Does Nav Menu Roles have any unpatched vulnerabilities?

No. All known vulnerabilities in Nav Menu Roles have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Nav Menu Roles compatible with WordPress 6.8.0?

According to WordPress.org data, Nav Menu Roles 2.1.2 has been tested up to WordPress 6.8.0. Check the plugin's changelog for the latest compatibility information.

Is Nav Menu Roles compatible with PHP 5.3.2+?

Nav Menu Roles requires PHP 5.3.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Nav Menu Roles updated?

Nav Menu Roles was last updated on Feb 20, 2026. Frequent updates are generally a positive security signal.

What is Nav Menu Roles's security score?

Nav Menu Roles has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Nav Menu Roles Security & Risk Analysis

wordpress.org/plugins/nav-menu-roles

Hide custom menu items based on user roles. PLEASE READ THE FAQ IF YOU ARE NOT SEEING THE SETTINGS.

70K active installs v2.1.2 PHP 5.3.2+ WP 4.5.0+ Updated Feb 20, 2026

menumenusnav-menunav-menus

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Nav Menu Roles Safe to Use in 2026?

Generally Safe

Score 100/100

Nav Menu Roles has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The nav-menu-roles v2.1.2 plugin exhibits a generally good security posture based on the provided static analysis. The absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits its attack surface. Furthermore, the complete reliance on prepared statements for SQL queries and the presence of nonce and capability checks are strong indicators of secure coding practices. The lack of any recorded vulnerabilities or CVEs in its history further bolsters this positive assessment.

However, there are areas for improvement. The taint analysis revealed 4 flows with unsanitized paths, all without critical or high severity findings. While not immediately exploitable based on this data, unsanitized paths represent a potential weakness that could be leveraged in conjunction with other factors or future code modifications. Additionally, the output escaping is only properly implemented for 63% of outputs. This leaves a significant portion of the plugin's output potentially vulnerable to cross-site scripting (XSS) attacks, especially if user-supplied data is involved in these unescaped outputs.

In conclusion, nav-menu-roles v2.1.2 is a relatively secure plugin with a well-managed attack surface and good data handling for SQL. The primary concerns lie in the potential for unsanitized paths and the prevalence of unescaped output, which, while not indicating active vulnerabilities in this version, represent areas that could introduce risks if not addressed. The clean vulnerability history is a strong positive, suggesting a commitment to security by the developers.

Key Concerns

Unsanitized paths found in taint analysis
Low percentage of properly escaped output

Vulnerabilities

None known

Nav Menu Roles Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Nav Menu Roles Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

147 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

63% escaped235 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths

start_el (inc\class-walker-nav-menu-edit-roles-4.5.php:59)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Nav Menu Roles Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 20

filterimport_post_meta_keyinc\class-nav-menu-roles-import.php:94

filterhttp_request_timeoutinc\class-nav-menu-roles-import.php:95

actionadmin_initinc\class-nav-menu-roles.php:93

actioninitinc\class-nav-menu-roles.php:96

actioninitinc\class-nav-menu-roles.php:99

filterplugin_row_metainc\class-nav-menu-roles.php:102

filterwp_edit_nav_menu_walkerinc\class-nav-menu-roles.php:106

actionwp_nav_menu_item_custom_fieldsinc\class-nav-menu-roles.php:110

actionadmin_enqueue_scriptsinc\class-nav-menu-roles.php:113

actionwp_update_nav_menu_iteminc\class-nav-menu-roles.php:116

filterwp_setup_nav_menu_iteminc\class-nav-menu-roles.php:119

filterwp_get_nav_menu_itemsinc\class-nav-menu-roles.php:124

actionplugins_loadedinc\class-nav-menu-roles.php:128

actionwp_nav_menu_item_custom_fields_customize_templateinc\customizer.php:21

actioncustomize_controls_enqueue_scriptsinc\customizer.php:24

actioncustomize_registerinc\customizer.php:28

actioncustomize_save_afterinc\customizer.php:32

filterget_post_metadatainc\customizer.php:167

filterget_post_metadatainc\customizer.php:187

actionplugins_loadednav-menu-roles.php:57

Maintenance & Trust

Nav Menu Roles Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.0

Last updatedFeb 20, 2026

PHP min version5.3.2

Downloads1.7M

Community Trust

Rating98/100

Number of ratings218

Active installs70K

Alternatives

Nav Menu Roles Alternatives

Better Internal Link Search

better-internal-link-search

Improve the internal link popup manager with time-saving enhancements and features.

1K No CVEs

Bop Search Box Item Type For Nav Menus

bop-search-box-item-type-for-nav-menus

Adds search box as a choice of item in navigation menus admin area.

1K No CVEs

Privilege Menu

privilege-menu

This plugin allows you to display menu items based on if a user is logged in, logged out or based on the role you have given the user.

1K No CVEs

sTRASHo

strasho

sTRASHo is a smart and easy way to delete your menu items.

200 No CVEs

Drag & Drop Menu Items

drag-drop-menu-items

100

Add WP Menu Items By Dragging It & Dropping into Menu Items List Area.

90 No CVEs

Developer Profile

Nav Menu Roles Developer Profile

HelgaTheViking

6 plugins · 99K total installs

trust score

Avg Security Score

91/100

Avg Patch Time

657 days

View full developer profile

Detection Fingerprints

How We Detect Nav Menu Roles

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/nav-menu-roles/css/nav-menu-roles-admin.css/wp-content/plugins/nav-menu-roles/js/nav-menu-roles-admin.js

Script Paths

/wp-content/plugins/nav-menu-roles/js/nav-menu-roles-admin.js

Version Parameters

nav-menu-roles/css/nav-menu-roles-admin.css?ver=nav-menu-roles/js/nav-menu-roles-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

nav-menu-roles-hide-rolesnav-menu-roles-display-rolesnav-menu-roles-role-field

HTML Comments

Data Attributes

data-nav-menu-roles-options

JS Globals

navMenuRolesAdminnav_menu_roles_params

FAQ

Nav Menu Roles Security & Risk Analysis

Is Nav Menu Roles Safe to Use in 2026?

Generally Safe

Key Concerns

Nav Menu Roles Security Vulnerabilities

Nav Menu Roles Code Analysis

Output Escaping

Data Flow Analysis

Nav Menu Roles Attack Surface

Nav Menu Roles Maintenance & Trust

Maintenance Signals

Community Trust

Nav Menu Roles Alternatives

Better Internal Link Search

Bop Search Box Item Type For Nav Menus

Privilege Menu

sTRASHo

Drag & Drop Menu Items

Nav Menu Roles Developer Profile

How We Detect Nav Menu Roles

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Nav Menu Roles