Bulk menu creator Security & Risk Analysis
wordpress.org/plugins/bulk-menu-creatorCreate multiple menu items at once or quick delete menu item with or without all subitems
Is Bulk menu creator Safe to Use in 2026?
Generally Safe
Score 100/100Bulk menu creator has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "bulk-menu-creator" v9.6 plugin exhibits a mixed security posture. On the positive side, it has no recorded vulnerabilities (CVEs) and a very small attack surface consisting of a single AJAX handler. The code analysis indicates the presence of a nonce check on this handler, which is a good practice for AJAX endpoints. However, significant concerns arise from the lack of capability checks and the handling of SQL queries and output.
The most concerning aspect is that 100% of the SQL queries are not using prepared statements. This opens the door to potential SQL injection vulnerabilities, especially if the data used in these queries originates from user input. Furthermore, 0% of the outputs are properly escaped, meaning there is a high risk of Cross-Site Scripting (XSS) vulnerabilities. Any data displayed to users that is not properly escaped could be exploited by attackers.
While the plugin has no vulnerability history and no critical taint flows were identified, the absence of these doesn't negate the inherent risks presented by the insecure handling of SQL and output. The lack of capability checks on the AJAX handler is also a weakness, as it implies that any authenticated user, regardless of their role, could potentially interact with the AJAX endpoint, increasing the attack surface for privilege escalation or unauthorized actions.
Key Concerns
- SQL queries lack prepared statements
- Output is not properly escaped
- No capability checks on AJAX handler
Bulk menu creator Security Vulnerabilities
Bulk menu creator Release Timeline
Bulk menu creator Code Analysis
SQL Query Safety
Output Escaping
Bulk menu creator Attack Surface
AJAX Handlers 1
WordPress Hooks 4
Maintenance & Trust
Bulk menu creator Maintenance & Trust
Maintenance Signals
Community Trust
Bulk menu creator Alternatives
Max Mega Menu
megamenu
An easy to use mega menu plugin. Written the WordPress way.
Menu Icons by ThemeIsle
menu-icons
Spice up your navigation menus with pretty icons, easily.
Menu Image, Icons made easy
menu-image
Adds an image or icon in the menu items. You can choose the position of the image (after, before, above, below) or even hide the menu item title.
Responsive Menu – Create Mobile-Friendly Menu
responsive-menu
Highly customisable Responsive Menu plugin with 150+ options. No coding knowledge needed to design it exactly as you want.
Exclude Pages
exclude-pages
This plugin adds a checkbox, “include this page in menus”, uncheck this to exclude pages from the page navigation that users see on your site.
Bulk menu creator Developer Profile
13 plugins · 136K total installs
How We Detect Bulk menu creator
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/bulk-menu-creator/assets/lines.png/wp-content/plugins/bulk-menu-creator/js/nav-menu.js/wp-content/plugins/bulk-menu-creator/js/quick-copy.js/wp-content/plugins/bulk-menu-creator/js/quick-delete.jsbulk-menu-creator/js/nav-menu.js?ver=1bulk-menu-creator/js/quick-copy.js?ver=1bulk-menu-creator/js/quick-delete.js?ver=1HTML / DOM Fingerprints
bulk_menu-noticebulk_menu_creator<!-- Bulk menu -->id="bulk_menu_fields"id="bulk-menu-labels"id="bulk-menu-urls"id="process_bulk_menu_fields"name="menu-item[*.][menu-item-object-id]"class="menu-item-checkbox"+10 morewindow.emi_data