WP-Safety

Easy menus Security & Risk Analysis

wordpress.org/plugins/jquery-easy-menu

Plugin to load different types of menus with pictures.

60 active installs v3.1 PHP + WP 2.8+ Updated Jul 1, 2014
cssdropdownimage-menumenushortcodes
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Easy menus Safe to Use in 2026?

Generally Safe

Score 85/100

Easy menus has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago
Risk Assessment

The "jquery-easy-menu" v3.1 plugin presents a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for its SQL queries and conducting no external HTTP requests. The absence of known vulnerabilities in its history is also a positive indicator, suggesting a lack of historically exploitable flaws. However, significant concerns arise from the static analysis. The plugin has a notable attack surface with one unprotected AJAX handler, creating a potential entry point for unauthorized actions. The use of the `create_function` dangerous function is a red flag, often associated with code injection vulnerabilities, although no taint flows were detected in this analysis. Furthermore, a very low percentage of outputs are properly escaped, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities. The complete lack of nonce and capability checks on its entry points amplifies these risks, leaving the plugin vulnerable to unauthorized access and manipulation.

Key Concerns

  • Unprotected AJAX handler
  • Use of dangerous function create_function
  • Low percentage of properly escaped output
  • Missing nonce checks on entry points
  • Missing capability checks on entry points
Vulnerabilities
None known

Easy menus Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Easy menus Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
19
7 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

create_functionadd_action( 'widgets_init', create_function('', 'return register_widget("wp_easymenu");') );jquery-easy-menu.php:1102

Output Escaping

27% escaped26 total outputs
Attack Surface
1 unprotected

Easy menus Attack Surface

Entry Points2
Unprotected1

AJAX Handlers 1

authwp_ajax_jqem_added_thumbnailjquery-easy-menu.php:80

Shortcodes 1

[easymenu] jquery-easy-menu.php:412
WordPress Hooks 23
filteradmin_post_thumbnail_htmlinc\admin.php:31
filterwp_edit_nav_menu_walkerinc\admin.php:34
actionadmin_menuinc\admin.php:37
filterattachment_fields_to_editinc\admin.php:40
filterattachment_fields_to_saveinc\admin.php:43
actionadmin_print_scripts-nav-menus.phpinc\admin.php:55
actioninitjquery-easy-menu.php:48
filternav_menu_css_classjquery-easy-menu.php:84
filterwalker_nav_menu_start_eljquery-easy-menu.php:85
filterthe_titlejquery-easy-menu.php:255
filterwp_get_attachment_image_attributesjquery-easy-menu.php:256
filterwp_get_attachment_image_attributesjquery-easy-menu.php:257
actionmedia_buttonsjquery-easy-menu.php:344
actionadmin_footerjquery-easy-menu.php:409
actionadmin_headjquery-easy-menu.php:840
actionwp_enqueue_scriptsjquery-easy-menu.php:841
actionplugins_loadedjquery-easy-menu.php:846
actionwp_headjquery-easy-menu.php:870
actionadmin_headjquery-easy-menu.php:871
actionwp_footerjquery-easy-menu.php:873
actionadmin_footerjquery-easy-menu.php:874
actionwp_footerjquery-easy-menu.php:876
actionwidgets_initjquery-easy-menu.php:1102
Maintenance & Trust

Easy menus Maintenance & Trust

Maintenance Signals

WordPress version tested3.9.40
Last updatedJul 1, 2014
PHP min version
Downloads25K

Community Trust

Rating46/100
Number of ratings3
Active installs60
Alternatives

Easy menus Alternatives

Webfish Dropdown Menu

Webfish Dropdown Menu

webfish-dropdown-menu

A
85

If you want a simple dropdown menu on your site and have no knowledge of coding, this is the plugin for you.

70 No CVEs
WP Spry Menu

WP Spry Menu

wp-spry-menu

A
85

Create Spry Drop Down Menu for WordPress category.

70 No CVEs
Last Edited Posts

Last Edited Posts

vertical-menu

A
85

Show All Categories in Verticall menu.

40 No CVEs
Navigation menu as Dropdown Widget

Navigation menu as Dropdown Widget

navigation-menu-as-dropdown-widget

A
99

WordPress plugin which provides a widget with a clickable dropdown of a WordPress navigation menu. It supports one level of parent-child menu's.

3K 1 CVE
Popular Brand Icons – Simple Icons

Popular Brand Icons – Simple Icons

simple-icons

C
63

An easy to use lightweight SVG icons plugin with over 1500+ brand icons. Use these icons in your menus, widgets, posts, or pages.

3K 1 unpatched
Developer Profile

Easy menus Developer Profile

extendyourweb

4 plugins · 130 total installs

85
trust score
Avg Security Score
87/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Easy menus

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/jquery-easy-menu/css/easy-menu.css/wp-content/plugins/jquery-easy-menu/js/easy-menu.js
Script Paths
/wp-content/plugins/jquery-easy-menu/js/easy-menu.js
Version Parameters
jquery-easy-menu/style.css?ver=jquery-easy-menu/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
jqem-menujqem-menu-item-thumbnail
Data Attributes
data-id
JS Globals
jqem_added_thumbnail
FAQ

Frequently Asked Questions about Easy menus