Does Gecka Submenu have any unpatched vulnerabilities?

No. All known vulnerabilities in Gecka Submenu have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Gecka Submenu compatible with WordPress 4.4.34?

According to WordPress.org data, Gecka Submenu 0.7.3 has been tested up to WordPress 4.4.34. Check the plugin's changelog for the latest compatibility information.

How often is Gecka Submenu updated?

Gecka Submenu was last updated on Nov 28, 2017. Frequent updates are generally a positive security signal.

What is Gecka Submenu's security score?

Gecka Submenu has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Gecka Submenu Security & Risk Analysis

wordpress.org/plugins/gecka-submenu

Submenu autopopulates any nav menu page item with its children and allows to put menus, or portion of menus, anywhere in your site.

3K active installs v0.7.3 PHP + WP 3.0+ Updated Nov 28, 2017

3-0childnav-menusub-menusubmenu

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Gecka Submenu Safe to Use in 2026?

Generally Safe

Score 85/100

Gecka Submenu has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The gecka-submenu plugin version 0.7.3 exhibits a mixed security posture. On the positive side, it demonstrates good practices by not utilizing dangerous functions, all SQL queries are properly prepared, and there are no external HTTP requests or file operations, suggesting a controlled codebase in these areas. The absence of any recorded vulnerabilities or CVEs is also a strong positive indicator.

However, significant concerns arise from the static analysis. The plugin has a notable number of entry points (4 total) with one unprotected AJAX handler. While the taint analysis shows no critical or high severity flows, there are 4 flows with unsanitized paths, indicating potential for unexpected behavior or information leakage if these paths are exploited, especially in conjunction with the unprotected AJAX handler. Furthermore, the output escaping is only 39% proper, which is a substantial weakness that could lead to cross-site scripting (XSS) vulnerabilities, particularly if user-supplied data is involved in any of the output processes.

In conclusion, the plugin's lack of known vulnerabilities is a strength, but the identified code signals, specifically the unprotected AJAX handler and the low percentage of properly escaped output, represent significant security weaknesses that require immediate attention. The unsanitized paths, while not yet leading to critical issues, highlight areas for improvement and potential future risks.

Key Concerns

Unprotected AJAX handler
Low output escaping percentage
Flows with unsanitized paths

Vulnerabilities

None known

Gecka Submenu Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Gecka Submenu Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

160

102 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

39% escaped262 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

6 flows4 with unsanitized paths

start_el (models\Nav-Menu-Edit-Walker.php:29)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Gecka Submenu Attack Surface

Entry Points4

Unprotected1

AJAX Handlers 2

authwp_ajax_gecka_submenu_dismiss_noticegecka-submenu.class.php:25

authwp_ajax_gksm_updatewidgets\Custom-menu.php:21

Shortcodes 2

[submenu] models\Shortcodes.php:11

[menu] models\Shortcodes.php:12

WordPress Hooks 22

actioninitgecka-submenu.class.php:21

actioncurrent_screengecka-submenu.class.php:24

actionwidgets_initgecka-submenu.class.php:28

filterwp_get_nav_menu_itemsgecka-submenu.class.php:31

filterwp_nav_menu_argsgecka-submenu.class.php:34

filterwp_page_menu_argsgecka-submenu.class.php:35

filternav_menu_item_beforegecka-submenu.class.php:38

filternav_menu_item_aftergecka-submenu.class.php:41

filternav_menu_item_link_aftergecka-submenu.class.php:42

actionadmin_noticesgecka-submenu.class.php:188

actionadmin_headgecka-submenu.class.php:191

filterwp_edit_nav_menu_walkermodels\NavMenuHacks.php:12

actionwp_nav_menu_item_custom_fieldsmodels\NavMenuHacks.php:15

actionwp_update_nav_menu_itemmodels\NavMenuHacks.php:18

actionadmin_initmodels\NavMenuHacks.php:21

actionadmin_print_styles-nav-menus.phpmodels\NavMenuHacks.php:22

filterwp_get_nav_menu_itemsmodels\NavMenuHacks.php:26

filterwp_setup_nav_menu_itemmodels\NavMenuHacks.php:29

filterwalker_nav_menu_start_elmodels\NavMenuHacks.php:32

actiongk-menumodels\Shortcodes.php:13

actionadmin_print_scripts-widgets.phpwidgets\Custom-menu.php:29

filterdynamic_sidebar_paramswidgets\Custom-menu.php:31

Maintenance & Trust

Gecka Submenu Maintenance & Trust

Maintenance Signals

WordPress version tested4.4.34

Last updatedNov 28, 2017

PHP min version

Downloads59K

Community Trust

Rating82/100

Number of ratings16

Active installs3K

Alternatives

Gecka Submenu Alternatives

Enhanced Custom Menu

enhanced-custom-menu

This plugin alters the custom menu auto-add function allowing subpages and delete menu item after un-publishing a page.

60 No CVEs

Add Descendants As Submenu Items

add-descendants-as-submenu-items

Automatically all of a nav menu item's descendants as submenu items. Designed for pages but will work with any hierarchical post type or taxonomy …

2K No CVEs

Auto Generate Submenus

auto-generate-submenus

With this plugin, you can add an automatically generated submenu for each menu item.

60 No CVEs

Automatic Submenu for Categories & Pages

automatic-submenu

Automatically append children posts and pages as submenu items in the frontend

10 No CVEs

Child Theme Configurator

child-theme-configurator

100

When using the Customizer is not enough - Create a child theme from your installed themes and customize styles, templates, functions and more.

300K No CVEs

Developer Profile

Gecka Submenu Developer Profile

Gecka

4 plugins · 3K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Gecka Submenu

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/gecka-submenu/widgets/Custom-menu.php/wp-content/plugins/gecka-submenu/models/Submenu.php/wp-content/plugins/gecka-submenu/models/Shortcodes.php/wp-content/plugins/gecka-submenu/models/NavMenuHacks.php

HTML / DOM Fingerprints

CSS Classes

description

FAQ