WP-Safety

Responsive Vertical Icon Menu Security & Risk Analysis

wordpress.org/plugins/wpdevart-vertical-menu

WordPress Responsive Vertical menu plugin is an nice and handy plugin for showing your menu in widget. It's very simple to use.

800 active installs v1.7.0 PHP + WP 3.4.0+ Updated Feb 2, 2026
menuresponsive-vertical-menusidebar-menusidebar-vertical-menuvertical-menu
99
A · Safe
CVEs total3
Unpatched0
Last CVEMar 31, 2023
Plugin page Download
Safety Verdict

Is Responsive Vertical Icon Menu Safe to Use in 2026?

Generally Safe

Score 99/100

Responsive Vertical Icon Menu has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

3 known CVEsLast CVE: Mar 31, 2023Updated 3mo ago
Risk Assessment

The wpdevart-vertical-menu plugin version 1.7.0 presents a mixed security posture. On one hand, it exhibits good practices by having no AJAX handlers, REST API routes, shortcodes, or cron events that are directly exposed or unprotected. The absence of file operations and external HTTP requests is also a positive sign. However, significant concerns arise from the code analysis. While the plugin utilizes nonces and some SQL prepared statements, the low percentage of properly escaped output (28%) is a major red flag, indicating a high likelihood of Cross-Site Scripting (XSS) vulnerabilities. The taint analysis further supports this, revealing flows with unsanitized paths, including one of high severity, which could lead to data leakage or further exploitation.

The plugin's vulnerability history is particularly worrying. With a total of three known CVEs, all of which were for medium severity and related to XSS and CSRF, it indicates a pattern of insecure input handling. Although there are currently no unpatched vulnerabilities, the historical prevalence of these specific vulnerability types suggests a recurring weakness in how user-supplied data is treated. The last vulnerability was reported in March 2023, meaning the plugin has not been updated to address past security flaws for a significant period, increasing the risk of undiscovered or re-emergent vulnerabilities.

In conclusion, while the plugin benefits from a small attack surface, the identified code-level weaknesses and the historical pattern of medium-severity vulnerabilities, especially concerning input sanitization and output escaping, paint a concerning picture. The high proportion of unescaped output combined with the taint analysis findings points to a significant risk of XSS vulnerabilities. Users should be cautious and prioritize updating to a version that addresses these underlying code issues.

Key Concerns

  • High percentage of unescaped output
  • Taint analysis: High severity flow
  • Vulnerability history: 3 medium CVEs (XSS/CSRF)
  • Taint analysis: Unsanitized paths found
Vulnerabilities
3 published

Responsive Vertical Icon Menu Security Vulnerabilities

CVEs by Year

3 CVEs in 2023
2023
Patched Has unpatched

Severity Breakdown

Medium
3

3 total CVEs

WF-9a999044-5d4a-4415-a3b9-28c564e63a25-wpdevart-vertical-menumedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Responsive Vertical Icon Menu <= 1.5.8 - Reflected Cross-Site Scripting via 'id'

Mar 31, 2023 Patched in 1.5.9 (298d)
CVE-2023-23870medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Responsive Vertical Icon Menu <= 1.5.8 - Authenticated (Administrator+) Stored Cross-Site Scripting

Jan 20, 2023 Patched in 1.5.9 (368d)
CVE-2023-23983medium · 4.3Cross-Site Request Forgery (CSRF)

Responsive Vertical Icon Menu <= 1.5.8 - Cross-Site Request Forgery

Jan 20, 2023 Patched in 1.5.9 (368d)
Version History

Responsive Vertical Icon Menu Release Timeline

v1.7.0Current
v1.6.9
v1.6.8
v1.6.7
v1.6.6
v1.6.5
v1.6.4
v1.6.3
v1.6.2
v1.6.1
v1.6.0
v1.5.9
v1.5.83 CVEs
WF-9a999044-5d4a-4415-a3b9-28c564e63a25-wpdevart-vertical-menu CVE-2023-23870 CVE-2023-23983
v1.5.73 CVEs
WF-9a999044-5d4a-4415-a3b9-28c564e63a25-wpdevart-vertical-menu CVE-2023-23870 CVE-2023-23983
v1.5.63 CVEs
WF-9a999044-5d4a-4415-a3b9-28c564e63a25-wpdevart-vertical-menu CVE-2023-23870 CVE-2023-23983
v1.5.53 CVEs
WF-9a999044-5d4a-4415-a3b9-28c564e63a25-wpdevart-vertical-menu CVE-2023-23870 CVE-2023-23983
v1.5.43 CVEs
WF-9a999044-5d4a-4415-a3b9-28c564e63a25-wpdevart-vertical-menu CVE-2023-23870 CVE-2023-23983
v1.5.33 CVEs
WF-9a999044-5d4a-4415-a3b9-28c564e63a25-wpdevart-vertical-menu CVE-2023-23870 CVE-2023-23983
v1.5.23 CVEs
WF-9a999044-5d4a-4415-a3b9-28c564e63a25-wpdevart-vertical-menu CVE-2023-23870 CVE-2023-23983
v1.5.13 CVEs
WF-9a999044-5d4a-4415-a3b9-28c564e63a25-wpdevart-vertical-menu CVE-2023-23870 CVE-2023-23983
Code Analysis
Analyzed Mar 16, 2026

Responsive Vertical Icon Menu Code Analysis

Dangerous Functions
0
Raw SQL Queries
6
8 prepared
Unescaped Output
106
42 escaped
Nonce Checks
5
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

57% prepared14 total queries

Output Escaping

28% escaped148 total outputs
Data Flows · Security
3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths
controller_page (includes\admin\theme_page.php:482)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Responsive Vertical Icon Menu Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 15
actionadmin_menuincludes\admin\admin.php:16
filterwp_edit_nav_menu_walkerincludes\admin\admin.php:17
filterplugins_loadedincludes\admin\admin.php:18
filterwp_setup_nav_menu_itemincludes\admin\admin.php:19
actionadmin_print_styles-nav-menus.phpincludes\admin\admin.php:37
actionwp_nav_menu_item_icon_urlincludes\admin\class_for_addon_walker_nav_menu_edit.php:5
actionwp_update_nav_menu_itemincludes\admin\class_for_addon_walker_nav_menu_edit.php:6
filtermanage_nav-menus_columnsincludes\admin\class_for_addon_walker_nav_menu_edit.php:7
filternav_menu_item_argsincludes\frontend\classes.php:153
filternav_menu_css_classincludes\frontend\classes.php:154
filternav_menu_submenu_css_classincludes\frontend\classes.php:155
filternav_menu_item_titleincludes\frontend\classes.php:156
filterwp_headincludes\frontend\front_end.php:13
actioninitwpdevart_vertical_menu.php:56
actionwidgets_initwpdevart_vertical_menu.php:57
Maintenance & Trust

Responsive Vertical Icon Menu Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 2, 2026
PHP min version
Downloads61K

Community Trust

Rating100/100
Number of ratings7
Active installs800
Alternatives

Responsive Vertical Icon Menu Alternatives

Sidebar Menu Widget

Sidebar Menu Widget

sidebar-menu-widget

A
85

Easily add a sidebar menu to your widgetable sidebar. With this plugin you can create a sidebar menu.

300 No CVEs
WPB Accordion Menu – Collapsible Vertical Sidebar Menu – WooCommerce Category Accordion

WPB Accordion Menu – Collapsible Vertical Sidebar Menu – WooCommerce Category Accordion

wpb-accordion-menu-or-category

A
100

Collapsible accordion sidebar menu for WordPress. Display WooCommerce product categories and navigation menus with ease.

10K No CVEs
Vertical Navigation Menu & Accordion Sidebar Block

Vertical Navigation Menu & Accordion Sidebar Block

vertical-sidebar-menu-block

A
100

Create responsive vertical accordion menus using a customizable Gutenberg block. Perfect for sidebars and navigation panels.

70 No CVEs
Flexi Menu – Floating, Vertical, Dropdown & Right Click Menus

Flexi Menu – Floating, Vertical, Dropdown & Right Click Menus

flexi-menu

A
100

Flexi Menu lets you build floating, vertical, dropdown and right-click menus with ease. Enhance your site’s navigation and user experience.

30 No CVEs
OT Flatsome Vertical Menu

OT Flatsome Vertical Menu

ot-flatsome-vertical-menu

A
85

Vertical Menu for Flatsome Woocommerce theme.

10K No CVEs
Developer Profile

Responsive Vertical Icon Menu Developer Profile

wpdevart

45 plugins · 52K total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
581 days
View full developer profile
Detection Fingerprints

How We Detect Responsive Vertical Icon Menu

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wpdevart-vertical-menu/includes/admin/css/theme_page.css/wp-content/plugins/wpdevart-vertical-menu/includes/admin/js/theme_page.js/wp-content/plugins/wpdevart-vertical-menu/includes/admin/css/hire_expert.css/wp-content/plugins/wpdevart-vertical-menu/includes/admin/css/featured_plugins_css.css/wp-content/plugins/wpdevart-vertical-menu/includes/admin/css/featured_themes_css.css/wp-content/plugins/wpdevart-vertical-menu/includes/fonts/css/fontawesome-all.min.css
Script Paths
/wp-content/plugins/wpdevart-vertical-menu/includes/admin/js/angular.min.js/wp-content/plugins/wpdevart-vertical-menu/includes/admin/js/theme_page.js

HTML / DOM Fingerprints

CSS Classes
wpda-vertical-menu-widget
Data Attributes
data-target-selectordata-animationdata-background-animationdata-background-animation-speeddata-animation-speeddata-animation-duration+3 more
JS Globals
wpda_vertical_menu_plugin_url
FAQ

Frequently Asked Questions about Responsive Vertical Icon Menu