Nice Navigation Security & Risk Analysis
wordpress.org/plugins/nice-navigationA widget that add a list of your pages as a list with option to expand and collaps the page tree with a nice slide animation effect.
Is Nice Navigation Safe to Use in 2026?
Generally Safe
Score 85/100Nice Navigation has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "nice-navigation" plugin v1.6 exhibits a generally strong security posture, with no recorded vulnerabilities or known CVEs, suggesting a history of responsible development and patching. The static analysis also indicates a minimal attack surface, with no discovered AJAX handlers, REST API routes, shortcodes, or cron events that could be exploited. Furthermore, all SQL queries utilize prepared statements, which is a significant best practice for preventing SQL injection vulnerabilities.
However, there are notable areas for concern. The presence of the `create_function` function is a critical warning sign, as this function is deprecated and can be a vector for arbitrary code execution if not handled with extreme caution and proper sanitization. Additionally, the low percentage (13%) of properly escaped output suggests a significant risk of Cross-Site Scripting (XSS) vulnerabilities, where malicious scripts could be injected into the website's pages and executed by unsuspecting users.
While the plugin boasts a clean vulnerability history, the presence of `create_function` and the poor output escaping are significant weaknesses. The lack of nonce checks and capability checks on entry points, though the attack surface is currently zero, means that if any new entry points are added in the future, they could be vulnerable by default. Overall, the plugin has strengths in its minimal attack surface and safe SQL handling, but the identified code signals require immediate attention to mitigate potential XSS and code execution risks.
Key Concerns
- Uses deprecated and potentially dangerous create_function
- Low percentage of properly escaped output (XSS risk)
- No nonce checks on entry points
- No capability checks on entry points
Nice Navigation Security Vulnerabilities
Nice Navigation Code Analysis
Dangerous Functions Found
Output Escaping
Nice Navigation Attack Surface
WordPress Hooks 4
Maintenance & Trust
Nice Navigation Maintenance & Trust
Maintenance Signals
Community Trust
Nice Navigation Alternatives
Expandable/Collapsible Menu
netgo-expandablecollapsible-menu
Adds a widget that makes your 'all page list' or 'menu' with slide expandable and collapsible effect.
Horizontal Carousel
netgo-horizontal-carousel
Using this plugin, you can put horizontal image slider with the help of shortcode used after installing plug in.
Nested Pages
wp-nested-pages
Nested Pages provides a drag and drop interface for managing pages & posts in the WordPress admin, while maintaining quick edit functionality.
CMS Tree Page View
cms-tree-page-view
Adds a tree view of all pages & custom posts. Get a great overview + options to drag & drop to reorder & option to add multiple pages.
Next Page, Not Next Post
next-page-not-next-post
Easily create navigation to sibling pages. Similar to next_post_link() and previous_post_link() but for pages.
Nice Navigation Developer Profile
11 plugins · 361K total installs
How We Detect Nice Navigation
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/nice-navigation/script.js/wp-content/plugins/nice-navigation/styles.css/wp-content/plugins/nice-navigation/script.jsnice-navigation/script.js?ver=nice-navigation/styles.css?ver=HTML / DOM Fingerprints
nice_navigationnice_navigation_look_wikipedianice-navigation-classNice_Navigation debug:
Function: %1$s
Argument: %2$s
widget_idnice_navigation_options