WP-Safety

Material UI Menu Icons – Nifty Menu Options Security & Risk Analysis

wordpress.org/plugins/nifty-menu-options

Adds beautiful icons to your WordPress menu items. More menu item options are coming soon!

200 active installs v1.0.2 PHP 5.4+ WP 4.5+ Updated Sep 20, 2020
iconsmenumenu-iconsnav-menunavigation
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Material UI Menu Icons – Nifty Menu Options Safe to Use in 2026?

Generally Safe

Score 85/100

Material UI Menu Icons – Nifty Menu Options has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago
Risk Assessment

The nifty-menu-options v1.0.2 plugin exhibits a concerning security posture due to its unprotected AJAX endpoints. While the plugin demonstrates good practices in other areas, such as exclusively using prepared statements for SQL queries and having a high percentage of properly escaped output, the presence of two AJAX handlers without authentication checks presents a significant attack surface. This means any unauthenticated user could potentially interact with these endpoints, leading to unintended actions or information disclosure.

The static analysis also flags the use of the `unserialize` function, which, without proper sanitization of the input data, can lead to Remote Code Execution vulnerabilities. Although no critical or high severity taint flows were identified in this analysis, the potential for such issues exists when `unserialize` is used in conjunction with user-controlled input. The absence of any recorded vulnerabilities in its history is a positive sign, suggesting that the developers may be diligent or that the plugin has not been extensively targeted or tested for vulnerabilities. However, this lack of history should not be seen as a guarantee of future security.

In conclusion, the plugin has strengths in its data handling and output sanitization, but these are overshadowed by the critical flaw of unprotected AJAX endpoints. The potential for deserialization vulnerabilities further elevates the risk. While the plugin has a clean vulnerability history, the identified weaknesses create a notable risk that requires immediate attention to secure the application.

Key Concerns

  • AJAX handlers without authentication checks
  • Use of unserialize function
Vulnerabilities
None known

Material UI Menu Icons – Nifty Menu Options Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Material UI Menu Icons – Nifty Menu Options Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
2 prepared
Unescaped Output
9
167 escaped
Nonce Checks
1
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$icon[] = unserialize( $icons[$id][0]->meta_value );src\classes\class-helper.php:129

SQL Query Safety

100% prepared2 total queries

Output Escaping

95% escaped176 total outputs
Attack Surface
2 unprotected

Material UI Menu Icons – Nifty Menu Options Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_nifty_admin_ajaxsrc\classes\class-admin.php:130
noprivwp_ajax_nifty_admin_ajaxsrc\classes\class-admin.php:137
WordPress Hooks 16
actionload-nav-menus.phpsrc\classes\class-loader.php:169
actionload-nav-menus.phpsrc\classes\class-loader.php:175
actioninitsrc\classes\class-loader.php:181
actionplugins_loadedsrc\classes\class-loader.php:188
actionplugins_loadedsrc\classes\class-loader.php:193
actionwp_enqueue_scriptssrc\classes\class-loader.php:213
actionwp_enqueue_scriptssrc\classes\class-loader.php:218
actionwp_enqueue_scriptssrc\classes\class-loader.php:223
filteris_protected_metasrc\classes\class-metabox.php:77
filternav_menu_item_titlesrc\classes\class-publicpages.php:84
filterwp_edit_nav_menu_walkersrc\resources\class-menuiconpicker.php:51
actionwp_nav_menu_item_custom_fieldssrc\resources\class-menuiconpicker.php:52
actionwp_update_nav_menu_itemsrc\resources\class-menuiconpicker.php:53
filterwp_edit_nav_menu_walkersrc\resources\includes\library\custom-fields\class-nifty-menu-item-custom-fields.php:54
actionwp_loadedsrc\resources\includes\library\custom-fields\class-nifty-menu-item-custom-fields.php:78
filternifty_menu_options_add_icon_library_filtersrc\template-tags\template-tags.php:200
Maintenance & Trust

Material UI Menu Icons – Nifty Menu Options Maintenance & Trust

Maintenance Signals

WordPress version tested5.5.18
Last updatedSep 20, 2020
PHP min version5.4
Downloads17K

Community Trust

Rating100/100
Number of ratings1
Active installs200
Alternatives

Material UI Menu Icons – Nifty Menu Options Alternatives

Easy Menu Icons – Awesome Menu Icons

Easy Menu Icons – Awesome Menu Icons

easy-menu-icons

A
100

The Easy Menu Icons Plugin for WordPress menu icon plugin where can decoration your menu item with different types icon.

600 No CVEs
Menu Icons by ThemeIsle

Menu Icons by ThemeIsle

menu-icons

A
98

Spice up your navigation menus with pretty icons, easily.

100K 2 CVEs
Menu Image, Icons made easy

Menu Image, Icons made easy

menu-image

A
99

Adds an image or icon in the menu items. You can choose the position of the image (after, before, above, below) or even hide the menu item title.

100K 2 CVEs
The Menu: Custom mobile navigation with icons

The Menu: Custom mobile navigation with icons

the-menu

A
100

Create beautiful mobile navigation menus with custom icons, role-based visibility, and extensive style options for your WordPress site.

400 No CVEs
WP Menu Icons

WP Menu Icons

wp-menu-icons

A
100

WP Menu Icons allows you to add icons to your WordPress menu items.

20K No CVEs
Developer Profile

Material UI Menu Icons – Nifty Menu Options Developer Profile

Joseph G.

6 plugins · 5K total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Material UI Menu Icons – Nifty Menu Options

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/nifty-menu-options/public/js/admin-nifty-menu-options.js/wp-content/plugins/nifty-menu-options/public/css/admin-nifty-menu-options.css
Script Paths
/wp-content/plugins/nifty-menu-options/public/js/admin-nifty-menu-options.js
Version Parameters
nifty-menu-options/public/js/admin-nifty-menu-options.js?ver=nifty-menu-options/public/css/admin-nifty-menu-options.css?ver=

HTML / DOM Fingerprints

CSS Classes
nifty-messagenothing-found-herewarningloading-wrapperloading
Data Attributes
data-nifty-setting
JS Globals
nifty-menu-options_admin_object
FAQ

Frequently Asked Questions about Material UI Menu Icons – Nifty Menu Options