WP-Safety

Mega Navify – The Ultimate Mega Menu Security & Risk Analysis

wordpress.org/plugins/mega-navify

Create stunning mega menus effortlessly with Mega Navify! Easy drag-and-drop, widget support, and customizable styles for your WordPress site.

0 active installs v1.0 PHP 7.4+ WP 6.0+ Updated Nov 21, 2024
dropdown-menumegamenumenu-buildermenu-widgetnavigation
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Mega Navify – The Ultimate Mega Menu Safe to Use in 2026?

Generally Safe

Score 92/100

Mega Navify – The Ultimate Mega Menu has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The "mega-navify" v1.0 plugin exhibits a generally good security posture with a notable concern regarding the presence of the `unserialize` function. While the static analysis indicates a substantial attack surface of 28 AJAX handlers, all are reported to have authentication checks, which is a positive sign. The absence of REST API routes, shortcodes, and cron events further limits potential entry points. The code signals reveal good practices in SQL query handling, with 100% using prepared statements, and a high percentage of output escaping. However, the finding of 4 flows with unsanitized paths, including 2 of high severity, is a significant risk that requires immediate attention. The plugin's vulnerability history is clean, with no known CVEs, which suggests that past development may have been secure, or that it has not been subjected to extensive vulnerability research. Despite the clean history, the identified taint flows with unsanitized paths represent a concrete and current risk that overshadows the otherwise positive indicators.

Key Concerns

  • High severity taint flows found
  • Unsanitized paths in taint flows
  • Dangerous function 'unserialize' present
  • Capability checks present but limited
Vulnerabilities
None known

Mega Navify – The Ultimate Mega Menu Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Mega Navify – The Ultimate Mega Menu Code Analysis

Dangerous Functions
4
Raw SQL Queries
0
0 prepared
Unescaped Output
25
168 escaped
Nonce Checks
17
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$save_settings = unserialize($save_settings);includes\admin\class-meganavify-menu-model.php:344
unserialize$item_settings = unserialize($item_settings);includes\admin\class-meganavify-menu-model.php:517
unserialize$item_settings = unserialize($item_settings );includes\admin\forms\navify-megamenu-settings.php:8
unserializereturn unserialize($item_settings);includes\meganavify-misc-functions.php:114

Output Escaping

87% escaped193 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

8 flows4 with unsanitized paths
meganavify_edit_column_widget (includes\admin\class-meganavify-widgets.php:211)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Mega Navify – The Ultimate Mega Menu Attack Surface

Entry Points28
Unprotected0

AJAX Handlers 28

authwp_ajax_meganavify_save_settingsincludes\admin\class-meganavify-admin.php:716
noprivwp_ajax_meganavify_save_settingsincludes\admin\class-meganavify-admin.php:717
authwp_ajax_meganavify_register_menu_locationincludes\admin\class-meganavify-admin.php:725
noprivwp_ajax_meganavify_register_menu_locationincludes\admin\class-meganavify-admin.php:726
authwp_ajax_meganavify_save_location_settingsincludes\admin\class-meganavify-admin.php:728
noprivwp_ajax_meganavify_save_location_settingsincludes\admin\class-meganavify-admin.php:729
authwp_ajax_meganavify_get_grid_systemincludes\admin\class-meganavify-menu-model.php:666
noprivwp_ajax_meganavify_get_grid_systemincludes\admin\class-meganavify-menu-model.php:667
authwp_ajax_meganavify_get_menu_item_settingsincludes\admin\class-meganavify-menu-model.php:669
noprivwp_ajax_meganavify_get_menu_item_settingsincludes\admin\class-meganavify-menu-model.php:670
authwp_ajax_meganavify_save_menu_item_settingsincludes\admin\class-meganavify-menu-model.php:672
noprivwp_ajax_meganavify_save_menu_item_settingsincludes\admin\class-meganavify-menu-model.php:673
authwp_ajax_meganavify_get_active_tabincludes\admin\class-meganavify-menu-model.php:675
noprivwp_ajax_meganavify_get_active_tabincludes\admin\class-meganavify-menu-model.php:676
authwp_ajax_meganavify_save_get_tab_contentincludes\admin\class-meganavify-menu-model.php:678
noprivwp_ajax_meganavify_save_get_tab_contentincludes\admin\class-meganavify-menu-model.php:679
authwp_ajax_meganavify_update_menu_iconincludes\admin\class-meganavify-menu-model.php:681
noprivwp_ajax_meganavify_update_menu_iconincludes\admin\class-meganavify-menu-model.php:682
authwp_ajax_meganavify_get_lib_iconsincludes\admin\class-meganavify-menu-model.php:684
noprivwp_ajax_meganavify_get_lib_iconsincludes\admin\class-meganavify-menu-model.php:685
authwp_ajax_meganavify_remove_custom_iconincludes\admin\class-meganavify-menu-model.php:687
noprivwp_ajax_meganavify_remove_custom_iconincludes\admin\class-meganavify-menu-model.php:688
authwp_ajax_meganavify_add_column_widgetincludes\admin\class-meganavify-widgets.php:400
noprivwp_ajax_meganavify_add_column_widgetincludes\admin\class-meganavify-widgets.php:401
authwp_ajax_meganavify_edit_column_widgetincludes\admin\class-meganavify-widgets.php:403
noprivwp_ajax_meganavify_edit_column_widgetincludes\admin\class-meganavify-widgets.php:404
authwp_ajax_meganavify_save_column_widgetincludes\admin\class-meganavify-widgets.php:406
noprivwp_ajax_meganavify_save_column_widgetincludes\admin\class-meganavify-widgets.php:407
WordPress Hooks 17
actionadmin_initincludes\admin\class-meganavify-admin.php:714
actioninitincludes\admin\class-meganavify-admin.php:718
actionadmin_menuincludes\admin\class-meganavify-admin.php:720
actionafter_setup_themeincludes\admin\class-meganavify-admin.php:722
actionadmin_footerincludes\admin\class-meganavify-admin.php:723
actionadmin_initincludes\admin\class-meganavify-admin.php:730
actionadmin_initincludes\admin\class-meganavify-admin.php:731
actionadmin_post_meganavify_delete_menu_locationincludes\admin\class-meganavify-admin.php:734
actionadmin_footerincludes\admin\class-meganavify-menu-model.php:664
filterwp_nav_menu_argsincludes\class-meganavify-megamenu.php:140
actionadmin_enqueue_scriptsincludes\class-meganavify-scripts.php:152
actionwp_enqueue_scriptsincludes\class-meganavify-scripts.php:153
actionenqueue_block_editor_assetsincludes\class-meganavify-scripts.php:154
actionadmin_print_scripts-nav-menus.phpincludes\class-meganavify-scripts.php:155
actionadmin_print_styles-nav-menus.phpincludes\class-meganavify-scripts.php:156
actionadmin_print_footer_scripts-nav-menus.phpincludes\class-meganavify-scripts.php:157
actioninitincludes\compatibility\blocks\class-meganavify-block.php:79
Maintenance & Trust

Mega Navify – The Ultimate Mega Menu Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedNov 21, 2024
PHP min version7.4
Downloads673

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Mega Navify – The Ultimate Mega Menu Alternatives

WP Mega Menu

WP Mega Menu

wp-megamenu

C
61

WordPress Mega Menu is a responsive, highly customizable drag and drop menu builder plugin. Download free WordPress megamenu plugin.

9K 1 unpatched
EasyMega

EasyMega

easymega

A
100

A Mega Menu plugin that helps you create mega menu easily, beautifully.

6K No CVEs
Ollie Menu Designer

Ollie Menu Designer

ollie-menu-designer

A
100

Create custom dropdown & mobile menus using WordPress blocks. Design rich, responsive navigation with any block content in the block editor.

2K No CVEs
Navigation Block with Mega Menu

Navigation Block with Mega Menu

getwid-megamenu

A
99

Build better navigation menus with the WordPress mega menu blocks.

1K 1 CVE
Multilevel Navigation Menu

Multilevel Navigation Menu

multilevel-navigation-menu

A
92

Multilevel Navigation Menu plugin ability to add a full-screen navigation menu to our website.

500 No CVEs
Developer Profile

Mega Navify – The Ultimate Mega Menu Developer Profile

Yudiz Solutions Pvt. Ltd.

14 plugins · 6K total installs

85
trust score
Avg Security Score
96/100
Avg Patch Time
59 days
View full developer profile
Detection Fingerprints

How We Detect Mega Navify – The Ultimate Mega Menu

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/mega-navify/includes/css/meganavify-admin.css/wp-content/plugins/mega-navify/includes/js/meganavify-admin.js/wp-content/plugins/mega-navify/includes/js/meganavify-grid-system.js/wp-content/plugins/mega-navify/includes/css/meganavify-font-awesome-all.min.css/wp-content/plugins/mega-navify/includes/css/meganavify-public.css/wp-content/plugins/mega-navify/includes/js/meganavify-public.js
Script Paths
/wp-content/plugins/mega-navify/includes/js/meganavify-admin.js/wp-content/plugins/mega-navify/includes/js/meganavify-grid-system.js/wp-content/plugins/mega-navify/includes/js/meganavify-public.js
Version Parameters
mega-navify/style.css?ver=mega-navify-admin-css?ver=meganavify-admin?ver=meganavify-grid-system?ver=meganavify-font-awesome-all-admin?ver=meganavify-public-css?ver=meganavify-font-awesome-all-admin?ver=meganavify-public-js?ver=

HTML / DOM Fingerprints

JS Globals
meganavify_objectmegaNavifyGridObject
FAQ

Frequently Asked Questions about Mega Navify – The Ultimate Mega Menu