Does Elegance Menu have any unpatched vulnerabilities?

No. All known vulnerabilities in Elegance Menu have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Elegance Menu compatible with WordPress 6.9.4?

According to WordPress.org data, Elegance Menu 1.9.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Elegance Menu updated?

Elegance Menu was last updated on Dec 3, 2025. Frequent updates are generally a positive security signal.

What is Elegance Menu's security score?

Elegance Menu has a WP-Safety security score of 97/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Elegance Menu Security & Risk Analysis

wordpress.org/plugins/elegance-menu

Elegant Menu plugin designed to display for a variety of businesses, including restaurants, cafes, fast food outlets, coffee houses, salons, and more.

70 active installs v1.9.1 PHP + WP 5.0+ Updated Dec 3, 2025

cafe-menufood-menuresponsive-menurestaurant-menusalon-menu

A · Safe

CVEs total1

Unpatched0

Last CVENov 3, 2025

Plugin page Download

Safety Verdict

Is Elegance Menu Safe to Use in 2026?

Generally Safe

Score 97/100

Elegance Menu has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Nov 3, 2025Updated 4mo ago

Risk Assessment

The elegance-menu plugin v1.9.1 demonstrates a generally strong security posture based on static analysis. A notable strength is the complete absence of dangerous functions and external HTTP requests, coupled with a very high percentage of properly escaped output. The plugin also correctly implements nonce and capability checks for the identified entry points, indicating good adherence to WordPress security best practices.

However, the presence of one past high-severity vulnerability, specifically 'PHP Remote File Inclusion', even though currently patched, is a significant concern. This type of vulnerability, especially when it historically existed, suggests potential weaknesses in how the plugin handles file operations or user input that could lead to code execution if not rigorously secured. While the current analysis shows no exploitable taint flows or unescaped outputs that would directly lead to this, the past history warrants caution.

In conclusion, the plugin is well-implemented from a current code perspective with minimal obvious static risks. The primary area of concern stems from its historical vulnerability, highlighting the importance of ongoing vigilance and ensuring that future updates do not reintroduce similar flaws. The low attack surface and good implementation of core security checks are positive, but the past 'PHP Remote File Inclusion' vulnerability necessitates a degree of caution.

Key Concerns

Past high severity vulnerability (PHP RFI)

Vulnerabilities

Elegance Menu Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

High

1 total CVE

CVE-2025-11704high · 7.5Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Elegance Menu <= 1.9 - Authenticated (Contributor+) Local File Inclusion

Nov 3, 2025 Patched in 1.9.1 (31d)

Code Analysis

Analyzed Mar 16, 2026

Elegance Menu Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

155 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

98% escaped158 total outputs

Attack Surface

Elegance Menu Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[elegance-menu] public\class-elegance-menu-public.php:110

WordPress Hooks 24

actionadmin_menuadmin\class-elegance-menu-admin-settings.php:58

actionadmin_initadmin\class-elegance-menu-admin-settings.php:75

filterelegance_menu_meta_boxes_adminadmin\class-elegance-menu-admin.php:57

filterelegance_shortcode_meta_boxes_adminadmin\class-elegance-menu-admin.php:58

actionadd_meta_boxesadmin\class-elegance-menu-admin.php:59

actionsave_post_elegance-menuadmin\class-elegance-menu-admin.php:60

actionsave_post_elegance-shortcodeadmin\class-elegance-menu-admin.php:61

filtermanage_elegance-shortcode_posts_columnsadmin\class-elegance-menu-admin.php:62

actionmanage_elegance-shortcode_posts_custom_columnadmin\class-elegance-menu-admin.php:63

actionedit_form_after_titleadmin\class-elegance-menu-admin.php:64

filterrewrite_elegance_menu_cptincludes\class-elegance-menu.php:85

filterrewrite_elegance_shortcode_cptincludes\class-elegance-menu.php:86

actioninitincludes\class-elegance-menu.php:87

actioninitincludes\class-elegance-menu.php:88

filterplugin_action_linksincludes\class-elegance-menu.php:91

filterplugin_row_metaincludes\class-elegance-menu.php:94

actionrest_api_initincludes\class-elegance-menu.php:96

actionplugins_loadedincludes\class-elegance-menu.php:157

actionadmin_enqueue_scriptsincludes\class-elegance-menu.php:172

actionadmin_enqueue_scriptsincludes\class-elegance-menu.php:173

actionwp_enqueue_scriptsincludes\class-elegance-menu.php:187

actionwp_enqueue_scriptsincludes\class-elegance-menu.php:188

actioninitpublic\class-elegance-menu-public.php:58

filterwp_kses_allowed_htmlpublic\class-elegance-menu-public.php:59

Maintenance & Trust

Elegance Menu Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 3, 2025

PHP min version

Downloads2K

Community Trust

Rating88/100

Number of ratings7

Active installs70

Alternatives

Elegance Menu Alternatives

Restaurant Menu and Food Ordering

mp-restaurant-menu

Create and maintain modern online menus for almost any kind of restaurant. Sell food and beverages online. All in one plugin.

2K 4 CVEs

MenuMaster – Interactive Mobile-First Restaurant Menu Plugin for WooCommerce

menumaster-restaurant-menu

100

Create mobile-friendly restaurant menus that are easy for customers to access by scanning a QR code. Custom tags and filters make navigation simple, h …

60 No CVEs

Menukaart – Restaurant Menu & Online Ordering with WooCommerce

menukaart

100

An easy WordPress restaurant plugin for online food ordering with WooCommerce.

30 No CVEs

Restaurant Menu – Food Ordering System – Table Reservation

menu-ordering-reservations

Create a restaurant menu and start taking food orders online, with no commissions or costs. Table reservations are also available for free.

8K 7 CVEs

Orderable – WordPress Restaurant Online Ordering System and Food Ordering Plugin

orderable

Take your restaurant/food business online with the online ordering system plugin for WordPress, Orderable.

6K 1 unpatched

Developer Profile

Elegance Menu Developer Profile

impacttechlab

1 plugin · 70 total installs

trust score

Avg Security Score

97/100

Avg Patch Time

31 days

View full developer profile

Detection Fingerprints

How We Detect Elegance Menu

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/elegance-menu/css/elegance-menu-admin.css/wp-content/plugins/elegance-menu/js/elegance-menu-admin.js

Script Paths

/wp-content/plugins/elegance-menu/js/elegance-menu-admin.js

Version Parameters

elegance-menu-admin.css?ver=elegance-menu-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

postboxem-shortcode-generatorem-shortcode-generator-titleem-shortcode-generator-formem-select-field-wrapperem-color-field-wrapperem-color-picker-wrapperem-color-picker+2 more

Data Attributes

data-shortcode-iddata-post-iddata-option-namedata-option-valuedata-shortcode-optiondata-color

JS Globals

elegance_menu_admin_object

Shortcode Output

[elegance-menu id= layout= category= name=

FAQ