WP-Safety

WP REST Menus Security & Risk Analysis

wordpress.org/plugins/wp-rest-menu

Add menus endpoints to WP REST API

100 active installs v1.0.4 PHP 5.6+ WP 5.0+ Updated Feb 17, 2022
apiv2wp-rest-apiwp-rest-menus
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WP REST Menus Safe to Use in 2026?

Generally Safe

Score 85/100

WP REST Menus has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago
Risk Assessment

The plugin "wp-rest-menu" v1.0.4 exhibits a strong security posture based on the provided static analysis. It has a negligible attack surface, with no AJAX handlers, REST API routes, shortcodes, or cron events exposed. Crucially, none of these entry points lack authentication or permission checks. The code also demonstrates good development practices by avoiding dangerous functions, performing all SQL queries using prepared statements, and properly escaping all output. There are no file operations or external HTTP requests, further reducing potential vulnerabilities. The absence of any recorded vulnerabilities in its history, including critical or high severity issues, is a significant positive indicator of its security. The lack of any identified taint flows also suggests that data is handled safely within the plugin. Overall, this plugin appears to be developed with security in mind and poses a very low risk to a WordPress installation.

Vulnerabilities
None known

WP REST Menus Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

WP REST Menus Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
3 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

100% escaped3 total outputs
Attack Surface

WP REST Menus Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 1
actionrest_api_initwp-rest-menus.php:30
Maintenance & Trust

WP REST Menus Maintenance & Trust

Maintenance Signals

WordPress version tested5.9.13
Last updatedFeb 17, 2022
PHP min version5.6
Downloads8K

Community Trust

Rating100/100
Number of ratings4
Active installs100
Alternatives

WP REST Menus Alternatives

PixelYourSite – Your smart PIXEL (TAG) & API Manager

PixelYourSite – Your smart PIXEL (TAG) & API Manager

pixelyoursite

A
89

Add Meta Pixel with Conversion API, Google Analytics (GA4) + Consent Mode, Google Tag Manager, and Head & Footer scripts.

500K 11 CVEs
WP REST Cache

WP REST Cache

wp-rest-cache

A
98

Enable caching of the WordPress REST API and auto-flush caches upon wp-admin editing.

10K 1 CVE
REST API Log

REST API Log

wp-rest-api-log

A
92

WordPress plugin to log REST API requests and responses

5K No CVEs
REST API Toolbox

REST API Toolbox

rest-api-toolbox

A
92

Allows tweaking of several REST API settings

2K No CVEs
WP API Menus

WP API Menus

wp-api-menus

A
85

Extends WordPress WP REST API with new routes pointing to WordPress menus.

2K No CVEs
Developer Profile

WP REST Menus Developer Profile

skapator

5 plugins · 3K total installs

86
trust score
Avg Security Score
88/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WP REST Menus

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-rest-menu/build/index.asset.php

HTML / DOM Fingerprints

REST Endpoints
/wp-json/menus/v1/locations/wp-json/menus/v1/locations/(?P<slug>[a-zA-Z(-]+)/wp-json/menus/v1/menus/wp-json/menus/v1/menus/(?P<id>[0-9(-]+)
FAQ

Frequently Asked Questions about WP REST Menus