Does MenuThroughJSON have any unpatched vulnerabilities?

No. All known vulnerabilities in MenuThroughJSON have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is MenuThroughJSON compatible with WordPress 4.9.29?

According to WordPress.org data, MenuThroughJSON 1.1 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

Is MenuThroughJSON compatible with PHP 5.4+?

MenuThroughJSON requires PHP 5.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is MenuThroughJSON updated?

MenuThroughJSON was last updated on Unknown. Frequent updates are generally a positive security signal.

What is MenuThroughJSON's security score?

MenuThroughJSON has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

MenuThroughJSON Security & Risk Analysis

wordpress.org/plugins/menuthroughjson

Plugin che permette di creare un menu attraverso JSON

0 active installs v1.1 PHP 5.4+ WP 4.9.6+ Updated Unknown

androidiosjsonmenu

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is MenuThroughJSON Safe to Use in 2026?

Generally Safe

Score 100/100

MenuThroughJSON has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The "menuthroughjson" v1.1 plugin presents a significant security risk due to a substantial number of unprotected entry points. The static analysis reveals 29 total entry points, all of which lack authentication or capability checks. This means any unauthenticated user could potentially interact with these functions, opening the door to various attacks. The taint analysis is particularly concerning, with all 7 analyzed flows exhibiting unsanitized paths and classified as high severity. This indicates a high likelihood of code injection or other critical vulnerabilities stemming from user-supplied data not being properly validated or sanitized before being used in potentially dangerous operations. The plugin's vulnerability history is clean, with no recorded CVEs. While this might suggest a lack of past exploitation, it doesn't mitigate the current risks identified in the static and taint analysis. The absence of known vulnerabilities could be attributed to the plugin's niche usage or simply a lack of past in-depth security scrutiny. In conclusion, despite the lack of historical vulnerabilities, the "menuthroughjson" v1.1 plugin has a very poor security posture. The high number of unprotected entry points combined with critical taint flows represent immediate and severe security concerns that require urgent attention.

Key Concerns

28 AJAX handlers without auth checks
1 REST API route without permission callback
7 Taint flows with unsanitized paths (High)
0% Output escaping
0 Nonce checks
0 Capability checks
Bundled DataTables library (potential for outdated version)
Bundled Select2 library (potential for outdated version)

Vulnerabilities

None known

MenuThroughJSON Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

MenuThroughJSON Code Analysis

Dangerous Functions

Raw SQL Queries

35 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

DataTablesSelect2

SQL Query Safety

81% prepared43 total queries

Output Escaping

0% escaped31 total outputs

Data Flows

7 unsanitized

Data Flow Analysis

7 flows7 with unsanitized paths

MTJ_add_post_menu (MenuThroughJSON.php:219)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

29 unprotected

MenuThroughJSON Attack Surface

Entry Points29

Unprotected29

AJAX Handlers 28

noprivwp_ajax_MTJ_add_item_menuMenuThroughJSON.php:608

authwp_ajax_MTJ_add_item_menuMenuThroughJSON.php:609

noprivwp_ajax_MTJ_reload_menuMenuThroughJSON.php:611

authwp_ajax_MTJ_reload_menuMenuThroughJSON.php:612

noprivwp_ajax_MTJ_construct_tableMenuThroughJSON.php:614

authwp_ajax_MTJ_construct_tableMenuThroughJSON.php:615

noprivwp_ajax_MTJ_change_state_itemMenuThroughJSON.php:617

authwp_ajax_MTJ_change_state_itemMenuThroughJSON.php:618

noprivwp_ajax_MTJ_delete_itemMenuThroughJSON.php:620

authwp_ajax_MTJ_delete_itemMenuThroughJSON.php:621

noprivwp_ajax_MTJ_update_itemMenuThroughJSON.php:623

authwp_ajax_MTJ_update_itemMenuThroughJSON.php:624

noprivwp_ajax_MTJ_update_post_tableMenuThroughJSON.php:626

authwp_ajax_MTJ_update_post_tableMenuThroughJSON.php:627

noprivwp_ajax_MTJ_change_state_postMenuThroughJSON.php:629

authwp_ajax_MTJ_change_state_postMenuThroughJSON.php:630

noprivwp_ajax_MTJ_add_post_menuMenuThroughJSON.php:632

authwp_ajax_MTJ_add_post_menuMenuThroughJSON.php:633

noprivwp_ajax_MTJ_delete_postMenuThroughJSON.php:635

authwp_ajax_MTJ_delete_postMenuThroughJSON.php:636

noprivwp_ajax_MTJ_update_post_nameMenuThroughJSON.php:638

authwp_ajax_MTJ_update_post_nameMenuThroughJSON.php:639

noprivwp_ajax_MTJ_add_post_specialMenuThroughJSON.php:641

authwp_ajax_MTJ_add_post_specialMenuThroughJSON.php:642

noprivwp_ajax_MTJ_delete_post_specialMenuThroughJSON.php:644

authwp_ajax_MTJ_delete_post_specialMenuThroughJSON.php:645

noprivwp_ajax_MTJ_update_special_postMenuThroughJSON.php:647

authwp_ajax_MTJ_update_special_postMenuThroughJSON.php:648

REST API Routes 1

GET/wp-json/production/v1/menu/MenuThroughJSON.php:599

WordPress Hooks 4

actionadmin_enqueue_scriptsMenuThroughJSON.php:49

actionadmin_print_scriptsMenuThroughJSON.php:50

actionrest_api_initMenuThroughJSON.php:597

actionadmin_menuMenuThroughJSON.php:705

Maintenance & Trust

MenuThroughJSON Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedUnknown

PHP min version5.4

Downloads899

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

MenuThroughJSON Alternatives

GoodBarber

goodbarber

GoodBarber plugin allows you to retrieve WordPress content in order to create a native app for iOS and/or Android

1K 2 CVEs

WPMobile.App

wpappninja

Android and iOS mobile application. Easy setup, free test.

4K 9 CVEs

WP-REST-API V2 Menus

wp-rest-api-v2-menus

Adding menus endpoints on WP REST API v2

3K No CVEs

WP API Menus

wp-api-menus

Extends WordPress WP REST API with new routes pointing to WordPress menus.

2K No CVEs

Pushover Integration for WooCommerce

pushover-for-woocommerce

Pushover for WooCommerce integrates WooCommerce with the Pushover notifications app for Android and iOS.

800 No CVEs

Developer Profile

MenuThroughJSON Developer Profile

simone1040

1 plugin · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect MenuThroughJSON

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/menuthroughjson/assets/datatables.net/js/jquery.dataTables.js/wp-content/plugins/menuthroughjson/assets/datatables.net-bs/js/dataTables.bootstrap.js/wp-content/plugins/menuthroughjson/assets/bootstrap/dist/js/bootstrap.js/wp-content/plugins/menuthroughjson/assets/bootstrap/dist/js/bootstrap-notify.js/wp-content/plugins/menuthroughjson/assets/adminlte.js/wp-content/plugins/menuthroughjson/assets/select2/dist/js/select2.full.min.js/wp-content/plugins/menuthroughjson/assets/bootstrap-toggle-master/js/bootstrap-toggle.js/wp-content/plugins/menuthroughjson/assets/bootstrap/dist/css/bootstrap.css+17 more

HTML / DOM Fingerprints

JS Globals

MTJthe_ajax_scriptscript_add_itemscript_change_state_itemscript_delete_itemscript_modify_item+4 more

REST Endpoints

/wp-json/MTJ_api_get_posts

FAQ