[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fFMzJVkG098T5qo2nhBZslwDG-E7lo6JnZFMgxfw4tyo":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":39,"analysis":40,"fingerprints":240},"wp-nav-plus","WP Nav Plus","3.4.9","Matt Keys","https:\u002F\u002Fprofiles.wordpress.org\u002Fmattkeys\u002F","\u003Cp>WP Nav Plus has been designed to fill gaps in the WordPress menu system which make it difficult to accomplish many popular website design patterns. \u003Cstrong>This is a tool built for developers\u003C\u002Fstrong> to help get the right menu items output onto the page. This plugin applies no additional CSS styling or JS interaction to menus. Styling and interaction are the job of the theme, and may need to be altered to achieve your desired appearance.\u003C\u002Fp>\n\u003Cp>This plugin integrates with the native WordPress \u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Freference\u002Ffunctions\u002Fwp_nav_menu\u002F\" rel=\"nofollow ugc\">WP Nav Menu function\u003C\u002Fa> which means you can access all of the features of this plugin in your templates. There is also an included widget as an alternative integration method.\u003C\u002Fp>\n\u003Ch3>Split Menus\u003C\u002Fh3>\n\u003Cp>Many website designs call for a submenu, often right below the primary navigation in the header, or in a sidebar on interior pages. These submenu’s are designed to show the children of the currently active menu item. WP Nav Plus makes it super simple to build out these types of menus using the widget, or by using the ‘start_depth’ argument in your wp_nav_menu() function.\u003C\u002Fp>\n\u003Ch3>Divided Menus\u003C\u002Fh3>\n\u003Cp>A fairly common website design pattern you may see online calls for the header navigation menu to be placed left and right of a central object, like the site logo. WP Nav Plus makes it very easy to build out these menus using the widget, or by using the ‘divider_html’ argument in your wp_nav_menu() function.\u003C\u002Fp>\n\u003Ch3>Limit and Offset\u003C\u002Fh3>\n\u003Cp>Often website designs call for a menu to be split up into multiple columns, or rows. Such as a multi-column footer sitemap. WP Nav Plus provides the capabilities you need to quickly build these custom menu layouts using the widget, or by using the ‘limit’ and ‘offset’ argument in your wp_nav_menu() function.\u003C\u002Fp>\n\u003Ch3>Menu Segments\u003C\u002Fh3>\n\u003Cp>It is sometimes useful to display a particular segment of your WordPress menu on its own. Menu Segments allow you to specify a portion of your menu for display based on the parent menu item. Uses for menu segments could include Footer Sitemaps, Mega Menus, or all sorts of other custom menu layout needs. Accomplish menu segments by using the widget, or by using the ‘segment’ argument in your wp_nav_menu() function.\u003C\u002Fp>\n\u003Ch3>Installation & Configuration\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Login to your WordPress Admin page (usually http:\u002F\u002Fyourdomain.com\u002Fwp-admin)\u003C\u002Fli>\n\u003Cli>Navigate to the Plugins screen and then click the “Add New” button\u003C\u002Fli>\n\u003Cli>Click on the “Upload” link near the top of the page and browse for the WP Nav Plus zip file\u003C\u002Fli>\n\u003Cli>Upload the file, and click “Activate Plugin” after the installation completes\u003C\u002Fli>\n\u003Cli>See the documentation which includes some video recordings of the included functionality to help you get started\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>This plugin can be used either with the provided “WP Nav Plus” widget, or in your PHP templates, by using the new arguments which this plugin adds to the \u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Freference\u002Ffunctions\u002Fwp_nav_menu\u002F\" rel=\"nofollow ugc\">WP Nav Menu function\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>For help getting started please see the included documentation in the \u002Fdocumentation directory or online at:  \u003Ca href=\"http:\u002F\u002Fmattkeys.me\u002Fdocumentation\u002Fwp-nav-plus\u002F\" rel=\"nofollow ugc\">http:\u002F\u002Fmattkeys.me\u002Fdocumentation\u002Fwp-nav-plus\u002F\u003C\u002Fa>\u003C\u002Fp>\n","WP Nav Plus fills gaps in the WordPress menu system. Use for split menus, divided menus, menu segments, or to limit and\u002For offset the menu output.",1000,17350,100,5,"2022-02-07T04:12:00.000Z","5.9.13","3.0.1","",[20,21,22,23,24],"divided-menu","secondary-menu","split-menu","start-depth","tertiary-menu","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-nav-plus.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":35,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},"mattkeys",4,121300,90,421,72,"2026-04-04T03:46:05.871Z",[],{"attackSurface":41,"codeSignals":104,"taintFlows":205,"riskAssessment":231,"analyzedAt":239},{"hooks":42,"ajaxHandlers":93,"restRoutes":100,"shortcodes":101,"cronEvents":102,"entryPointCount":103,"unprotectedCount":27},[43,50,55,60,63,66,68,70,71,73,76,78,82,84,89],{"type":44,"name":45,"callback":46,"priority":47,"file":48,"line":49},"filter","wp_nav_menu_args","current_nav_args",15,"feature_classes\\divided_menu.php",16,{"type":44,"name":51,"callback":52,"priority":53,"file":48,"line":54},"wp_nav_menu_items","filter_wp_nav_menu_items",10,17,{"type":56,"name":57,"callback":58,"file":48,"line":59},"action","wp","init",92,{"type":44,"name":45,"callback":46,"priority":61,"file":62,"line":49},20,"feature_classes\\limit_offset.php",{"type":44,"name":64,"callback":65,"priority":47,"file":62,"line":54},"wp_get_nav_menu_items","filter_nav_menu_items",{"type":56,"name":57,"callback":58,"file":62,"line":67},109,{"type":44,"name":45,"callback":46,"priority":14,"file":69,"line":49},"feature_classes\\menu_segment.php",{"type":44,"name":64,"callback":65,"priority":14,"file":69,"line":54},{"type":56,"name":57,"callback":58,"file":69,"line":72},81,{"type":44,"name":45,"callback":46,"priority":53,"file":74,"line":75},"feature_classes\\start_depth.php",21,{"type":44,"name":64,"callback":65,"priority":53,"file":74,"line":77},22,{"type":44,"name":79,"callback":80,"priority":53,"file":74,"line":81},"wp_nav_plus_find_children","find_children",23,{"type":56,"name":57,"callback":58,"file":74,"line":83},342,{"type":56,"name":85,"callback":86,"file":87,"line":88},"widgets_init","register_wp_nav_plus_widget","widget.php",256,{"type":56,"name":90,"callback":91,"file":87,"line":92},"admin_enqueue_scripts","enqueue_wp_nav_plus_scripts",272,[94],{"action":95,"nopriv":96,"callback":97,"hasNonce":98,"hasCapCheck":96,"file":87,"line":99},"wpnp_get_nav_items",false,"wp_nav_plus_get_nav_items",true,287,[],[],[],1,{"dangerousFunctions":105,"sqlUsage":106,"outputEscaping":111,"fileOperations":27,"externalRequests":27,"nonceChecks":103,"capabilityChecks":27,"bundledLibraries":204},[],{"prepared":107,"raw":103,"locations":108},2,[109],{"file":48,"line":37,"context":110},"$wpdb->query() with variable interpolation",{"escaped":112,"rawEcho":113,"locations":114},19,50,[115,118,120,122,124,125,127,129,131,133,134,136,138,139,141,143,144,146,148,149,151,153,155,157,158,160,162,164,166,167,169,171,172,174,176,178,180,181,183,185,187,189,190,192,194,196,198,199,201,202],{"file":87,"line":116,"context":117},63,"raw output",{"file":87,"line":119,"context":117},66,{"file":87,"line":121,"context":117},70,{"file":87,"line":123,"context":117},71,{"file":87,"line":37,"context":117},{"file":87,"line":126,"context":117},77,{"file":87,"line":128,"context":117},126,{"file":87,"line":130,"context":117},139,{"file":87,"line":132,"context":117},140,{"file":87,"line":132,"context":117},{"file":87,"line":135,"context":117},143,{"file":87,"line":137,"context":117},144,{"file":87,"line":137,"context":117},{"file":87,"line":140,"context":117},154,{"file":87,"line":142,"context":117},155,{"file":87,"line":142,"context":117},{"file":87,"line":145,"context":117},159,{"file":87,"line":147,"context":117},160,{"file":87,"line":147,"context":117},{"file":87,"line":150,"context":117},163,{"file":87,"line":152,"context":117},164,{"file":87,"line":154,"context":117},175,{"file":87,"line":156,"context":117},176,{"file":87,"line":156,"context":117},{"file":87,"line":159,"context":117},178,{"file":87,"line":161,"context":117},179,{"file":87,"line":163,"context":117},190,{"file":87,"line":165,"context":117},191,{"file":87,"line":165,"context":117},{"file":87,"line":168,"context":117},194,{"file":87,"line":170,"context":117},195,{"file":87,"line":170,"context":117},{"file":87,"line":173,"context":117},197,{"file":87,"line":175,"context":117},198,{"file":87,"line":177,"context":117},209,{"file":87,"line":179,"context":117},210,{"file":87,"line":179,"context":117},{"file":87,"line":182,"context":117},213,{"file":87,"line":184,"context":117},214,{"file":87,"line":186,"context":117},220,{"file":87,"line":188,"context":117},221,{"file":87,"line":188,"context":117},{"file":87,"line":191,"context":117},223,{"file":87,"line":193,"context":117},224,{"file":87,"line":195,"context":117},234,{"file":87,"line":197,"context":117},235,{"file":87,"line":197,"context":117},{"file":87,"line":200,"context":117},242,{"file":87,"line":200,"context":117},{"file":87,"line":203,"context":117},284,[],[206,223],{"entryPoint":207,"graph":208,"unsanitizedCount":27,"severity":222},"wp_nav_plus_get_nav_items (widget.php:274)",{"nodes":209,"edges":220},[210,215],{"id":211,"type":212,"label":213,"file":87,"line":214},"n0","source","$_POST",278,{"id":216,"type":217,"label":218,"file":87,"line":203,"wp_function":219},"n1","sink","echo() [XSS]","echo",[221],{"from":211,"to":216,"sanitized":98},"low",{"entryPoint":224,"graph":225,"unsanitizedCount":27,"severity":222},"\u003Cwidget> (widget.php:0)",{"nodes":226,"edges":229},[227,228],{"id":211,"type":212,"label":213,"file":87,"line":214},{"id":216,"type":217,"label":218,"file":87,"line":203,"wp_function":219},[230],{"from":211,"to":216,"sanitized":98},{"summary":232,"deductions":233},"The wp-nav-plus plugin v3.4.9 presents a generally good security posture based on the provided static analysis and vulnerability history.  The plugin exhibits a small attack surface, with only one AJAX handler and no exposed REST API routes, shortcodes, or cron events.  Crucially, the single AJAX handler appears to have authorization checks, which is a strong security practice.  The code also shows some positive signs with a majority of SQL queries utilizing prepared statements and a moderate number of output escaping routines, although the escape rate could be improved.  The complete absence of known CVEs and a history of no recorded vulnerabilities is a significant strength, suggesting a well-maintained and secure plugin over time.\n\nHowever, there are areas for improvement. The percentage of properly escaped output (28%) is concerningly low. While no critical or high severity taint flows were identified, this low escaping rate increases the potential for cross-site scripting (XSS) vulnerabilities if input is not handled carefully in the unescaped outputs.  The plugin also lacks capability checks for its AJAX handler, which, while having an unspecified auth check, could still be a point of weakness if the authentication is not robust. The presence of 1 nonce check is positive, but it is only applied to one entry point.  Overall, the plugin is in a strong position due to its minimal attack surface and clean vulnerability history, but the output escaping and the lack of explicit capability checks on the AJAX handler warrant attention to further harden its security.",[234,237],{"reason":235,"points":236},"Low output escaping percentage",6,{"reason":238,"points":14},"No capability checks on AJAX handler","2026-03-16T18:53:57.312Z",{"wat":241,"direct":250},{"assetPaths":242,"generatorPatterns":245,"scriptPaths":246,"versionParams":247},[243,244],"\u002Fwp-content\u002Fplugins\u002Fwp-nav-plus\u002Fassets\u002Fcss\u002Fwp-nav-plus.css","\u002Fwp-content\u002Fplugins\u002Fwp-nav-plus\u002Fassets\u002Fjs\u002Fwp-nav-plus.js",[],[244],[248,249],"wp-nav-plus\u002Fassets\u002Fcss\u002Fwp-nav-plus.css?ver=","wp-nav-plus\u002Fassets\u002Fjs\u002Fwp-nav-plus.js?ver=",{"cssClasses":251,"htmlComments":256,"htmlAttributes":257,"restEndpoints":259,"jsGlobals":260,"shortcodeOutput":262},[252,253,254,255],"wpnp_section_title","toggle_wpnp_option","wpnp_section_wrap","wpnp_menu_name",[],[258],"data-wpnp-menu-id",[],[261],"window.WPNavPlus",[]]