WP-Safety

ShiftNav – Responsive Mobile Menu Security & Risk Analysis

wordpress.org/plugins/shiftnav-responsive-mobile-menu

Add a native-style, off-canvas, responsive mobile navigation menu to your site.

10K active installs v1.8.2 PHP + WP 6.0+ Updated Jul 31, 2025
menumobilenavigationoff-canvasresponsive
98
A · Safe
CVEs total2
Unpatched0
Last CVEJun 5, 2025
Plugin page Download
Safety Verdict

Is ShiftNav – Responsive Mobile Menu Safe to Use in 2026?

Generally Safe

Score 98/100

ShiftNav – Responsive Mobile Menu has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Jun 5, 2025Updated 8mo ago
Risk Assessment

The ShiftNav Responsive Mobile Menu plugin, version 1.8.2, exhibits a generally good security posture with several strengths. The absence of raw SQL queries, file operations, and external HTTP requests are positive indicators. Furthermore, the presence of nonce and capability checks, while limited, suggests some awareness of secure coding practices. Taint analysis also shows no identified vulnerabilities in this area, which is a significant strength.

However, there are notable concerns, particularly regarding output escaping. With only 31% of outputs being properly escaped, there's a substantial risk of Cross-Site Scripting (XSS) vulnerabilities. The plugin's history of two medium-severity XSS vulnerabilities, with the most recent being surprisingly in the future (2025-06-05), also indicates a recurring issue with input sanitization and output neutralization. While there are no currently unpatched CVEs, the pattern suggests a potential for future XSS flaws if output escaping isn't addressed.

In conclusion, while ShiftNav 1.8.2 demonstrates some good security practices, the low percentage of properly escaped output is a significant weakness. This, combined with its historical XSS issues, presents a moderate risk. The plugin's attack surface is small and largely protected, which is positive, but the output escaping deficiency needs immediate attention to prevent potential XSS attacks.

Key Concerns

  • Insufficient output escaping (31% properly escaped)
  • History of medium severity XSS vulnerabilities
Vulnerabilities
2

ShiftNav – Responsive Mobile Menu Security Vulnerabilities

CVEs by Year

1 CVE in 2022
2022
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-49243medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ShiftNav – Responsive Mobile Menu <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jun 5, 2025 Patched in 1.8.1 (7d)
CVE-2022-4627medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ShiftNav – Responsive Mobile Menu <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Dec 28, 2022 Patched in 1.7.2 (391d)
Code Analysis
Analyzed Mar 16, 2026

ShiftNav – Responsive Mobile Menu Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
69
31 escaped
Nonce Checks
2
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

31% escaped100 total outputs
Attack Surface

ShiftNav – Responsive Mobile Menu Attack Surface

Entry Points4
Unprotected0

AJAX Handlers 1

authwp_ajax_shiftnav_save_menu_itemadmin\settings.menu.php:428

Shortcodes 3

[shiftnav_toggle] includes\functions.php:424
[shift_bloginfo] includes\functions.php:551
[shift_toggle_title] includes\functions.php:557
WordPress Hooks 35
actionshiftnav_settings_beforeadmin\admin.php:28
actionadmin_noticesadmin\admin.php:34
actionadmin_enqueue_scriptsadmin\settings-api.class.php:37
actionshiftnav_settings_before_titleadmin\settings.config.php:7
filtershiftnav_settings_panel_fields_afteradmin\settings.config.php:783
actionadmin_initadmin\settings.config.php:838
actioninitadmin\settings.config.php:846
actionadmin_menuadmin\settings.config.php:864
actionadmin_enqueue_scriptsadmin\settings.config.php:1042
actionshiftnav_settings_beforeadmin\settings.config.php:1060
actionadmin_print_styles-nav-menus.phpadmin\settings.menu.php:3
actionadmin_footer-nav-menus.phpadmin\settings.menu.php:173
actioncustomize_registercustomizer\customizer.php:41
actioncustomize_controls_enqueue_scriptscustomizer\customizer.php:296
actionwp_headcustomizer\customizer.php:315
actionshiftnav_after_menu_item_savecustomizer\customizer.styles.manager.php:22
actionshiftnav_settings_panel_updatedcustomizer\customizer.styles.manager.php:182
actioncustomize_save_aftercustomizer\customizer.styles.manager.php:183
actionplugins_loadedincludes\functions.php:2
actionwp_headincludes\functions.php:94
actionshiftnav_toggle_before_contentincludes\functions.php:137
actionwpincludes\functions.php:183
actionwp_footerincludes\functions.php:198
actionwp_body_openincludes\functions.php:200
actionwp_footerincludes\functions.php:203
actionwp_footerincludes\functions.php:205
actioninitincludes\functions.php:436
actionwp_enqueue_scriptsincludes\functions.php:497
actioninitincludes\functions.php:518
actioninitincludes\functions.php:526
actionshiftnav_beforeincludes\functions.php:576
actionwp_headincludes\functions.php:581
filterwp_nav_menu_argsincludes\functions.php:585
actionadmin_initshiftnav.class.php:315
actionadmin_noticesshiftnav.class.php:322
Maintenance & Trust

ShiftNav – Responsive Mobile Menu Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJul 31, 2025
PHP min version
Downloads393K

Community Trust

Rating92/100
Number of ratings68
Active installs10K
Alternatives

ShiftNav – Responsive Mobile Menu Alternatives

Max Mega Menu

Max Mega Menu

megamenu

A
99

An easy to use mega menu plugin. Written the WordPress way.

300K 2 CVEs
Responsive Menu – Create Mobile-Friendly Menu

Responsive Menu – Create Mobile-Friendly Menu

responsive-menu

A
97

Highly customisable Responsive Menu plugin with 150+ options. No coding knowledge needed to design it exactly as you want.

80K 5 CVEs
Responsive Navigation Block

Responsive Navigation Block

getdave-responsive-navigation-block

A
100

Complete control over your navigation menus based on screen size including styles and menu items.

1K No CVEs
Offcanvas Mobile Menu

Offcanvas Mobile Menu

offcanvas-menu

A
100

Best plugin to display beautiful fully customizable and responsive Offcanvas Mobile Menu or Wordrpess Hamberger Mobile Menu.

800 No CVEs
Mobile Menu Builder for WordPress

Mobile Menu Builder for WordPress

mobile-menu-builder

A
85

WordPress Mobile Menu Builder plugin is specially designed for mobiles. It is easy to use, customizable, and is highly flexible.

600 No CVEs
Developer Profile

ShiftNav – Responsive Mobile Menu Developer Profile

sevenspark

6 plugins · 126K total installs

71
trust score
Avg Security Score
89/100
Avg Patch Time
395 days
View full developer profile
Detection Fingerprints

How We Detect ShiftNav – Responsive Mobile Menu

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/shiftnav-responsive-mobile-menu/shiftnav.js/wp-content/plugins/shiftnav-responsive-mobile-menu/shiftnav.css/wp-content/plugins/shiftnav-responsive-mobile-menu/admin/css/settings.css/wp-content/plugins/shiftnav-responsive-mobile-menu/admin/js/settings.js
Script Paths
/wp-content/plugins/shiftnav-responsive-mobile-menu/shiftnav.js/wp-content/plugins/shiftnav-responsive-mobile-menu/admin/js/settings.js
Version Parameters
shiftnav-responsive-mobile-menu/shiftnav.js?ver=shiftnav-responsive-mobile-menu/shiftnav.css?ver=shiftnav-responsive-mobile-menu/admin/css/settings.css?ver=shiftnav-responsive-mobile-menu/admin/js/settings.js?ver=

HTML / DOM Fingerprints

CSS Classes
shiftnav-wrapshiftnav-menu-innershiftnav-toggle
HTML Comments
Copyright 2014-2025 Chris Mavricos, SevenSpark
Data Attributes
data-shiftnav-target
JS Globals
shiftnav_options
FAQ

Frequently Asked Questions about ShiftNav – Responsive Mobile Menu