WP Clinic
Log in Sign up

PLUGIN SECURITY

Is Menu Image safe?

Known vulnerabilities, PHP compatibility and safer alternatives for the Menu Image WordPress plugin — checked against WP Clinic's local security database.

Plugin details

  • Slug: menu-image
  • Max supported PHP (analyzed): 8.4

Known vulnerabilities

  • Menu Image, Icons made easy [menu-image] < 3.0.8 [CVE-2022-0450, WordPress Menu Image, Icons made easy plugin <= 3.0.7 - Stored Cross-Site Scripting (XSS) vulnerability, Menu Image, Icons made easy <= 3.0.7 - Authenticated Cross-Site Scripting, Menu Image, Icons made easy &lt; 3.0.8 - Subscriber+ Stored Cross-Site Scripting]
  • Menu Image, Icons made easy [menu-image] < 3.0.6 [WordPress Menu Image, Icons made easy plugin <= 3.0.5 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability]
  • Menu Image, Icons made easy [menu-image] < 3.0.6 [WordPress Menu Image, Icons made easy plugin <= 3.0.5 - Sensitive Information Disclosure vulnerability]
  • Menu Image, Icons made easy [menu-image] < 3.0.6 [Freemius SDK <= 2.4.2 - Missing Authorization Checks]
  • Menu Image, Icons made easy [menu-image] < 3.10 [CVE-2023-33999, WordPress Menu Image, Icons made easy Plugin < 3.10 is vulnerable to Cross Site Scripting (XSS), Freemius SDK &lt; 2.5.10 - Reflected Cross-Site Scripting]
+ 2 more known vulnerabilities
  • Menu Image, Icons made easy [menu-image] < 3.11 [CVE-2023-50826, Menu Image, Icons made easy <= 3.10 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings, WordPress Menu Image, Icons made easy Plugin <= 3.10 is vulnerable to Cross Site Scripting (XSS), Menu Image, Icons made easy &lt; 3.11 - Admin+ Stored XSS]
  • Menu Image, Icons made easy [menu-image] < 3.13 [CVE-2024-13362, Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter]

Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.

Safer / more established alternatives

Check your own WordPress site

Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.