WP-Safety

WFK Menu Import/Export Security & Risk Analysis

wordpress.org/plugins/wfk-menu-importexport

Easily export and import WordPress navigation menus. Backup, migrate, and transfer menus between sites using a simple JSON file.

10 active installs v1.1.0 PHP 7.4+ WP 5.0+ Updated Mar 10, 2026
menumenu-exportmenu-importwfk-menu-import-export
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WFK Menu Import/Export Safe to Use in 2026?

Generally Safe

Score 100/100

WFK Menu Import/Export has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The "wfk-menu-importexport" plugin v1.1.0 demonstrates a generally good security posture based on the provided static analysis. It has a limited attack surface with all identified AJAX handlers performing nonce checks. The absence of shortcodes, cron events, and REST API routes further minimizes potential entry points. Crucially, the plugin utilizes prepared statements for all its SQL queries and has a high percentage of properly escaped output, indicating a strong focus on preventing common web vulnerabilities like SQL injection and cross-site scripting (XSS). The lack of any recorded vulnerabilities in its history is also a positive sign, suggesting a history of secure development. However, the presence of two 'unserialize' function calls is a notable concern. While not directly flagged in the taint analysis (which found no unsanitized paths), the unserialize function is inherently risky as it can lead to arbitrary code execution if processing untrusted data. Further investigation into how these unserialize calls are used and whether the data they process is strictly validated and sanitized is recommended. The single external HTTP request also warrants scrutiny to ensure it's not leading to any supply chain risks.

Key Concerns

  • Use of unserialize function
  • External HTTP request without context
Vulnerabilities
None known

WFK Menu Import/Export Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

WFK Menu Import/Export Release Timeline

v1.1.0Current
v1.0.0
Code Analysis
Analyzed Mar 17, 2026

WFK Menu Import/Export Code Analysis

Dangerous Functions
2
Raw SQL Queries
0
0 prepared
Unescaped Output
2
13 escaped
Nonce Checks
3
Capability Checks
0
File Operations
0
External Requests
1
Bundled Libraries
0

Dangerous Functions Found

unserializeif ( is_serialized( $value[0] ) && !empty( unserialize( $value[0] ) ) ) {includes\Wfktyh_Mie_Ajax.php:217
unserialize$temp = unserialize( $value[0] );includes\Wfktyh_Mie_Ajax.php:218

Output Escaping

87% escaped15 total outputs
Attack Surface

WFK Menu Import/Export Attack Surface

Entry Points3
Unprotected0

AJAX Handlers 3

authwp_ajax_select_menu_import_exportincludes\Wfktyh_Mie_Ajax.php:10
authwp_ajax_wfktyh_download_export_fileincludes\Wfktyh_Mie_Ajax.php:11
authwp_ajax_wfktyh_import_fileincludes\Wfktyh_Mie_Ajax.php:12
WordPress Hooks 12
actionadmin_menuincludes\Admin.php:10
actionadmin_enqueue_scriptsincludes\Admin.php:11
actionadmin_footerincludes\Admin.php:12
actionadmin_enqueue_scriptsincludes\Admin.php:96
actionadmin_enqueue_scriptsincludes\Assets.php:12
actionwp_enqueue_scriptsincludes\Assets.php:14
filterupload_mimesincludes\Wfktyh_Mie_Ajax.php:114
filterupload_dirincludes\Wfktyh_Mie_Ajax.php:115
filtermap_meta_capincludes\Wfktyh_Mie_Ajax.php:116
actionplugins_loadedwfktyh-menu-import-export.php:56
actioninitwfktyh-menu-import-export.php:170
actioninitwfktyh-menu-import-export.php:172
Maintenance & Trust

WFK Menu Import/Export Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 10, 2026
PHP min version7.4
Downloads1K

Community Trust

Rating60/100
Number of ratings2
Active installs10
Alternatives

WFK Menu Import/Export Alternatives

ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor

ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor

elementskit-lite

A
89

Join millions who empower their websites with ElementsKit Elementor Addons. Get templates, & 100+ widgets like header-footer, mega menu, custom widget

2.0M 24 CVEs
Premium Addons for Elementor – Powerful Elementor Templates & Widgets

Premium Addons for Elementor – Powerful Elementor Templates & Widgets

premium-addons-for-elementor

A
95

Elementor Carousel, Mega Menu, Posts List/Slider, Media Gallery, WooCommerce Widgets, Display Conditions, Premade Templates & more.

700K 36 CVEs
Admin Menu Editor

Admin Menu Editor

admin-menu-editor

A
96

Lets you edit the WordPress admin menu. You can re-order, hide or rename menus, add custom menus and more.

400K 3 CVEs
Happy Addons for Elementor

Happy Addons for Elementor

happy-elementor-addons

A
95

HappyAddons for Elementor-Get Header Footer, Single Post, Archive Page, Megamenu, Slider Builder & 143 Elementor Widgets.

400K 42 CVEs
Max Mega Menu

Max Mega Menu

megamenu

A
99

An easy to use mega menu plugin. Written the WordPress way.

300K 2 CVEs
Developer Profile

WFK Menu Import/Export Developer Profile

YH Sajib

2 plugins · 10 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WFK Menu Import/Export

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wfk-menu-importexport/assets/css/wfktyh-mie-style.css/wp-content/plugins/wfk-menu-importexport/assets/js/wfktyh-mie-script.js
Script Paths
/wp-content/plugins/wfk-menu-importexport/assets/js/wfktyh-mie-script.js
Version Parameters
wfk-menu-importexport/assets/css/wfktyh-mie-style.css?ver=wfk-menu-importexport/assets/js/wfktyh-mie-script.js?ver=

HTML / DOM Fingerprints

CSS Classes
wfp_menu_import_export_container
JS Globals
wfktyh_mie_vars
FAQ

Frequently Asked Questions about WFK Menu Import/Export