WP-Safety

Automatic Submenu for Categories & Pages Security & Risk Analysis

wordpress.org/plugins/automatic-submenu

Automatically append children posts and pages as submenu items in the frontend

10 active installs v1.0.0 PHP + WP 3.1+ Updated Nov 13, 2017
childrenmenupagespostssubmenu
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Automatic Submenu for Categories & Pages Safe to Use in 2026?

Generally Safe

Score 85/100

Automatic Submenu for Categories & Pages has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago
Risk Assessment

The "automatic-submenu" plugin v1.0.0 demonstrates a generally good security posture with a very limited attack surface, as indicated by zero AJAX handlers, REST API routes, shortcodes, and cron events. The plugin also adheres to secure coding practices by exclusively using prepared statements for its single SQL query and avoids file operations and external HTTP requests. However, a significant concern arises from the output escaping analysis, where only 44% of outputs are properly escaped. This leaves a substantial portion of dynamic content vulnerable to Cross-Site Scripting (XSS) attacks if user-supplied data is included in these unescaped outputs.

The taint analysis reveals two flows with unsanitized paths. While these are not classified as critical or high severity in this specific analysis, the presence of unsanitized paths is a red flag and warrants further investigation. The complete lack of vulnerability history is a positive sign, suggesting the plugin has historically been maintained securely or has not been a target. However, it's important to remember that this is based on past performance and doesn't guarantee future security. In conclusion, the plugin's minimal attack surface and use of prepared statements are strengths, but the high percentage of unescaped output and the identified unsanitized paths represent notable risks that need to be addressed.

Key Concerns

  • High percentage of improperly escaped output
  • Unsanitized paths found in taint analysis
  • Lack of capability checks on entry points
  • Lack of nonce checks on entry points
Vulnerabilities
None known

Automatic Submenu for Categories & Pages Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Automatic Submenu for Categories & Pages Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
1 prepared
Unescaped Output
40
32 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared1 total queries

Output Escaping

44% escaped72 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
start_el (automatic-submenu.php:315)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Automatic Submenu for Categories & Pages Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 7
actionadmin_enqueue_scriptsautomatic-submenu.php:46
actionsave_post_nav_menu_itemautomatic-submenu.php:47
filterwp_setup_nav_menu_itemautomatic-submenu.php:48
actionadmin_initautomatic-submenu.php:49
filterwp_get_nav_menu_itemsautomatic-submenu.php:51
filterwp_edit_nav_menu_walkerautomatic-submenu.php:63
actionwp_nav_menu_item_custom_fieldsautomatic-submenu.php:65
Maintenance & Trust

Automatic Submenu for Categories & Pages Maintenance & Trust

Maintenance Signals

WordPress version tested4.8.28
Last updatedNov 13, 2017
PHP min version
Downloads3K

Community Trust

Rating60/100
Number of ratings2
Active installs10
Alternatives

Automatic Submenu for Categories & Pages Alternatives

Auto Submenu

Auto Submenu

auto-submenu

A
100

Dynamic menus: Add a page to your menu and then let WordPress automatically add the child pages.

2K No CVEs
Simple Menu Order Column

Simple Menu Order Column

simple-menu-order-column

A
100

Expose menu order column on your dashboard listings.

200 No CVEs
SF Category Menu

SF Category Menu

sf-category-menu

A
100

Easy treeview menu for WordPress categories.

20 No CVEs
Express Posts

Express Posts

express-posts

A
85

Express posts provides a widget to display either a subset of posts, the children of a page or its siblings.

10 No CVEs
Menu to Page Display

Menu to Page Display

menu-to-page-display

A
85

Display a menu within a page using the [menu-display] shortcode.

10 No CVEs
Developer Profile

Automatic Submenu for Categories & Pages Developer Profile

rallisf1

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Automatic Submenu for Categories & Pages

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/automatic-submenu/assets/script.js
Script Paths
assets/script.js

HTML / DOM Fingerprints

CSS Classes
field-automatic-maxfield-automatic-orderhidden-field
Data Attributes
name="menu-item-automaticname="menu-item-automatic-maxname="menu-item-automatic-orderid="edit-menu-item-automatic-id="edit-menu-item-automatic-max-id="edit-menu-item-automatic-order-
JS Globals
automaticsubmenu_children_order
FAQ

Frequently Asked Questions about Automatic Submenu for Categories & Pages