WP-Safety

Glossy Mega Menu Security & Risk Analysis

wordpress.org/plugins/glossy-mega-menu

Glossy Mega Menu is a WordPress plugin for creating stunning mega menus with Elementor, including a header and footer builder for design flexibility.

0 active installs v1.2.3 PHP 7.4+ WP 5.6+ Updated Dec 1, 2024
elementor-mega-menuglossy-mega-menuglossyitglossymegamenu
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Glossy Mega Menu Safe to Use in 2026?

Generally Safe

Score 92/100

Glossy Mega Menu has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The glossy-mega-menu plugin v1.2.3 exhibits a generally strong security posture due to its adherence to many WordPress security best practices. The plugin correctly implements capability checks and nonce checks for its identified entry points, which include AJAX handlers and a shortcode. All identified SQL queries are properly prepared, and the vast majority of output is escaped, significantly reducing the risk of common web vulnerabilities like SQL injection and cross-site scripting. Furthermore, the absence of external HTTP requests and bundled libraries simplifies the attack surface and reduces the likelihood of third-party code vulnerabilities.

However, a key concern arises from the presence of the `unserialize` function. While the static analysis did not reveal any taint flows indicating immediate exploitation, the use of `unserialize` without proper validation of its input source can lead to serious security vulnerabilities, such as Remote Code Execution (RCE) or Denial of Service (DoS) if an attacker can control the serialized data. The lack of historical vulnerabilities, while positive, does not guarantee future security and should be monitored. The plugin's low attack surface and strong adherence to other security measures are commendable, but the `unserialize` function warrants careful review and potential mitigation.

Key Concerns

  • Dangerous function: unserialize detected
Vulnerabilities
None known

Glossy Mega Menu Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Glossy Mega Menu Release Timeline

v1.2.3Current
v1.2.2
v1.2.0
v1.0.0
Code Analysis
Analyzed Apr 16, 2026

Glossy Mega Menu Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
3 prepared
Unescaped Output
4
288 escaped
Nonce Checks
6
Capability Checks
6
File Operations
1
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$meta_value = is_serialized( $local_post->meta_value ) ? unserialize( $local_post->meta_value ) : $lincludes/glossymm-hf/class-glossymm-conditions-fields.php:541

SQL Query Safety

100% prepared3 total queries

Output Escaping

99% escaped292 total outputs
Attack Surface

Glossy Mega Menu Attack Surface

Entry Points5
Unprotected0

AJAX Handlers 4

authwp_ajax_glossymm_saving_item_settingsincludes/classes/class-ajax.php:12
authwp_ajax_glossymm_get_item_settingsincludes/classes/class-ajax.php:13
authwp_ajax_glossymm_save_the_menuidincludes/classes/class-ajax.php:14
authwp_ajax_glossymm_enabled_templateincludes/classes/class-ajax.php:16

Shortcodes 1

[glossymm_hf_template] includes/glossymm-hf/glossymm-hf.php:56
WordPress Hooks 34
actionadmin_menuincludes/classes/class-admin.php:21
actionadmin_enqueue_scriptsincludes/classes/class-admin.php:22
actionrest_api_initincludes/classes/class-api.php:30
actionrest_api_initincludes/classes/class-api.php:44
actionadmin_enqueue_scriptsincludes/classes/class-assets.php:16
actionwp_enqueue_scriptsincludes/classes/class-assets.php:18
actioninitincludes/classes/class-cpt.php:12
filterelementor/frontend/admin_bar/settingsincludes/classes/class-cpt.php:15
actionwp_nav_menu_item_custom_fieldsincludes/classes/class-vertical-menu.php:10
actionwp_update_nav_menu_itemincludes/classes/class-vertical-menu.php:11
actionelementor/widgets/registerincludes/elementor/elementor.php:25
actioninitincludes/glossymm-hf/class-cpt.php:28
actionadmin_enqueue_scriptsincludes/glossymm-hf/class-cpt.php:33
actionadd_meta_boxesincludes/glossymm-hf/class-cpt.php:36
actionsave_post_glossymm_hfincludes/glossymm-hf/class-cpt.php:37
actiontemplate_redirectincludes/glossymm-hf/class-cpt.php:39
filtersingle_templateincludes/glossymm-hf/class-cpt.php:40
filtermanage_glossymm_hf_posts_columnsincludes/glossymm-hf/class-cpt.php:42
actionmanage_glossymm_hf_posts_custom_columnincludes/glossymm-hf/class-cpt.php:43
actionadmin_noticesincludes/glossymm-hf/class-cpt.php:44
filterredirect_post_locationincludes/glossymm-hf/class-cpt.php:210
actioninitincludes/glossymm-hf/glossymm-hf.php:55
actionwpincludes/glossymm-hf/themes/astra/class-glossymm-astra-compat.php:26
actiontemplate_redirectincludes/glossymm-hf/themes/astra/class-glossymm-astra-compat.php:36
actionastra_headerincludes/glossymm-hf/themes/astra/class-glossymm-astra-compat.php:37
actiontemplate_redirectincludes/glossymm-hf/themes/astra/class-glossymm-astra-compat.php:41
actionastra_footerincludes/glossymm-hf/themes/astra/class-glossymm-astra-compat.php:42
actionwpincludes/glossymm-hf/themes/default/class-default-hf-compat.php:19
actionget_headerincludes/glossymm-hf/themes/default/class-default-hf-compat.php:28
actionglossymm_headerincludes/glossymm-hf/themes/default/class-default-hf-compat.php:30
actionget_footerincludes/glossymm-hf/themes/default/class-default-hf-compat.php:34
actionglossymm_footerincludes/glossymm-hf/themes/default/class-default-hf-compat.php:35
actionplugin_loadedinit-glossymm.php:29
actionadmin_enqueue_scriptsinit-glossymm.php:31
Maintenance & Trust

Glossy Mega Menu Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedDec 1, 2024
PHP min version7.4
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Glossy Mega Menu Alternatives

Premium Addons for Elementor – Powerful Elementor Templates & Widgets

Premium Addons for Elementor – Powerful Elementor Templates & Widgets

premium-addons-for-elementor

A
95

Elementor Carousel, Mega Menu, Posts List/Slider, Media Gallery, WooCommerce Widgets, Display Conditions, Premade Templates & more.

700K 36 CVEs
RoarDev Mega Menu Builder

RoarDev Mega Menu Builder

mega-menu-builder

A
100

RoarDev Mega Menu Builder is a powerful and modern mega menu builder for WordPress. Create beautiful mega menus using WordPress native menus with Gute …

0 No CVEs
Developer Profile

Glossy Mega Menu Developer Profile

Glossy IT

1 plugin · 0 total installs

88
trust score
Avg Security Score
92/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Glossy Mega Menu

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/glossy-mega-menu/assets/options/css/options-panel.css/wp-content/plugins/glossy-mega-menu/assets/options/js/options-panel.js/wp-content/plugins/glossy-mega-menu/assets/frontend/js/nav-menu.js/wp-content/plugins/glossy-mega-menu/assets/frontend/js/vertical-nav-menu.js/wp-content/plugins/glossy-mega-menu/assets/frontend/css/nav-menu.css/wp-content/plugins/glossy-mega-menu/assets/frontend/css/vertical-nav-menu.css/wp-content/plugins/glossy-mega-menu/assets/frontend/css/responsive-nav-menu.css
Script Paths
GLOSSYMM_ADMIN_ASSETS . '/options/js/options-panel.js'GLOSSYMM_FRONTEND_ASSETS . '/js/nav-menu.js'GLOSSYMM_FRONTEND_ASSETS . '/js/vertical-nav-menu.js'
Version Parameters
glossymm-options-page?ver=glossymm-nav-menu?ver=glossymm-vertical-nav-menu?ver=glossymm-responsive-nav-menu?ver=

HTML / DOM Fingerprints

CSS Classes
glossymm-options
JS Globals
GLOSSYMM_ADMIN_ASSETSGLOSSYMM_FRONTEND_ASSETSGLOSSYMM_VERSION
FAQ

Frequently Asked Questions about Glossy Mega Menu