WP-Safety

User Menus – Nav Menu Visibility Security & Risk Analysis

wordpress.org/plugins/user-menus

Show/hide menu items to logged in users, logged out users or specific user roles. Display logged in user details in menu. Add a logout link to menu.

80K active installs v1.3.2 PHP 5.6+ WP 4.6+ Updated Oct 18, 2024
logoutmenumenusnav-menuuser-menu
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is User Menus – Nav Menu Visibility Safe to Use in 2026?

Generally Safe

Score 92/100

User Menus – Nav Menu Visibility has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The user-menus plugin v1.3.2 exhibits a strong security posture based on the provided static analysis. The absence of dangerous functions, raw SQL queries, file operations, and external HTTP requests is commendable. Furthermore, the robust implementation of nonce and capability checks for its single AJAX entry point indicates a good understanding of WordPress security best practices, especially with 100% of SQL queries using prepared statements and a high percentage of output being properly escaped.

The vulnerability history shows a clean slate with no known CVEs, which is a significant positive indicator. This suggests a history of diligent security practices from the developers or that the plugin's functionality has not presented common exploitable patterns. The taint analysis also reported no flows, further reinforcing the perceived security of the code.

Overall, this plugin appears to be well-secured. The primary area of potential concern, though minor in this case due to existing checks, is the single AJAX handler. While it has checks, any future additions or modifications to this handler would require careful attention to maintain its security. The bundled Freemius library also warrants monitoring for its version and any potential vulnerabilities, though it is not flagged as an immediate issue here.

Key Concerns

  • Bundled Freemius v1.0 library, could be outdated
  • 122 outputs, 89% escaped - potential for unescaped output
Vulnerabilities
None known

User Menus – Nav Menu Visibility Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

User Menus – Nav Menu Visibility Release Timeline

v1.3.2Current
v1.3.1
v1.3.0
v1.2.9
v1.2.8
v1.2.7
v1.2.6
v1.2.5
v1.2.4
v1.2.3
v1.2.2
v1.2.1
v1.2.0
v1.1.3
v1.1.2
v1.1.1
v1.1.0
v1.0.0
Code Analysis
Analyzed Mar 16, 2026

User Menus – Nav Menu Visibility Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
14
108 escaped
Nonce Checks
3
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

Freemius1.0

Output Escaping

89% escaped122 total outputs
Attack Surface

User Menus – Nav Menu Visibility Attack Surface

Entry Points1
Unprotected0

AJAX Handlers 1

authwp_ajax_jpum_review_actionincludes\classes\admin\reviews.php:35
WordPress Hooks 16
filterwp_edit_nav_menu_walkerincludes\classes\admin\menu-editor.php:25
actionadmin_head-nav-menus.phpincludes\classes\admin\menu-editor.php:26
actionadmin_enqueue_scriptsincludes\classes\admin\menu-editor.php:27
actionadmin_footerincludes\classes\admin\menu-editor.php:186
actionadmin_initincludes\classes\admin\menu-importer.php:24
actionwp_nav_menu_item_custom_fieldsincludes\classes\admin\menu-settings.php:25
actionwp_update_nav_menu_itemincludes\classes\admin\menu-settings.php:26
actionadmin_initincludes\classes\admin\reviews.php:34
actionadmin_noticesincludes\classes\admin\reviews.php:44
actionnetwork_admin_noticesincludes\classes\admin\reviews.php:45
actionuser_admin_noticesincludes\classes\admin\reviews.php:46
filterimport_post_meta_keyincludes\classes\importer\menu.php:186
filterhttp_request_timeoutincludes\classes\importer\menu.php:187
filterwp_setup_nav_menu_itemincludes\classes\menu\items.php:32
filterwp_get_nav_menu_itemsincludes\classes\site\menus.php:23
actionplugins_loadeduser-menus.php:156
Maintenance & Trust

User Menus – Nav Menu Visibility Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5
Last updatedOct 18, 2024
PHP min version5.6
Downloads889K

Community Trust

Rating100/100
Number of ratings1,273
Active installs80K
Alternatives

User Menus – Nav Menu Visibility Alternatives

Nav Menu Roles

Nav Menu Roles

nav-menu-roles

A
100

Hide custom menu items based on user roles.

70K No CVEs
LuckyWP ACF Menu Field

LuckyWP ACF Menu Field

luckywp-acf-menu-field

A
100

Add navigation menu field type to Advanced Custom Fields

5K No CVEs
Better Internal Link Search

Better Internal Link Search

better-internal-link-search

A
85

Improve the internal link popup manager with time-saving enhancements and features.

1K No CVEs
Bop Search Box Item Type For Nav Menus

Bop Search Box Item Type For Nav Menus

bop-search-box-item-type-for-nav-menus

A
85

Adds search box as a choice of item in navigation menus admin area.

1K No CVEs
Privilege Menu

Privilege Menu

privilege-menu

A
85

This plugin allows you to display menu items based on if a user is logged in, logged out or based on the role you have given the user.

1K No CVEs
Developer Profile

User Menus – Nav Menu Visibility Developer Profile

Daniel Iser

8 plugins · 827K total installs

68
trust score
Avg Security Score
84/100
Avg Patch Time
588 days
View full developer profile
Detection Fingerprints

How We Detect User Menus – Nav Menu Visibility

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/user-menus/includes/css/admin-style.css/wp-content/plugins/user-menus/includes/css/site-style.css/wp-content/plugins/user-menus/includes/js/admin-script.js/wp-content/plugins/user-menus/includes/js/site-script.js
Script Paths
/wp-content/plugins/user-menus/includes/js/admin-script.js/wp-content/plugins/user-menus/includes/js/site-script.js
Version Parameters
user-menus/includes/css/admin-style.css?ver=user-menus/includes/css/site-style.css?ver=user-menus/includes/js/admin-script.js?ver=user-menus/includes/js/site-script.js?ver=

HTML / DOM Fingerprints

CSS Classes
jp-user-menususer-menus-admin-nav
HTML Comments
<!-- User Links -->
Data Attributes
data-login-textdata-register-textdata-logout-textdata-profile-textdata-menu-iddata-user-id
JS Globals
jp_user_menus_admin_datajp_user_menus_site_data
REST Endpoints
/wp-json/user-menus/v1/menus
FAQ

Frequently Asked Questions about User Menus – Nav Menu Visibility