WP-Safety

WP API Menus Security & Risk Analysis

wordpress.org/plugins/wp-api-menus

Extends WordPress WP REST API with new routes pointing to WordPress menus.

2K active installs v1.3.2 PHP + WP 3.6.0+ Updated Aug 18, 2020
jsonjson-rest-apimenuswp-apiwp-rest-api
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WP API Menus Safe to Use in 2026?

Generally Safe

Score 85/100

WP API Menus has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago
Risk Assessment

Based on the provided static analysis and vulnerability history, the wp-api-menus plugin version 1.3.2 exhibits a strong security posture. The static analysis reveals no identified attack vectors such as unprotected AJAX handlers, REST API routes, shortcodes, or cron events. Furthermore, the code demonstrates robust development practices by utilizing prepared statements for all SQL queries and ensuring all output is properly escaped. The absence of dangerous function calls, file operations, external HTTP requests, and critical taint flows further reinforces this positive assessment. The plugin also lacks any recorded vulnerabilities in its history, with zero known CVEs of any severity, suggesting a history of stable and secure development.

Vulnerabilities
None known

WP API Menus Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

WP API Menus Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0
Attack Surface

WP API Menus Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 3
filterrest_api_initwp-api-menus.php:53
filterjson_endpointswp-api-menus.php:56
actioninitwp-api-menus.php:60
Maintenance & Trust

WP API Menus Maintenance & Trust

Maintenance Signals

WordPress version tested5.5.0
Last updatedAug 18, 2020
PHP min version
Downloads108K

Community Trust

Rating100/100
Number of ratings8
Active installs2K
Alternatives

WP API Menus Alternatives

WP-REST-API Menus

WP-REST-API Menus

wp-rest-api-menus

A
85

Adds menu endpoints to core WP REST API.

70 No CVEs
WP API (V2) WooCommerce endpoints

WP API (V2) WooCommerce endpoints

wp-api-v2-woocommerce-endpoints

A
85

Extends WordPress WP REST API (V2) with new endpoints pointing to WooCommerce page functions (is_shop, is_cart, is_checkout, is_account_page).

10 No CVEs
WP API Options

WP API Options

wp-rest-api-options

A
85

Extends WordPress WP REST API with new routes pointing to WordPress options.

10 No CVEs
WP API (V2) isFront

WP API (V2) isFront

wp-rest-api-v2-isfront

A
85

Extends WordPress WP REST API (V2) with new endpoints pointing to WordPress isFront function.

10 No CVEs
REST API Log

REST API Log

wp-rest-api-log

A
92

WordPress plugin to log REST API requests and responses

5K No CVEs
Developer Profile

WP API Menus Developer Profile

Fulvio Notarstefano

3 plugins · 3K total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WP API Menus

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-api-menus/css/wp-api-menus.css/wp-content/plugins/wp-api-menus/js/wp-api-menus.js
Script Paths
/wp-content/plugins/wp-api-menus/js/wp-api-menus.js
Version Parameters
wp-api-menus/css/wp-api-menus.css?ver=wp-api-menus/js/wp-api-menus.js?ver=

HTML / DOM Fingerprints

HTML Comments
<!-- WP REST API Menu routes --><!-- WP REST Menus class. --><!-- WP API Menus support for WP API v2. --><!-- Init JSON REST API Menu routes. -->
REST Endpoints
/wp-json/wp-api-menus/v2/menus/wp-json/wp-api-menus/v2/menus/(?P<id>\d+)/wp-json/wp-api-menus/v2/menu-locations/wp-json/wp-api-menus/v2/menu-locations/(?P<location>[a-zA-Z0-9_-]+)
FAQ

Frequently Asked Questions about WP API Menus