Does Navigation menu as Dropdown Widget have any unpatched vulnerabilities?

No. All known vulnerabilities in Navigation menu as Dropdown Widget have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Navigation menu as Dropdown Widget compatible with WordPress 6.8.5?

According to WordPress.org data, Navigation menu as Dropdown Widget 1.5.2 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Navigation menu as Dropdown Widget compatible with PHP 5.3+?

Navigation menu as Dropdown Widget requires PHP 5.3 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Navigation menu as Dropdown Widget updated?

Navigation menu as Dropdown Widget was last updated on Apr 12, 2025. Frequent updates are generally a positive security signal.

What is Navigation menu as Dropdown Widget's security score?

Navigation menu as Dropdown Widget has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Navigation menu as Dropdown Widget Security & Risk Analysis

wordpress.org/plugins/navigation-menu-as-dropdown-widget

WordPress plugin which provides a widget with a clickable dropdown of a WordPress navigation menu. It supports one level of parent-child menu's.

3K active installs v1.5.2 PHP 5.3+ WP 3.0.1+ Updated Apr 12, 2025

dropdownmenunavigationquicknavselect

A · Safe

CVEs total1

Unpatched0

Last CVEApr 16, 2024

Download

Safety Verdict

Is Navigation menu as Dropdown Widget Safe to Use in 2026?

Generally Safe

Score 99/100

Navigation menu as Dropdown Widget has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Apr 16, 2024Updated 11mo ago

Risk Assessment

The static analysis of "navigation-menu-as-dropdown-widget" v1.5.2 shows a generally good security posture with no identified vulnerabilities in the code itself, such as dangerous functions, raw SQL queries, or file operations. The absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits the plugin's attack surface. Taint analysis also reveals no critical or high-severity unsanitized flows.

However, there are notable concerns regarding output escaping, with only 10% of the 41 identified outputs being properly escaped. This leaves a substantial portion of potential user-controlled data unescaped, creating a significant risk of Cross-Site Scripting (XSS) vulnerabilities, especially since the plugin's historical vulnerability data points to XSS as a common issue. The presence of one historical CVE, although currently unpatched, and the lack of capability checks on entry points also warrant attention.

In conclusion, while the plugin's code structure is robust and avoids common pitfalls like raw SQL, the insufficient output escaping is a critical weakness. This, coupled with the historical XSS vulnerability, suggests a need for immediate attention to ensure all output is properly sanitized to prevent potential XSS attacks. The lack of capability checks also raises questions about authorization for any potential, albeit currently absent, interactive components.

Key Concerns

Poor output escaping (90% unsanitized)
Historical medium severity CVE (XSS)
No capability checks on entry points

Vulnerabilities

Navigation menu as Dropdown Widget Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-32126medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Navigation menu as Dropdown Widget <= 1.3.4 - Authenticated (Admin+) Stored Cross-Site Scripting

Apr 16, 2024 Patched in 1.3.5 (10d)

Code Analysis

Analyzed Mar 16, 2026

Navigation menu as Dropdown Widget Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

4 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

10% escaped41 total outputs

Attack Surface

Navigation menu as Dropdown Widget Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 1

actionwidgets_initnavigation-menu-as-dropdown-widget.php:24

Maintenance & Trust

Navigation menu as Dropdown Widget Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedApr 12, 2025

PHP min version5.3

Downloads43K

Community Trust

Rating100/100

Number of ratings10

Active installs3K

Alternatives

Navigation menu as Dropdown Widget Alternatives

Ollie Menu Designer

ollie-menu-designer

100

Create custom dropdown & mobile menus using WordPress blocks. Design rich, responsive navigation with any block content in the block editor.

2K No CVEs

Dropdown multisite selector

dropdown-multisite-selector

Gives you the resources to make select field with redirecting options to a given URLs.

1K 2 CVEs

Multilevel Navigation Menu

multilevel-navigation-menu

Multilevel Navigation Menu plugin ability to add a full-screen navigation menu to our website.

500 No CVEs

Dropdown Menus

dropdown-menus

Display your WordPress menus as a dropdown select box. Great for mobile designs.

300 No CVEs

Accessible Dropdown Menus

accessible-dropdown-menus

Makes dropdown menus in many WordPress themes keyboard accessible.

200 No CVEs

Developer Profile

Navigation menu as Dropdown Widget Developer Profile

Jeroen Peters

4 plugins · 7K total installs

trust score

Avg Security Score

97/100

Avg Patch Time

272 days

View full developer profile

Detection Fingerprints

How We Detect Navigation menu as Dropdown Widget

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes

pd_firstpd_tldpd_sld

HTML Comments

<![CDATA[]]>Make sure we don't expose any info if called directly

Data Attributes

select_pd_

JS Globals

JP_Dropdown_Menu_widget

FAQ