Does Automatically Hierarchic Categories in Menu have any unpatched vulnerabilities?

No. All known vulnerabilities in Automatically Hierarchic Categories in Menu have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Automatically Hierarchic Categories in Menu compatible with WordPress 6.8.5?

According to WordPress.org data, Automatically Hierarchic Categories in Menu 2.0.10 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Automatically Hierarchic Categories in Menu compatible with PHP 5.6+?

Automatically Hierarchic Categories in Menu requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

What is Automatically Hierarchic Categories in Menu's security score?

Automatically Hierarchic Categories in Menu has a WP-Safety security score of 97/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Automatically Hierarchic Categories in Menu Security & Risk Analysis

wordpress.org/plugins/automatically-hierarchic-categories-in-menu

Allows you to automatically add hierarchic categories in WordPress Navigation Menus.

2K active installs v2.0.10 PHP 5.6+ WP 5.0.2+ Updated Jul 10, 2025

category-menumenunavigationwoocommerce-categorywoocommerce-menu

A · Safe

CVEs total3

Unpatched0

Last CVEJun 19, 2025

Plugin page Download

Safety Verdict

Is Automatically Hierarchic Categories in Menu Safe to Use in 2026?

Generally Safe

Score 97/100

Automatically Hierarchic Categories in Menu has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Jun 19, 2025Updated 8mo ago

Risk Assessment

The plugin 'automatically-hierarchic-categories-in-menu' v2.0.10 exhibits a generally good security posture based on the static analysis. It demonstrates strong adherence to secure coding practices, with all identified entry points (AJAX handlers and shortcodes) appearing to have proper authentication and capability checks, and no critical or high-severity taint flows were detected. The code also utilizes prepared statements for all SQL queries and nearly all output is properly escaped, which significantly mitigates common web vulnerabilities.

However, a significant concern arises from the plugin's historical vulnerability record, which includes three known medium-severity CVEs, all related to Cross-Site Scripting (XSS). While these appear to be patched in the analyzed version, the recurring nature of XSS vulnerabilities suggests potential underlying issues in input sanitization or output encoding that may have been addressed over time but indicate a past weakness. The absence of any taint flow analysis results for this version is also noteworthy; while it could mean no issues were found, it might also indicate limitations in the analysis performed.

In conclusion, the current version of the plugin shows considerable improvement and implements many secure coding practices. The primary area of concern remains its past vulnerability history, specifically the repeated XSS issues. While the current analysis shows no immediate critical flaws, the historical pattern warrants caution and suggests the importance of continuous monitoring and timely updates for this plugin.

Key Concerns

History of medium severity XSS vulnerabilities
No taint flow analysis performed

Vulnerabilities

Automatically Hierarchic Categories in Menu Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

2 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

3 total CVEs

CVE-2025-50048medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Automatically Hierarchic Categories in Menu <= 2.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jun 19, 2025 Patched in 2.0.10 (22d)

CVE-2024-13466medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Automatically Hierarchic Categories in Menu <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jan 30, 2025 Patched in 2.0.8 (1d)

CVE-2024-47365medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Automatically Hierarchic Categories in Menu <= 2.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 30, 2024 Patched in 2.0.6 (11d)

Code Analysis

Analyzed Mar 16, 2026

Automatically Hierarchic Categories in Menu Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

37 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

97% escaped38 total outputs

Attack Surface

Automatically Hierarchic Categories in Menu Attack Surface

Entry Points3

Unprotected0

AJAX Handlers 2

authwp_ajax_aau_ahcm_description_hackadmin\class-auto-hierarchic-category-menu-admin.php:62

authwp_ajax_add-menu-itemadmin\class-auto-hierarchic-category-menu-admin.php:68

Shortcodes 1

[autocategorymenu] includes\class-auto-hierarchic-category-menu.php:72

WordPress Hooks 9

actionadmin_initadmin\class-auto-hierarchic-category-menu-admin.php:56

actionadmin_enqueue_scriptsadmin\class-auto-hierarchic-category-menu-admin.php:59

actionwp_loadedadmin\class-auto-hierarchic-category-menu-admin.php:65

filterclean_urladmin\class-auto-hierarchic-category-menu-admin.php:169

filterplugin_row_metaadmin\class-auto-hierarchic-category-menu-admin.php:170

filterwalker_nav_menu_start_elincludes\class-auto-hierarchic-category-menu.php:75

filtermegamenu_walker_nav_menu_start_elincludes\class-auto-hierarchic-category-menu.php:78

filterclean_urlincludes\class-auto-hierarchic-category-menu.php:81

filterwp_setup_nav_menu_itemincludes\class-auto-hierarchic-category-menu.php:84

Maintenance & Trust

Automatically Hierarchic Categories in Menu Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJul 10, 2025

PHP min version5.6

Downloads29K

Community Trust

Rating92/100

Number of ratings12

Active installs2K

Alternatives

Automatically Hierarchic Categories in Menu Alternatives

Max Mega Menu

megamenu

An easy to use mega menu plugin. Written the WordPress way.

300K 2 CVEs

Menu Icons by ThemeIsle

menu-icons

Spice up your navigation menus with pretty icons, easily.

100K 2 CVEs

Menu Image, Icons made easy

menu-image

Adds an image or icon in the menu items. You can choose the position of the image (after, before, above, below) or even hide the menu item title.

100K 2 CVEs

Responsive Menu – Create Mobile-Friendly Menu

responsive-menu

Highly customisable Responsive Menu plugin with 150+ options. No coding knowledge needed to design it exactly as you want.

80K 5 CVEs

Exclude Pages

exclude-pages

This plugin adds a checkbox, “include this page in menus”, uncheck this to exclude pages from the page navigation that users see on your site.

30K No CVEs

Developer Profile

Automatically Hierarchic Categories in Menu Developer Profile

Atakan Au

10 plugins · 2K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

27 days

View full developer profile

Detection Fingerprints

How We Detect Automatically Hierarchic Categories in Menu

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/automatically-hierarchic-categories-in-menu/admin/js/auto-hierarchic-category-menu.min.js

Version Parameters

automatically-hierarchic-categories-in-menu/admin/js/auto-hierarchic-category-menu.min.js?ver=

HTML / DOM Fingerprints

Data Attributes

data-aau-ahcm-description-nonce

JS Globals

AUTO_H_CATEGORY_MENU_URLAUTO_H_CATEGORY_MENU_RES

Shortcode Output

[auto-categories-menu]

FAQ