privileges, to potentially trigger these handlers, leading to unintended actions or data manipulation. Furthermore, the analysis indicates that 100% of the plugin's outputs are not properly escaped. This leaves the plugin vulnerable to Cross-Site Scripting (XSS) attacks, where malicious scripts could be injected and executed in the user's browser, potentially compromising their session or data.
While the plugin's clean vulnerability history is a positive indicator and the use of prepared statements for SQL queries is commendable, these strengths are heavily overshadowed by the identified security flaws. The absence of taint analysis results is noted, but this does not negate the clear risks presented by the unprotected AJAX endpoints and unescaped output. The plugin's overall security posture is therefore concerning due to the high potential for exploitation through readily accessible entry points and output vulnerabilities.
Key Concerns
- AJAX handlers without auth checks
- Output escaping: 0% properly escaped
- Total entry points: 2, Unprotected: 2
Menus History Security Vulnerabilities
Menus History Code Analysis
Output Escaping
Menus History Attack Surface
AJAX Handlers 2
WordPress Hooks 5
Maintenance & Trust
Menus History Maintenance & Trust
Maintenance Signals
Community Trust
Menus History Alternatives
Advanced Menu Manager Pro – Built for Content-heavy WordPress Sites to Add, Filter, Lock, and Edit Menus Easily
advance-menu-manager
Create and manage menus of any size of your content-heavy wordpress blogs and websites. Simplified search and new comprehensive layout.
PublishPress Capabilities – User Role Editor, Access Permissions, User Capabilities, Admin Menus
capability-manager-enhanced
PublishPress Capabilities is the access control plugin. You can manage user capabilities, permissions, user roles, admin menus and more.
User Menus – Nav Menu Visibility
user-menus
Show/hide menu items to logged in users, logged out users or specific user roles. Display logged in user details in menu. Add a logout link to menu.
Nav Menu Roles
nav-menu-roles
Hide custom menu items based on user roles. PLEASE READ THE FAQ IF YOU ARE NOT SEEING THE SETTINGS.
Shortcode in Menus
shortcode-in-menus
Allows you to add shortcodes in WordPress Navigation Menus.
Menus History Developer Profile
1 plugin · 70 total installs
How We Detect Menus History
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/menus-history/js/menus-history.js/wp-content/plugins/menus-history/css/menus-history.css/wp-content/plugins/menus-history/js/menus-history.jsmenus-history.js?ver=menus-history.css?ver=HTML / DOM Fingerprints
latestname="menus-history-revision"