WP-Safety

HT Menu – WordPress Mega Menu Builder for Elementor Security & Risk Analysis

wordpress.org/plugins/ht-menu-lite

HT Menu is a Elementor page builder addon to create menu and mega menu for WordPress websites. It allows to add Elementor templates to build coloumn a …

3K active installs v1.2.5 PHP + WP 5.0+ Updated Apr 17, 2025
elementormega-menumegamenumenuwidget
100
A · Safe
CVEs total1
Unpatched0
Last CVEMar 30, 2023
Plugin page Download
Safety Verdict

Is HT Menu – WordPress Mega Menu Builder for Elementor Safe to Use in 2026?

Generally Safe

Score 100/100

HT Menu – WordPress Mega Menu Builder for Elementor has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Mar 30, 2023Updated 11mo ago
Risk Assessment

The ht-menu-lite v1.2.5 plugin exhibits a mixed security posture. While it demonstrates strengths in areas like exclusively using prepared statements for SQL queries and implementing nonce and capability checks on its entry points, several concerns warrant attention. The presence of a dangerous `create_function` function is a significant code signal risk, as this function is deprecated and can be exploited in various ways if not handled with extreme care. Furthermore, the taint analysis revealing two flows with unsanitized paths, although not classified as critical or high severity, indicates a potential for unexpected data handling and possible injection vectors if these paths involve user-supplied input. The vulnerability history, specifically the medium-severity CVE, although currently patched, suggests that the plugin has had past security weaknesses. The lack of unpatched CVEs is positive, but the pattern of past vulnerabilities, including CSRF, suggests a need for continued vigilance in code review and security best practices. Overall, while the plugin has good foundations, the identified code signals and taint analysis results present areas of potential risk that could be exploited.

Key Concerns

  • Dangerous function detected (`create_function`)
  • Taint flows with unsanitized paths
  • Medium severity vulnerability in history
  • Output escaping only 52% properly escaped
Vulnerabilities
1

HT Menu – WordPress Mega Menu Builder for Elementor Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2023-23791medium · 4.3Cross-Site Request Forgery (CSRF)

HT Menu <= 1.2.1 - Cross-Site Request Forgery via plugin_activation

Mar 30, 2023 Patched in 1.2.2 (299d)
Code Analysis
Analyzed Mar 16, 2026

HT Menu – WordPress Mega Menu Builder for Elementor Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
67
73 escaped
Nonce Checks
4
Capability Checks
4
File Operations
0
External Requests
2
Bundled Libraries
0

Dangerous Functions Found

create_function$callback = create_function('', 'echo "' . str_replace( '"', '\"', $section['desc'] ) . '";');include\admin\include\class.settings-api.php:105

Output Escaping

52% escaped140 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

5 flows2 with unsanitized paths
templates_ajax_request (include\admin\include\template-library.php:161)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

HT Menu – WordPress Mega Menu Builder for Elementor Attack Surface

Entry Points3
Unprotected0

AJAX Handlers 3

authwp_ajax_htmegamenu_ajax_requestinclude\admin\include\template-library.php:26
noprivwp_ajax_htmegamenu_ajax_requestinclude\admin\include\template-library.php:27
authwp_ajax_HT_Mega_Menu_Panels_ajax_requestsinclude\class.mega-menu.php:29
WordPress Hooks 27
actionadmin_enqueue_scriptsinclude\admin\admin-init.php:9
actionadmin_initinclude\admin\include\admin-setting.php:13
actionadmin_menuinclude\admin\include\admin-setting.php:14
actionwsa_form_bottom_htmegamenu_general_tabsinclude\admin\include\admin-setting.php:15
actionadmin_enqueue_scriptsinclude\admin\include\class.settings-api.php:28
actioninitinclude\admin\include\Recommended_Plugins.php:77
actionadmin_menuinclude\admin\include\Recommended_Plugins.php:78
actionadmin_enqueue_scriptsinclude\admin\include\Recommended_Plugins.php:79
actionadmin_menuinclude\admin\include\template-library.php:25
actionadmin_enqueue_scriptsinclude\admin\include\template-library.php:29
actioninitinclude\class.mega-menu.php:19
actionplugins_loadedinclude\class.mega-menu.php:20
filterbody_classinclude\class.mega-menu.php:23
actionadmin_initinclude\class.mega-menu.php:56
actionadmin_noticesinclude\class.mega-menu.php:57
actionadmin_noticesinclude\class.mega-menu.php:63
actionadmin_initinclude\class.mega-menu.php:76
actionelementor/widgets/widgets_registeredinclude\class.mega-menu.php:84
actionadmin_enqueue_scriptsinclude\class.mega-menu.php:87
actionadmin_footerinclude\class.mega-menu.php:89
actionwp_enqueue_scriptsinclude\class.mega-menu.php:92
actionwp_enqueue_scriptsinclude\class.mega-menu.php:93
actionelementor/initinclude\helper-function.php:20
filterwp_setup_nav_menu_iteminclude\menu\htmenu_menu.php:7
actionwp_update_nav_menu_iteminclude\menu\htmenu_menu.php:10
filterwp_setup_nav_menu_iteminclude\menu\menu_term.php:21
filterwp_nav_menu_argsinclude\menu\menu_term.php:22
Maintenance & Trust

HT Menu – WordPress Mega Menu Builder for Elementor Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedApr 17, 2025
PHP min version
Downloads67K

Community Trust

Rating56/100
Number of ratings9
Active installs3K
Alternatives

HT Menu – WordPress Mega Menu Builder for Elementor Alternatives

RT Mega Menu – Mega Menu Builder for Elementor & Gutenberg

RT Mega Menu – Mega Menu Builder for Elementor & Gutenberg

rt-mega-menu

A
100

RT Mega Menu is a powerful WordPress mega menu plugin that lets you build advanced, responsive mega menus using Elementor or the Gutenberg block edito &hellip;

7K No CVEs
ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor

ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor

elementskit-lite

A
89

Join millions who empower their websites with ElementsKit Elementor Addons. Get templates, & 100+ widgets like header-footer, mega menu, custom widget

2.0M 21 CVEs
Premium Addons for Elementor – Powerful Elementor Templates & Widgets

Premium Addons for Elementor – Powerful Elementor Templates & Widgets

premium-addons-for-elementor

A
95

Elementor Carousel, Mega Menu, Posts List/Slider, Media Gallery, WooCommerce Widgets, Display Conditions, Premade Templates & more.

700K 35 CVEs
Happy Addons for Elementor

Happy Addons for Elementor

happy-elementor-addons

A
95

HappyAddons for Elementor-Get Header Footer, Single Post, Archive Page, Megamenu, Slider Builder & 143 Elementor Widgets.

400K 40 CVEs
HT Mega Addons for Elementor – Elementor Widgets & Template Builder

HT Mega Addons for Elementor – Elementor Widgets & Template Builder

ht-mega-for-elementor

B
82

Elementor addon offering 135+ widgets — Mega Menu, Ready Templates, Page Builder, Slider, Gallery, Post Grid, AI Writer & more.

80K 32 CVEs
Developer Profile

HT Menu – WordPress Mega Menu Builder for Elementor Developer Profile

HasThemes

14 plugins · 16K total installs

77
trust score
Avg Security Score
97/100
Avg Patch Time
179 days
View full developer profile
Detection Fingerprints

How We Detect HT Menu – WordPress Mega Menu Builder for Elementor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ht-menu-lite/include/admin/assets/css/admin_optionspanel.css
Version Parameters
ht-menu-lite/include/admin/assets/css/admin_optionspanel.css?ver=1.2.5

HTML / DOM Fingerprints

CSS Classes
htmegamenu-adminelement_section_title
JS Globals
HTMEGA_MENU_VERSIONHTMEGA_MENU_PL_URL
FAQ

Frequently Asked Questions about HT Menu – WordPress Mega Menu Builder for Elementor