Does WP Mobile Bottom Menu have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Mobile Bottom Menu have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Mobile Bottom Menu compatible with WordPress 6.9.4?

According to WordPress.org data, WP Mobile Bottom Menu 1.4.6 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is WP Mobile Bottom Menu compatible with PHP 7.4+?

WP Mobile Bottom Menu requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WP Mobile Bottom Menu updated?

WP Mobile Bottom Menu was last updated on Mar 2, 2026. Frequent updates are generally a positive security signal.

What is WP Mobile Bottom Menu's security score?

WP Mobile Bottom Menu has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Mobile Bottom Menu Security & Risk Analysis

wordpress.org/plugins/mobile-bottom-menu-for-wp

Smooth Navigation for Mobile. Create an Eye-Catching Sticky Bottom Menu with Limitless Customization Options.

10K active installs v1.4.6 PHP 7.4+ WP 5.0+ Updated Mar 2, 2026

bottom-menumenumobile-menunavigation-menusticky-menu

A · Safe

CVEs total1

Unpatched0

Last CVEMar 31, 2025

Plugin page Download

Safety Verdict

Is WP Mobile Bottom Menu Safe to Use in 2026?

Generally Safe

Score 99/100

WP Mobile Bottom Menu has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Mar 31, 2025Updated 1mo ago

Risk Assessment

The plugin "mobile-bottom-menu-for-wp" v1.4.6 presents a mixed security posture. While it demonstrates strong adherence to secure coding practices with 100% of its SQL queries using prepared statements and a high percentage of properly escaped output, significant concerns arise from its attack surface. The presence of 7 AJAX handlers, with 4 of them lacking proper authentication checks, creates a substantial risk of unauthorized access and manipulation. The extensive use of the `unserialize` function, a known source of potential vulnerabilities if not handled with extreme care, further elevates this risk profile. The plugin's vulnerability history indicates a past issue with missing authorization, aligning with the current findings of unprotected AJAX handlers. Although there are no currently unpatched CVEs and no critical taint flows identified, the combination of unprotected entry points and potentially dangerous function usage warrants caution.

Key Concerns

Unprotected AJAX handlers
Use of unserialize function
Medium severity vulnerability history (Missing Authorization)

Vulnerabilities

WP Mobile Bottom Menu Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-31525medium · 4.3Missing Authorization

WP Mobile Bottom Menu <= 1.4.0 - Missing Authorization

Mar 31, 2025 Patched in 1.4.1 (74d)

Code Analysis

Analyzed Mar 16, 2026

WP Mobile Bottom Menu Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

93 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$default_available_skins_data['default_skin'] = unserialize('a:105:{s:7:"enabled";s:1:"1";s:10:"breaincludes\class-wp-bnav-ajax-style.php:31

unserialize$default_available_skins_data['skin_one'] = unserialize('a:133:{s:7:"enabled";s:1:"1";s:11:"select_pincludes\class-wp-bnav-ajax-style.php:33

unserialize$default_available_skins_data['skin_ten'] = unserialize('a:133:{s:7:"enabled";s:1:"1";s:11:"select_pincludes\class-wp-bnav-ajax-style.php:36

unserialize$default_available_skins_data['skin_eleven'] = unserialize('a:42:{s:7:"enabled";s:1:"1";s:21:"globalincludes\class-wp-bnav-ajax-style.php:39

unserialize$default_available_skins_data['skin_twelve'] = unserialize('a:42:{s:7:"enabled";s:1:"1";s:21:"globalincludes\class-wp-bnav-ajax-style.php:41

unserialize$default_available_skins_data['skin_thirteen'] = unserialize('a:42:{s:7:"enabled";s:1:"1";s:21:"globincludes\class-wp-bnav-ajax-style.php:44

unserialize$default_available_skins_data['skin_fourteen'] = unserialize('a:42:{s:7:"enabled";s:1:"1";s:21:"globincludes\class-wp-bnav-ajax-style.php:47

unserialize$default_available_skins_data['skin_fifteen'] = unserialize('a:42:{s:7:"enabled";s:1:"1";s:21:"globaincludes\class-wp-bnav-ajax-style.php:49

unserialize$default_available_skins_menu_data['default_skin'] = unserialize('a:10:{s:9:"hide-text";s:0:"";s:9:"includes\class-wp-bnav-ajax-style.php:51

unserialize$default_available_skins_menu_data['skin_one'] = unserialize('a:10:{s:9:"hide-text";s:0:"";s:9:"showincludes\class-wp-bnav-ajax-style.php:53

unserialize$default_available_skins_menu_data['skin_ten'] = unserialize('a:16:{s:9:"hide-text";s:1:"1";s:9:"shoincludes\class-wp-bnav-ajax-style.php:55

unserialize$default_available_skins_menu_data['skin_eleven'] = unserialize('a:16:{s:9:"hide-text";s:1:"1";s:9:"includes\class-wp-bnav-ajax-style.php:57

unserialize$default_available_skins_menu_data['skin_twelve'] = unserialize('a:16:{s:9:"hide-text";s:1:"1";s:9:"includes\class-wp-bnav-ajax-style.php:59

unserialize$default_available_skins_menu_data['skin_thirteen'] = unserialize('a:16:{s:9:"hide-text";s:1:"1";s:9includes\class-wp-bnav-ajax-style.php:61

unserialize$default_available_skins_menu_data['skin_fourteen'] = unserialize('a:16:{s:9:"hide-text";s:1:"1";s:9includes\class-wp-bnav-ajax-style.php:63

unserialize$default_available_skins_menu_data['skin_fifteen'] = unserialize('a:16:{s:9:"hide-text";s:1:"1";s:9:includes\class-wp-bnav-ajax-style.php:65

unserialize$default_available_skins_data['default_skin'] = unserialize('a:133:{s:7:"enabled";s:1:"1";s:11:"seleincludes\class-wp-bnav-ajax.php:2890

unserialize$default_available_skins_data['skin_one'] = unserialize('a:133:{s:7:"enabled";s:1:"1";s:11:"select_pincludes\class-wp-bnav-ajax.php:2892

unserialize$default_available_skins_data['skin_ten'] = unserialize('a:133:{s:7:"enabled";s:1:"1";s:11:"select_pincludes\class-wp-bnav-ajax.php:2894

unserialize$default_available_skins_data['skin_eleven'] = unserialize('a:42:{s:7:"enabled";s:1:"1";s:21:"globalincludes\class-wp-bnav-ajax.php:2896

unserialize$default_available_skins_data['skin_twelve'] = unserialize('a:42:{s:7:"enabled";s:1:"1";s:21:"globalincludes\class-wp-bnav-ajax.php:2898

unserialize$default_available_skins_data['skin_thirteen'] = unserialize('a:42:{s:7:"enabled";s:1:"1";s:21:"globincludes\class-wp-bnav-ajax.php:2900

unserialize$default_available_skins_data['skin_fourteen'] = unserialize('a:133:{s:7:"enabled";s:1:"1";s:11:"selincludes\class-wp-bnav-ajax.php:2902

unserialize$default_available_skins_data['skin_fifteen'] = unserialize('a:133:{s:7:"enabled";s:1:"1";s:11:"seleincludes\class-wp-bnav-ajax.php:2904

unserialize$default_available_skins_menu_data['default_skin'] = unserialize('a:10:{s:9:"hide-text";s:0:"";s:9:"includes\class-wp-bnav-ajax.php:2906

unserialize$default_available_skins_menu_data['skin_one'] = unserialize('a:10:{s:9:"hide-text";s:0:"";s:9:"showincludes\class-wp-bnav-ajax.php:2908

unserialize$default_available_skins_menu_data['skin_ten'] = unserialize('a:16:{s:9:"hide-text";s:1:"1";s:9:"shoincludes\class-wp-bnav-ajax.php:2910

unserialize$default_available_skins_menu_data['skin_eleven'] = unserialize('a:16:{s:9:"hide-text";s:1:"1";s:9:"includes\class-wp-bnav-ajax.php:2912

unserialize$default_available_skins_menu_data['skin_twelve'] = unserialize('a:16:{s:9:"hide-text";s:1:"1";s:9:"includes\class-wp-bnav-ajax.php:2914

unserialize$default_available_skins_menu_data['skin_thirteen'] = unserialize('a:16:{s:9:"hide-text";s:1:"1";s:9includes\class-wp-bnav-ajax.php:2916

unserialize$default_available_skins_menu_data['skin_fourteen'] = unserialize('a:16:{s:9:"hide-text";s:1:"1";s:9includes\class-wp-bnav-ajax.php:2918

unserialize$default_available_skins_menu_data['skin_fifteen'] = unserialize('a:16:{s:9:"hide-text";s:1:"1";s:9:includes\class-wp-bnav-ajax.php:2920

Output Escaping

93% escaped100 total outputs

Attack Surface

4 unprotected

WP Mobile Bottom Menu Attack Surface

Entry Points7

Unprotected4

AJAX Handlers 7

authwp_ajax_Wp_Bnav_custom_plugin_installadmin\class-wp-bnav-admin.php:54

authwp_ajax_yith_wcwl_update_wishlist_countincludes\class-wp-bnav-render-dom.php:19

noprivwp_ajax_yith_wcwl_update_wishlist_countincludes\class-wp-bnav-render-dom.php:20

noprivwp_ajax_set_premade_skinincludes\class-wp-bnav.php:189

authwp_ajax_set_premade_skinincludes\class-wp-bnav.php:190

noprivwp_ajax_set_premade_skin_styleincludes\class-wp-bnav.php:194

authwp_ajax_set_premade_skin_styleincludes\class-wp-bnav.php:195

WordPress Hooks 19

actionadmin_noticesincludes\class-wp-bnav-notification-widget-bottom-menu.php:19

actionadmin_enqueue_scriptsincludes\class-wp-bnav-notification-widget-bottom-menu.php:20

actionsave_postincludes\class-wp-bnav-notification-widget-bottom-menu.php:21

filterwp_nav_menu_objectsincludes\class-wp-bnav-render-dom.php:17

filterwoocommerce_add_to_cart_fragmentsincludes\class-wp-bnav-render-dom.php:18

actionwpincludes\class-wp-bnav-render-dom.php:21

actionwp_footerincludes\class-wp-bnav-render-dom.php:73

actionwp_footerincludes\class-wp-bnav-render-dom.php:79

filterwp_bnav_register_options_panelincludes\class-wp-bnav-settings.php:53

actionadmin_footerincludes\class-wp-bnav-settings.php:1348

actionplugins_loadedincludes\class-wp-bnav.php:160

actionadmin_enqueue_scriptsincludes\class-wp-bnav.php:210

actionadmin_enqueue_scriptsincludes\class-wp-bnav.php:211

actionwp_enqueue_scriptsincludes\class-wp-bnav.php:227

actionwp_enqueue_scriptsincludes\class-wp-bnav.php:228

actionafter_setup_themeincludes\class-wp-bnav.php:235

filternav_menu_submenu_css_classincludes\class-wp-bnav.php:236

actionplugins_loadedwp-bnav.php:109

actionadmin_footerwp-bnav.php:129

Maintenance & Trust

WP Mobile Bottom Menu Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 2, 2026

PHP min version7.4

Downloads112K

Community Trust

Rating82/100

Number of ratings19

Active installs10K

Alternatives

WP Mobile Bottom Menu Alternatives

WP Bottom Menu

wp-bottom-menu

100

WP Bottom Menu allows you to add a woocommerce supported bottom menu to your site.

20K No CVEs

Mobile Menu Builder for WordPress

mobile-menu-builder

WordPress Mobile Menu Builder plugin is specially designed for mobiles. It is easy to use, customizable, and is highly flexible.

600 No CVEs

Multilevel Navigation Menu

multilevel-navigation-menu

Multilevel Navigation Menu plugin ability to add a full-screen navigation menu to our website.

500 No CVEs

The Menu: Custom mobile navigation with icons

the-menu

100

Create beautiful mobile navigation menus with custom icons, role-based visibility, and extensive style options for your WordPress site.

400 No CVEs

SureWP App-Style Bottom Menu

surewp-app-bottom-menu

100

Add an app-style bottom navigation menu optimized for mobile devices with WooCommerce cart integration and search modal.

20 No CVEs

Developer Profile

WP Mobile Bottom Menu Developer Profile

WP Messiah

12 plugins · 26K total installs

trust score

Avg Security Score

89/100

Avg Patch Time

132 days

View full developer profile

Detection Fingerprints

How We Detect WP Mobile Bottom Menu

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/mobile-bottom-menu-for-wp/admin/css/wp-bnav-admin.css/wp-content/plugins/mobile-bottom-menu-for-wp/admin/js/wp-bnav-admin.js

Script Paths

admin/js/wp-bnav-admin.js

Version Parameters

wp-bnav-admin.css?ver=wp-bnav-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

wp_bnav_counterbnav_wishlist_counterwp_bnav_setting_button

HTML Comments

Data Attributes

data-urldata-actiondata-noncedata-skin-name

JS Globals

wp_bnav_messageswp_bnavWp_Bnav_custom_plugin_install_obj

REST Endpoints

/wp-json/wp-bnav/v1/get_custom_code/wp-json/wp-bnav/v1/set_custom_code/wp-json/wp-bnav/v1/get_custom_css/wp-json/wp-bnav/v1/set_custom_css

Shortcode Output

<span class="bnav_wishlist_counter">

FAQ