Does WP Menu Image have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Menu Image have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Menu Image compatible with WordPress 6.7.5?

According to WordPress.org data, WP Menu Image 2.3 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is WP Menu Image compatible with PHP 7.0+?

WP Menu Image requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WP Menu Image updated?

WP Menu Image was last updated on Feb 23, 2026. Frequent updates are generally a positive security signal.

What is WP Menu Image's security score?

WP Menu Image has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Menu Image Security & Risk Analysis

wordpress.org/plugins/wp-menu-image

Empower your WordPress menus with images. Easily add, position, and customize images for a unique menu experience.

2K active installs v2.3 PHP 7.0+ WP 5.4+ Updated Feb 23, 2026

iconimagemenumenu-iconmenu-image

A · Safe

CVEs total1

Unpatched0

Last CVEDec 16, 2024

Plugin page Download

Safety Verdict

Is WP Menu Image Safe to Use in 2026?

Generally Safe

Score 99/100

WP Menu Image has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Dec 16, 2024Updated 1mo ago

Risk Assessment

The wp-menu-image plugin v2.3 exhibits a generally strong security posture based on the provided static analysis. The code adheres to several best practices, including 100% proper output escaping and the use of prepared statements for all SQL queries. Furthermore, the absence of dangerous functions, file operations, and external HTTP requests reduces the potential attack surface. The presence of nonce and capability checks on its single AJAX entry point is also a positive indicator. However, the plugin's vulnerability history is a significant concern. The single known CVE, even if currently patched, and the pattern of "Missing Authorization" vulnerabilities in the past suggest a recurring weakness in how the plugin handles user permissions, which could potentially be exploited again if not meticulously addressed in subsequent updates. While the current analysis doesn't reveal active vulnerabilities, the historical context warrants caution.

Key Concerns

Past vulnerability history indicating authorization weaknesses

Vulnerabilities

WP Menu Image Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-52485medium · 5.3Missing Authorization

WP Menu Image <= 2.2 - Missing Authorization to Unauthenticated Menu Image Deletion

Dec 16, 2024 Patched in 2.3 (33d)

Code Analysis

Analyzed Mar 16, 2026

WP Menu Image Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

49 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped49 total outputs

Attack Surface

WP Menu Image Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_del_imginit\wmi-functions.php:169

WordPress Hooks 6

actionadmin_enqueue_scriptsinit\wmi-functions.php:26

actionwp_enqueue_scriptsinit\wmi-functions.php:34

actionwp_update_nav_menu_iteminit\wmi-functions.php:37

actionwp_nav_menu_item_custom_fieldsinit\wmi-functions.php:122

filternav_menu_item_titleinit\wmi-functions.php:152

filternav_menu_css_classinit\wmi-functions.php:155

Maintenance & Trust

WP Menu Image Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedFeb 23, 2026

PHP min version7.0

Downloads20K

Community Trust

Rating100/100

Number of ratings2

Active installs2K

Alternatives

WP Menu Image Alternatives

Iconic Navigation

iconic-navigation

Adds image/font responsive icons to menu items via upload or Media Library or over 1400 of Font Icons choice. Custom options for each location.

100 No CVEs

Menu Iconset

menu-iconset

Menu Iconset is designed to add icon to WordPress navigation menu item. Copy any icon image url and paste url into Icon URL field.

0 No CVEs

Menu Image, Icons made easy

menu-image

Adds an image or icon in the menu items. You can choose the position of the image (after, before, above, below) or even hide the menu item title.

100K 2 CVEs

WP Menu Icons

wp-menu-icons

100

WP Menu Icons allows you to add icons to your WordPress menu items.

20K No CVEs

Icon List Block – Add Icon-Based Lists with Custom Styles

icon-list-block

Create a list with an icon with this block plugin.

4K 2 CVEs

Developer Profile

WP Menu Image Developer Profile

Yudiz Solutions Pvt. Ltd.

14 plugins · 6K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

59 days

View full developer profile

Detection Fingerprints

How We Detect WP Menu Image

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-menu-image/assets/js/wmi-admin-script.js/wp-content/plugins/wp-menu-image/assets/css/wmi-style.css/wp-content/plugins/wp-menu-image/assets/css/wmi-front-style.css

Script Paths

/wp-content/plugins/wp-menu-image/assets/js/wmi-admin-script.js

Version Parameters

wp-menu-image/assets/js/wmi-admin-script.js?ver=wp-menu-image/assets/css/wmi-style.css?ver=wp-menu-image/assets/css/wmi-front-style.css?ver=

HTML / DOM Fingerprints

CSS Classes

wmi-admin-scriptwmi-admin-stylewmi-front-stylefield-custom_menu_metamenu-imgmenu-img-blockmenu-block-menu-actions+8 more

HTML Comments

/* <img src="*//* <img src="*/

Data Attributes

wmi-admin-scriptwmi-admin-stylewmi-front-stylemenu-item-imagemenu-item-img-positionmenu-item-id+12 more

JS Globals

deleteimg_ajax

FAQ