Does TinyNav have any unpatched vulnerabilities?

Yes — TinyNav currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is TinyNav compatible with WordPress 4.0.38?

According to WordPress.org data, TinyNav 1.4 has been tested up to WordPress 4.0.38. Check the plugin's changelog for the latest compatibility information.

How often is TinyNav updated?

TinyNav was last updated on Oct 12, 2014. Frequent updates are generally a positive security signal.

What is TinyNav's security score?

TinyNav has a WP-Safety security score of 63/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

TinyNav Security & Risk Analysis

wordpress.org/plugins/tinynav

This plugin adds TinyNav.js to your wp_head() so your menu(s) will be converted into a menu which is better readable on mobile screens.

100 active installs v1.4 PHP + WP 3.0+ Updated Oct 12, 2014

menumobilenavigationtinynav

C · Use Caution

CVEs total1

Unpatched1

Last CVEJun 19, 2025

Plugin page Download

Safety Verdict

Is TinyNav Safe to Use in 2026?

Use With Caution

Score 63/100

TinyNav has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Jun 19, 2025Updated 11yr ago

Risk Assessment

The tinynav plugin v1.4 exhibits a mixed security posture. On the positive side, its static analysis reveals no identified dangerous functions, all SQL queries utilize prepared statements, and there are no file operations or external HTTP requests. The attack surface appears minimal with zero AJAX handlers, REST API routes, shortcodes, or cron events. However, a significant concern is the complete lack of output escaping across all identified output points. This means any dynamic content rendered by the plugin is susceptible to Cross-Site Scripting (XSS) attacks if it originates from untrusted user input.

The vulnerability history shows one known medium-severity CVE, which is currently unpatched. The common vulnerability type being Cross-Site Request Forgery (CSRF) in the past suggests potential issues with how user actions are handled or verified. The presence of an unpatched CVE, even if medium severity, is a critical weakness that directly impacts the plugin's security. While the static analysis highlights good practices in other areas, the lack of output escaping and the unpatched CVE create exploitable weaknesses that require immediate attention.

Key Concerns

Unpatched CVEs exist
No output escaping
No nonce checks

Vulnerabilities

TinyNav Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-52781medium · 4.3Cross-Site Request Forgery (CSRF)

TinyNav <= 1.4 - Cross-Site Request Forgery

Jun 19, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

TinyNav Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped32 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

tinynav_options (tinynav.php:82)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

TinyNav Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 8

filterwp_nav_menutinynav.php:56

filterwp_page_menutinynav.php:69

actionadmin_menutinynav.php:77

actionwp_enqueue_scriptstinynav.php:353

actionwp_enqueue_scriptstinynav.php:358

actionwp_enqueue_scriptstinynav.php:366

actionadmin_headtinynav.php:381

actionwp_headtinynav.php:452

Maintenance & Trust

TinyNav Maintenance & Trust

Maintenance Signals

WordPress version tested4.0.38

Last updatedOct 12, 2014

PHP min version

Downloads9K

Community Trust

Rating94/100

Number of ratings3

Active installs100

Alternatives

TinyNav Alternatives

Max Mega Menu

megamenu

An easy to use mega menu plugin. Written the WordPress way.

300K 2 CVEs

Responsive Menu – Create Mobile-Friendly Menu

responsive-menu

Highly customisable Responsive Menu plugin with 150+ options. No coding knowledge needed to design it exactly as you want.

80K 5 CVEs

WP Mobile Bottom Menu

mobile-bottom-menu-for-wp

Smooth Navigation for Mobile. Create an Eye-Catching Sticky Bottom Menu with Limitless Customization Options.

10K 1 CVE

ShiftNav – Responsive Mobile Menu

shiftnav-responsive-mobile-menu

Add a native-style, off-canvas, responsive mobile navigation menu to your site.

10K 2 CVEs

Ollie Menu Designer

ollie-menu-designer

100

Create custom dropdown & mobile menus using WordPress blocks. Design rich, responsive navigation with any block content in the block editor.

2K No CVEs

Developer Profile

TinyNav Developer Profile

Beee

4 plugins · 330 total installs

trust score

Avg Security Score

77/100

Avg Patch Time

10 days

View full developer profile

Detection Fingerprints

How We Detect TinyNav

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/tinynav/tinynav.js

Script Paths