PLUGIN SECURITY
Is Menu Image safe?
Known vulnerabilities, PHP compatibility and safer alternatives for the Menu Image WordPress plugin — checked against WP Clinic's local security database.
Plugin details
- Slug:
menu-image - Max supported PHP (analyzed): 8.4
Known vulnerabilities
- Menu Image, Icons made easy [menu-image] < 3.0.8 [CVE-2022-0450, WordPress Menu Image, Icons made easy plugin <= 3.0.7 - Stored Cross-Site Scripting (XSS) vulnerability, Menu Image, Icons made easy <= 3.0.7 - Authenticated Cross-Site Scripting, Menu Image, Icons made easy < 3.0.8 - Subscriber+ Stored Cross-Site Scripting]
- Menu Image, Icons made easy [menu-image] < 3.0.6 [WordPress Menu Image, Icons made easy plugin <= 3.0.5 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability]
- Menu Image, Icons made easy [menu-image] < 3.0.6 [WordPress Menu Image, Icons made easy plugin <= 3.0.5 - Sensitive Information Disclosure vulnerability]
- Menu Image, Icons made easy [menu-image] < 3.0.6 [Freemius SDK <= 2.4.2 - Missing Authorization Checks]
- Menu Image, Icons made easy [menu-image] < 3.10 [CVE-2023-33999, WordPress Menu Image, Icons made easy Plugin < 3.10 is vulnerable to Cross Site Scripting (XSS), Freemius SDK < 2.5.10 - Reflected Cross-Site Scripting]
+ 2 more known vulnerabilities
- Menu Image, Icons made easy [menu-image] < 3.11 [CVE-2023-50826, Menu Image, Icons made easy <= 3.10 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings, WordPress Menu Image, Icons made easy Plugin <= 3.10 is vulnerable to Cross Site Scripting (XSS), Menu Image, Icons made easy < 3.11 - Admin+ Stored XSS]
- Menu Image, Icons made easy [menu-image] < 3.13 [CVE-2024-13362, Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter]
Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.
Safer / more established alternatives
- Skyboot Custom Icons for Elementor – Elementor Icons library – 14300+ Icons — 200000+ active installs — max PHP 8.4
- Imsanity — 200000+ active installs — max PHP 8.4
- Firelight Lightbox — 200000+ active installs — max PHP 8.4
- Responsive Lightbox & Gallery — 100000+ active installs
- Simple Lightbox — 100000+ active installs
Check your own WordPress site
Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.