WP-Safety

Advanced Menu Manager Pro – Built for Content-heavy WordPress Sites to Add, Filter, Lock, and Edit Menus Easily Security & Risk Analysis

wordpress.org/plugins/advance-menu-manager

Create and manage menus of any size of your content-heavy wordpress blogs and websites. Simplified search and new comprehensive layout.

500 active installs v3.1.3 PHP 7.2+ WP 5.0+ Updated Dec 18, 2025
admin-menumenu-revisionmenu-shortcodemenusnav-menu
96
A · Safe
CVEs total5
Unpatched0
Last CVEDec 11, 2024
Plugin page Download
Safety Verdict

Is Advanced Menu Manager Pro – Built for Content-heavy WordPress Sites to Add, Filter, Lock, and Edit Menus Easily Safe to Use in 2026?

Generally Safe

Score 96/100

Advanced Menu Manager Pro – Built for Content-heavy WordPress Sites to Add, Filter, Lock, and Edit Menus Easily has a strong security track record. Known vulnerabilities have been patched promptly.

5 known CVEsLast CVE: Dec 11, 2024Updated 3mo ago
Risk Assessment

The "advance-menu-manager" plugin v3.1.3 presents a mixed security posture. On the positive side, the plugin demonstrates strong practices regarding SQL queries, with 100% using prepared statements, and a high percentage (90%) of output being properly escaped, indicating a focus on preventing common injection and XSS vulnerabilities. The absence of file operations and raw SQL queries is also commendable. However, a significant concern arises from the substantial attack surface, with all 12 identified AJAX handlers lacking authentication checks. This leaves the plugin highly susceptible to unauthorized actions if these handlers are discoverable or predictable by attackers. The vulnerability history, while currently showing no unpatched CVEs, reveals a pattern of past vulnerabilities, particularly missing authorization and CSRF, across various severity levels. This historical data suggests recurring issues with securing entry points, which is further corroborated by the static analysis revealing a lack of authorization checks on all AJAX endpoints.

Key Concerns

  • 12 unprotected AJAX handlers
  • 5 past high/medium severity vulnerabilities
  • Bundled Freemius v1.0 library
Vulnerabilities
5

Advanced Menu Manager Pro – Built for Content-heavy WordPress Sites to Add, Filter, Lock, and Edit Menus Easily Security Vulnerabilities

CVEs by Year

2 CVEs in 2021
2021
2 CVEs in 2023
2023
1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

High
1
Medium
4

5 total CVEs

CVE-2024-54381medium · 4.3Missing Authorization

Advance Menu Manager <= 3.1.1 - Missing Authorization to Authenticated (Subscriber+) Settings Change

Dec 11, 2024 Patched in 3.1.2 (27d)
WF-04ad816b-0ac0-44b5-928a-5bb3e36523b2-advance-menu-managermedium · 4.3Missing Authorization

Advance Menu Manager <= 3.0.6 - Missing Authorization

Nov 2, 2023 Patched in 3.0.7 (82d)
WF-cf34af9d-4de7-498d-8065-c3cc6818b7c4-advance-menu-managermedium · 4.3Cross-Site Request Forgery (CSRF)

Advance Menu Manager <= 3.0.6 - Cross-Site Request Forgery

Nov 2, 2023 Patched in 3.0.7 (82d)
WF-3d5c5511-570e-4048-8c1b-68cfc831f0c6-advance-menu-managerhigh · 8.8Cross-Site Request Forgery (CSRF)

Advanced Menu Manager <= 2.9.6 - Cross-Site Request Forgery to Menu Edition

Jul 12, 2021 Patched in 3.0 (925d)
WF-b5111eb6-b4b3-4b18-9de3-577c323eaab8-advance-menu-managermedium · 5.4Missing Authorization

Advanced Menu Manager <= 3.0.6 - Authenticated (Subscriber+) Menu Creation/Deletion

Jul 12, 2021 Patched in 3.0.7 (925d)
Code Analysis
Analyzed Mar 16, 2026

Advanced Menu Manager Pro – Built for Content-heavy WordPress Sites to Add, Filter, Lock, and Edit Menus Easily Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
3 prepared
Unescaped Output
56
480 escaped
Nonce Checks
14
Capability Checks
5
File Operations
0
External Requests
4
Bundled Libraries
1

Bundled Libraries

Freemius1.0

SQL Query Safety

100% prepared3 total queries

Output Escaping

90% escaped536 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
dsamm_menu_container_print (includes\classes\class_admin_page.php:227)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
12 unprotected

Advanced Menu Manager Pro – Built for Content-heavy WordPress Sites to Add, Filter, Lock, and Edit Menus Easily Attack Surface

Entry Points12
Unprotected12

AJAX Handlers 12

authwp_ajax_dsamm_plugin_setup_wizard_submitadvance-menu-manager.php:458
authwp_ajax_my_action_delete_menuadvance-menu-manager.php:459
authwp_ajax_my_action_create_menu_ajaxadvance-menu-manager.php:460
authwp_ajax_amm_duplicate_menuadvance-menu-manager.php:461
authwp_ajax_my_action_for_popup_menu_item_editadvance-menu-manager.php:463
authwp_ajax_my_action_for_popup_add_new_postadvance-menu-manager.php:465
authwp_ajax_my_action_for_amm_taxonomy_searchadvance-menu-manager.php:467
authwp_ajax_my_action_for_popup_menu_item_edit_front_endadvance-menu-manager.php:469
authwp_ajax_my_action_for_main_popup_fontend_menu_item_edit_submitadvance-menu-manager.php:470
authwp_ajax_my_action_for_add_new_menu_item_htmladvance-menu-manager.php:472
authwp_ajax_my_action_for_add_new_menu_item_html_filteradvance-menu-manager.php:473
authwp_ajax_my_action_for_add_pagination_limitadvance-menu-manager.php:475
WordPress Hooks 16
actionafter_uninstalladvance-menu-manager.php:68
filterplugin_row_metaadvance-menu-manager.php:170
actionplugins_loadedadvance-menu-manager.php:190
actionadmin_enqueue_scriptsadvance-menu-manager.php:310
actionadmin_initadvance-menu-manager.php:347
actionadmin_menuadvance-menu-manager.php:399
actionadmin_initadvance-menu-manager.php:454
filteradmin_footer_textadvance-menu-manager.php:456
actionwp_loadedadvance-menu-manager.php:495
actionadmin_headadvance-menu-manager.php:532
filterhide_account_tabsadvance-menu-manager.php:544
actionafter_account_detailsadvance-menu-manager.php:562
actionhide_billing_and_payments_infoadvance-menu-manager.php:574
actionhide_freemius_powered_byadvance-menu-manager.php:586
actionconnect/beforeadvance-menu-manager.php:607
actionconnect/afteradvance-menu-manager.php:624
Maintenance & Trust

Advanced Menu Manager Pro – Built for Content-heavy WordPress Sites to Add, Filter, Lock, and Edit Menus Easily Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 18, 2025
PHP min version7.2
Downloads48K

Community Trust

Rating74/100
Number of ratings22
Active installs500
Alternatives

Advanced Menu Manager Pro – Built for Content-heavy WordPress Sites to Add, Filter, Lock, and Edit Menus Easily Alternatives

PublishPress Capabilities – User Role Editor, Access Permissions, User Capabilities, Admin Menus

PublishPress Capabilities – User Role Editor, Access Permissions, User Capabilities, Admin Menus

capability-manager-enhanced

A
96

PublishPress Capabilities is the access control plugin. You can manage user capabilities, permissions, user roles, admin menus and more.

100K 4 CVEs
User Menus – Nav Menu Visibility

User Menus – Nav Menu Visibility

user-menus

A
92

Show/hide menu items to logged in users, logged out users or specific user roles. Display logged in user details in menu. Add a logout link to menu.

80K No CVEs
Nav Menu Roles

Nav Menu Roles

nav-menu-roles

A
100

Hide custom menu items based on user roles. PLEASE READ THE FAQ IF YOU ARE NOT SEEING THE SETTINGS.

70K No CVEs
LuckyWP ACF Menu Field

LuckyWP ACF Menu Field

luckywp-acf-menu-field

A
100

Add navigation menu field type to Advanced Custom Fields

5K No CVEs
Admin Tools

Admin Tools

admin-tools

A
85

Admin Tools Helps you to get better admin for your customers. Manage your menus, plugins, Top Bar, updates and more

4K No CVEs
Developer Profile

Advanced Menu Manager Pro – Built for Content-heavy WordPress Sites to Add, Filter, Lock, and Edit Menus Easily Developer Profile

dotsquares

37 plugins · 95K total installs

77
trust score
Avg Security Score
97/100
Avg Patch Time
470 days
View full developer profile
Detection Fingerprints

How We Detect Advanced Menu Manager Pro – Built for Content-heavy WordPress Sites to Add, Filter, Lock, and Edit Menus Easily

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/advance-menu-manager/includes/admin/css/fancy_alert.css/wp-content/plugins/advance-menu-manager/includes/js/fancy_alert.js/wp-content/plugins/advance-menu-manager/includes/js/dsamm_pagination.js/wp-content/plugins/advance-menu-manager/assets/css/amm-styles.css/wp-content/plugins/advance-menu-manager/assets/js/amm-script.js
Script Paths
/wp-content/plugins/advance-menu-manager/includes/js/fancy_alert.js/wp-content/plugins/advance-menu-manager/includes/js/dsamm_pagination.js/wp-content/plugins/advance-menu-manager/assets/js/amm-script.js
Version Parameters
advance-menu-manager/includes/admin/css/fancy_alert.css?ver=advance-menu-manager/includes/js/fancy_alert.js?ver=advance-menu-manager/includes/js/dsamm_pagination.js?ver=advance-menu-manager/assets/css/amm-styles.css?ver=advance-menu-manager/assets/js/amm-script.js?ver=

HTML / DOM Fingerprints

CSS Classes
dsamm-admin-pagemenu-item-amm-descriptionamm-toggle-visibilitydsamm-add-new-menu-itemamm-description-fieldamm-add-menu-item-wrapper
HTML Comments
prevent direct access data leaksThis is the condition to prevent direct access data leaks.Hook fire on activation of pluginHook for add links on plugin listing+3 more
Data Attributes
data-amm-menu-iddata-amm-item-iddata-amm-nonce
JS Globals
dsamm_data
FAQ

Frequently Asked Questions about Advanced Menu Manager Pro – Built for Content-heavy WordPress Sites to Add, Filter, Lock, and Edit Menus Easily