Title: Security Problem? Last modified: January 15, 2026 --- # Security Problem? * Resolved [Brisch](https://wordpress.org/support/users/brisch/) * (@brisch) * [4 months, 3 weeks ago](https://wordpress.org/support/topic/security-problem-48/) * Wordfence tells me: The Plugin “Menu In Post” has a security vulnerability. * Vulnerability Severity: 6.4/10.0 (Medium) [Vulnerability Information](https://www.wordfence.com/threat-intel/vulnerabilities/id/d15e36b6-61f9-42a4-86aa-8dd0e0563584?source=plugin) [https://wordpress.org/plugins/menu-in-post/#developers](https://wordpress.org/plugins/menu-in-post/#developers) How can I fix that? * Blessings, Brigitte * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fsecurity-problem-48%2F%3Foutput_format%3Dmd&locale=en_US) to see the link]_ Viewing 8 replies - 1 through 8 (of 8 total) * Plugin Author [linux4me2](https://wordpress.org/support/users/linux4me2/) * (@linux4me2) * [4 months, 3 weeks ago](https://wordpress.org/support/topic/security-problem-48/#post-18787297) * Hi Brigitte, * Thanks for letting me know. I was not aware of this. * According to the link you provided, the issue is a cross-site scripting vulnerability that “makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.” * If I understand that correctly, it means that in order to take advantage of the vulnerability, the attacker would have to be someone with login credentials as a contributor or higher for the site. As long as you trust all the users for the site with contributor or higher access, it seems like it would be safe to continue using the plugin until I investigate further and (hopefully) release a patch. * If you have any doubts about the users of the site with such access, I recommend disabling and deleting the plugin until I have released a fix. * I will post back here with my progress. * Thread Starter [Brisch](https://wordpress.org/support/users/brisch/) * (@brisch) * [4 months, 3 weeks ago](https://wordpress.org/support/topic/security-problem-48/#post-18788168) * Thanks! So far, on the website I use it, there are no other users. But I am looking forward to the update. * Blessings, [@brisch](https://wordpress.org/support/users/brisch/) * Plugin Author [linux4me2](https://wordpress.org/support/users/linux4me2/) * (@linux4me2) * [4 months, 3 weeks ago](https://wordpress.org/support/topic/security-problem-48/#post-18788724) * [@brisch](https://wordpress.org/support/users/brisch/), that sounds like you’ll be safe for now! * I’m about 75% of the way through a re-do of the PHP files to bring them up-to- date with WordPress best-practices. After that, I’ll check the JS files and do some testing/debugging before uploading an update. I’ll let you know when I’ve got the update uploaded. * Thread Starter [Brisch](https://wordpress.org/support/users/brisch/) * (@brisch) * [4 months, 3 weeks ago](https://wordpress.org/support/topic/security-problem-48/#post-18788776) * 💝 – Thanks! * Plugin Author [linux4me2](https://wordpress.org/support/users/linux4me2/) * (@linux4me2) * [4 months, 3 weeks ago](https://wordpress.org/support/topic/security-problem-48/#post-18788945) * Hi [@brisch](https://wordpress.org/support/users/brisch/), * I just uploaded v. 1.4, which I believe addresses all the potential security issues reported by Wordfence and brings the code of Menu In Post up to current WordPress guidelines. * I made a lot of code changes, so although I tested it and debugged it, please let me know if I missed anything. * Thank you again for making me aware of the security vulnerabilities. * Thread Starter [Brisch](https://wordpress.org/support/users/brisch/) * (@brisch) * [4 months, 3 weeks ago](https://wordpress.org/support/topic/security-problem-48/#post-18789168) * Thanks, I did all updates and it works like before! [https://thedancingwolves.at/tanzbeschreibung-l/](https://thedancingwolves.at/tanzbeschreibung-l/) * Blessings! [@brisch](https://wordpress.org/support/users/brisch/) * Thread Starter [Brisch](https://wordpress.org/support/users/brisch/) * (@brisch) * [4 months, 3 weeks ago](https://wordpress.org/support/topic/security-problem-48/#post-18789175) * PS: Sorry, I can’t add a five-star rating now. I wanted t do that, but I just saw, I already did it 2 years ago. * Plugin Author [linux4me2](https://wordpress.org/support/users/linux4me2/) * (@linux4me2) * [4 months, 3 weeks ago](https://wordpress.org/support/topic/security-problem-48/#post-18789403) * I’m glad it’s working for you. I appreciate the five-star rating. One is enough! Thanks again for letting me know about the security issue(s). Viewing 8 replies - 1 through 8 (of 8 total) You must be [logged in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fsecurity-problem-48%2F%3Foutput_format%3Dmd&locale=en_US) to reply to this topic. * ![](https://ps.w.org/menu-in-post/assets/icon-256x256.jpg?rev=2010745) * [Menu In Post](https://wordpress.org/plugins/menu-in-post/) * [Support Threads](https://wordpress.org/support/plugin/menu-in-post/) * [Active Topics](https://wordpress.org/support/plugin/menu-in-post/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/menu-in-post/unresolved/) * [Reviews](https://wordpress.org/support/plugin/menu-in-post/reviews/) * 10 replies * 2 participants * Last reply from: [linux4me2](https://wordpress.org/support/users/linux4me2/) * Last activity: [4 months, 3 weeks ago](https://wordpress.org/support/topic/security-problem-48/#post-18789403) * Status: resolved