WP-Safety

ATR advanced menu Security & Risk Analysis

wordpress.org/plugins/atr-advanced-menu

Adds an easy to manage accessible highly customized menu to your site. No special editor is used to manage it. Requires editing header.php.

10 active installs v1.0.4 PHP + WP 3.9+ Updated Jan 12, 2025
custom-walker_nav_menumega-menumenu
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is ATR advanced menu Safe to Use in 2026?

Generally Safe

Score 92/100

ATR advanced menu has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The "atr-advanced-menu" plugin v1.0.4 presents a mixed security posture with notable strengths but significant concerns regarding its attack surface and output escaping. While the plugin demonstrates good practices by avoiding dangerous functions, raw SQL queries, file operations, and external HTTP requests, its security is undermined by a critical lack of authorization checks on its sole AJAX entry point. This single unprotected AJAX handler represents a significant vulnerability, as an unauthenticated attacker could potentially trigger actions or expose data controlled by the plugin. The taint analysis also identified two flows with unsanitized paths, which, although not classified as critical or high severity in this analysis, warrant attention as they could potentially lead to injection vulnerabilities if not properly handled in the context of the unprotected AJAX handler. The plugin's history of zero reported CVEs is a positive indicator of its past security record, suggesting developers may be responsive to security issues, but this does not mitigate the immediate risks identified in the current version's code.

Key Concerns

  • AJAX handler without auth checks
  • Unsanitized paths in taint flows
  • Low output escaping rate
  • No nonce checks
  • No capability checks
Vulnerabilities
None known

ATR advanced menu Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

ATR advanced menu Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
85
70 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

45% escaped155 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
start_el (admin\walkers-edit\class-atr-am-walker-edit.php:41)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

ATR advanced menu Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_saveitemadmin\walkers-edit\class-atr-am-walker-edit.php:292
WordPress Hooks 12
actionplugins_loadedincludes\class-atr-am.php:160
actionadmin_enqueue_scriptsincludes\class-atr-am.php:178
actionadmin_enqueue_scriptsincludes\class-atr-am.php:179
actionadmin_menuincludes\class-atr-am.php:182
actionadmin_initincludes\class-atr-am.php:183
actionadmin_enqueue_scriptsincludes\class-atr-am.php:185
filterwp_setup_nav_menu_itemincludes\class-atr-am.php:189
actionwp_update_nav_menu_itemincludes\class-atr-am.php:192
filterwp_edit_nav_menu_walkerincludes\class-atr-am.php:195
actionwp_nav_menu_item_custom_fieldsincludes\class-atr-am.php:198
actionwp_enqueue_scriptsincludes\class-atr-am.php:215
actionwp_enqueue_scriptsincludes\class-atr-am.php:216
Maintenance & Trust

ATR advanced menu Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedJan 12, 2025
PHP min version
Downloads3K

Community Trust

Rating80/100
Number of ratings1
Active installs10
Alternatives

ATR advanced menu Alternatives

ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor

ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor

elementskit-lite

A
89

Join millions who empower their websites with ElementsKit Elementor Addons. Get templates, & 100+ widgets like header-footer, mega menu, custom widget

2.0M 21 CVEs
Premium Addons for Elementor – Powerful Elementor Templates & Widgets

Premium Addons for Elementor – Powerful Elementor Templates & Widgets

premium-addons-for-elementor

A
95

Elementor Carousel, Mega Menu, Posts List/Slider, Media Gallery, WooCommerce Widgets, Display Conditions, Premade Templates & more.

700K 35 CVEs
Happy Addons for Elementor

Happy Addons for Elementor

happy-elementor-addons

A
95

HappyAddons for Elementor-Get Header Footer, Single Post, Archive Page, Megamenu, Slider Builder & 143 Elementor Widgets.

400K 40 CVEs
Max Mega Menu

Max Mega Menu

megamenu

A
99

An easy to use mega menu plugin. Written the WordPress way.

300K 2 CVEs
HT Mega Addons for Elementor – Elementor Widgets & Template Builder

HT Mega Addons for Elementor – Elementor Widgets & Template Builder

ht-mega-for-elementor

B
82

Elementor addon offering 135+ widgets — Mega Menu, Ready Templates, Page Builder, Slider, Gallery, Post Grid, AI Writer & more.

80K 32 CVEs
Developer Profile

ATR advanced menu Developer Profile

yehudaT

7 plugins · 940 total installs

90
trust score
Avg Security Score
94/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect ATR advanced menu

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/atr-advanced-menu/admin/css/atr-am-admin.css/wp-content/plugins/atr-advanced-menu/admin/js/atr-am-admin.js
Script Paths
/wp-content/plugins/atr-advanced-menu/admin/js/atr-am-admin.js
Version Parameters
atr-am-admin.css?ver=atr-am-admin.js?ver=

HTML / DOM Fingerprints

HTML Comments
<!-- This file is part of the atr-advanced-menu plugin -->
FAQ

Frequently Asked Questions about ATR advanced menu