WP-Safety

Main Menu HTML Sitemap Security & Risk Analysis

wordpress.org/plugins/main-menu-html-site-map

Your site need html sitemap for SEO enhance. This plugin will make it easy.

100 active installs v2.0.3 PHP 5.6+ WP 4.6+ Updated Feb 8, 2025
custom-sitemaphtml-sitemapseo-sitemapsitemapxml-sitemap
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Main Menu HTML Sitemap Safe to Use in 2026?

Generally Safe

Score 92/100

Main Menu HTML Sitemap has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The "main-menu-html-site-map" plugin v2.0.3 exhibits a mixed security posture. On the positive side, the plugin has no known vulnerabilities, no dangerous functions, no direct SQL queries (all use prepared statements), no file operations, no external HTTP requests, and no taint analysis findings, which are all strong indicators of good security practices. Furthermore, the attack surface is minimal with no unprotected entry points. However, a significant concern arises from the complete lack of output escaping for all 18 detected outputs. This means that any data displayed by the plugin could potentially be rendered in an unsafe manner, opening the door to cross-site scripting (XSS) vulnerabilities if user-supplied data is ever displayed. The absence of nonce and capability checks, while not directly exploitable due to the lack of other attack vectors, represents a missed opportunity for robust authorization and input validation.

In conclusion, while the plugin benefits from a clean vulnerability history and a secure handling of database interactions and external communication, the pervasive lack of output escaping is a critical weakness that significantly elevates the risk profile. This omission, coupled with the missing authorization checks, suggests that while the plugin might be safe in its current, limited use case, it is not built with the most robust security principles, leaving it vulnerable to XSS if its functionality were ever expanded to handle untrusted input.

Key Concerns

  • Unescaped output for all outputs
  • Missing nonce checks
  • Missing capability checks
Vulnerabilities
None known

Main Menu HTML Sitemap Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Main Menu HTML Sitemap Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
18
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

0% escaped18 total outputs
Attack Surface

Main Menu HTML Sitemap Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[mainmenu-sitemap] admin\class-mmh-sitemap-settings.php:709
WordPress Hooks 9
actionplugins_loadedincludes\class-mmh-sitemap.php:142
actionadmin_enqueue_scriptsincludes\class-mmh-sitemap.php:158
actionadmin_enqueue_scriptsincludes\class-mmh-sitemap.php:159
actionadmin_menuincludes\class-mmh-sitemap.php:161
actionadmin_initincludes\class-mmh-sitemap.php:162
actionadmin_initincludes\class-mmh-sitemap.php:163
actioninitincludes\class-mmh-sitemap.php:165
actionwp_enqueue_scriptsincludes\class-mmh-sitemap.php:180
actionwp_enqueue_scriptsincludes\class-mmh-sitemap.php:181
Maintenance & Trust

Main Menu HTML Sitemap Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedFeb 8, 2025
PHP min version5.6
Downloads3K

Community Trust

Rating0/100
Number of ratings0
Active installs100
Alternatives

Main Menu HTML Sitemap Alternatives

XML Sitemap Generator for Google

XML Sitemap Generator for Google

google-sitemap-generator

A
96

Generate multiple types of sitemaps to improve SEO and get your website indexed quickly.

1.0M 3 CVEs
Simple Sitemap – Create a Responsive HTML Sitemap

Simple Sitemap – Create a Responsive HTML Sitemap

simple-sitemap

A
97

Create a HTML sitemap and preview directly inside the editor! No more complicated shortcodes. Boost the SEO performance of your WordPress site.

70K 3 CVEs
Sitemap by click5

Sitemap by click5

sitemap-by-click5

A
85

Best WordPress Sitemap plugin to generate and customize HTML & XML sitemaps for your website.

6K 1 CVE
Really Simple XML and HTML Sitemap

Really Simple XML and HTML Sitemap

really-simple-xml-and-html-sitemap

A
100

You can add Sitemap on any posts, or pages using the shortcode [rsxh_sitemap] and it also generates an XML Sitemap which will be placed on site root d …

100 No CVEs
Easy Sitemap Page

Easy Sitemap Page

easy-sitemap-page

A
85

Add responsive sitemap in page using simple shortcode. No any extra setup required. Easy to customize.

10 No CVEs
Developer Profile

Main Menu HTML Sitemap Developer Profile

Apsara Aruna

11 plugins · 700 total installs

87
trust score
Avg Security Score
90/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Main Menu HTML Sitemap

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/main-menu-html-site-map/admin/css/mmh-sitemap-admin.css/wp-content/plugins/main-menu-html-site-map/admin/js/mmh-sitemap-admin.js
Script Paths
/wp-content/plugins/main-menu-html-site-map/admin/js/mmh-sitemap-admin.js
Version Parameters
mmh-sitemap-admin.css?ver=mmh-sitemap-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
mmh-sitemap-admin
HTML Comments
The class responsible for orchestrating the actions and filters of the * core plugin.This function is provided for demonstration purposes only.An instance of this class should be passed to the run() function * defined in Mmh_Sitemap_Loader as all of the hooks are defined * in that particular class.The Mmh_Sitemap_Loader will then create the relationship * between the defined hooks and the functions defined in this * class.
Data Attributes
data-plugin-namedata-version
JS Globals
window.mmh_sitemap_admin
FAQ

Frequently Asked Questions about Main Menu HTML Sitemap