WP-Safety

WP Mobile Menu – The Mobile-Friendly Responsive Menu Security & Risk Analysis

wordpress.org/plugins/mobile-menu

Need some help with the mobile website experience? Need an Mobile Menu plugin that keep your mobile visitors engaged?

80K active installs v2.8.8 PHP 5.6+ WP 4.4+ Updated Jun 23, 2025
menumobilemobile-menuresponsiveresponsive-menu
96
A · Safe
CVEs total4
Unpatched0
Last CVEJul 30, 2024
Plugin page Download
Safety Verdict

Is WP Mobile Menu – The Mobile-Friendly Responsive Menu Safe to Use in 2026?

Generally Safe

Score 96/100

WP Mobile Menu – The Mobile-Friendly Responsive Menu has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: Jul 30, 2024Updated 9mo ago
Risk Assessment

The "mobile-menu" v2.8.8 plugin presents a significant security risk primarily due to its large attack surface with unprotected AJAX handlers and a history of prevalent vulnerabilities. While the plugin utilizes prepared statements for SQL queries and has some capability checks, the overwhelming number of AJAX handlers lacking authentication is a major concern. This indicates a high likelihood of unauthorized access and manipulation of plugin functionalities. The taint analysis, though limited in scope, did not reveal critical or high-severity unsanitized flows, which is a positive sign. However, the static analysis flags the use of `unserialize`, a function known for its potential to introduce vulnerabilities if used with untrusted data, and a low percentage of properly escaped output, increasing the risk of Cross-Site Scripting (XSS). The vulnerability history, featuring multiple medium-severity issues and one high-severity issue, including Missing Authorization and CSRF, reinforces the concerns about the plugin's security posture and suggests recurring weaknesses in its authorization and input validation mechanisms. The recent vulnerability in July 2024, even if currently patched, points to ongoing security challenges. In conclusion, despite some good practices like prepared SQL statements, the plugin's extensive unprotected entry points and historical vulnerability patterns make it a considerable security risk.

Key Concerns

  • 6 AJAX handlers without auth checks
  • 1 dangerous function (unserialize)
  • 15% of outputs properly escaped
  • 2 nonces, 4 capability checks vs 6 entry points
  • Total 4 known CVEs (1 high, 3 medium)
  • Bundled Freemius v1.0
  • Bundled Select2
Vulnerabilities
4

WP Mobile Menu – The Mobile-Friendly Responsive Menu Security Vulnerabilities

CVEs by Year

1 CVE in 2019
2019
3 CVEs in 2024
2024
Patched Has unpatched

Severity Breakdown

High
1
Medium
3

4 total CVEs

CVE-2024-2508medium · 5.3Missing Authorization

WP Mobile Menu <= 2.8.4.4 - Missing Authorization to _mobmenu_icon Post Meta Modification

Jul 30, 2024 Patched in 2.8.5 (1d)
CVE-2024-37274medium · 4.3Cross-Site Request Forgery (CSRF)

WP Mobile Menu <= 2.8.4.3 - Cross-Site Request Forgery

Jun 27, 2024 Patched in 2.8.4.4 (6d)
CVE-2024-3987medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Mobile Menu – The Mobile-Friendly Responsive Menu <= 2.8.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Alt

Jun 6, 2024 Patched in 2.8.4.3 (1d)
WF-3fda31fa-efc9-44b9-99ba-9e3e23aa2ee0-mobile-menuhigh · 8.8Missing Authorization

Freemius SDK <= 2.2.3 - Missing Authorization to Arbitrary Options Update

Feb 25, 2019 Patched in 2.7.3 (1793d)
Code Analysis
Analyzed Mar 16, 2026

WP Mobile Menu – The Mobile-Friendly Responsive Menu Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
189
33 escaped
Nonce Checks
2
Capability Checks
4
File Operations
5
External Requests
0
Bundled Libraries
2

Dangerous Functions Found

unserialize$admin_options = unserialize( $current_options );mobmenu.php:250

Bundled Libraries

Freemius1.0Select2

Output Escaping

15% escaped222 total outputs
Data Flows
All sanitized

Data Flow Analysis

3 flows
get_icons_html (includes\class-wp-mobile-menu-core.php:133)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
6 unprotected

WP Mobile Menu – The Mobile-Friendly Responsive Menu Attack Surface

Entry Points6
Unprotected6

AJAX Handlers 6

authwp_ajax_get_icons_htmlmobmenu.php:189
noprivwp_ajax_get_icons_htmlmobmenu.php:190
authwp_ajax_save_menu_item_iconmobmenu.php:191
authwp_ajax_dismiss_wp_mobile_upgrade_noticemobmenu.php:192
authwp_ajax_mobile_menu_search__premium_onlymobmenu.php:193
noprivwp_ajax_mobile_menu_search__premium_onlymobmenu.php:194
WordPress Hooks 15
filtershow_admin_barincludes\class-wp-mobile-menu-core.php:678
actioninitincludes\class-wp-mobile-menu-options.php:41
actionafter_uninstallmobmenu.php:50
actionadmin_enqueue_scriptsmobmenu.php:62
actionwp_loadedmobmenu.php:65
actioninitmobmenu.php:67
actioninitmobmenu.php:69
filterplugin_row_metamobmenu.php:71
actioninitmobmenu.php:79
actionplugins_loadedmobmenu.php:82
actionwp_footermobmenu.php:165
actionwp_enqueue_scriptsmobmenu.php:167
actionbody_classmobmenu.php:169
filterwoocommerce_add_to_cart_fragmentsmobmenu.php:173
actionmobile_menu_importer_pagemobmenu.php:241
Maintenance & Trust

WP Mobile Menu – The Mobile-Friendly Responsive Menu Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJun 23, 2025
PHP min version5.6
Downloads2.3M

Community Trust

Rating94/100
Number of ratings256
Active installs80K
Alternatives

WP Mobile Menu – The Mobile-Friendly Responsive Menu Alternatives

Max Mega Menu

Max Mega Menu

megamenu

A
99

An easy to use mega menu plugin. Written the WordPress way.

300K 2 CVEs
QuadMenu – Mega Menu

QuadMenu – Mega Menu

quadmenu

A
94

Responsive mega menu plugin for WordPress with customizable layouts and an intuitive drag-and-drop builder.

10K 2 CVEs
Easy Mega Menu Plugin for WordPress – ThemeHunk

Easy Mega Menu Plugin for WordPress – ThemeHunk

themehunk-megamenu-plus

B
75

Free, fast, and user-friendly mega menu plugin for WordPress & WooCommerce. Add pages, posts, widgets, products, text, and custom links effortlessly.

2K 1 unpatched
Mobile Menu Builder for WordPress

Mobile Menu Builder for WordPress

mobile-menu-builder

A
85

WordPress Mobile Menu Builder plugin is specially designed for mobiles. It is easy to use, customizable, and is highly flexible.

600 No CVEs
Slide-out Menu – Mobile Friendly modern navigation

Slide-out Menu – Mobile Friendly modern navigation

simple-slideout-menu

A
85

It lets you create beautiful slide-out navigation for your WordPress site. Break down your long ugly menu with a slide-out menu.

600 No CVEs
Developer Profile

WP Mobile Menu – The Mobile-Friendly Responsive Menu Developer Profile

Rui Guerreiro

4 plugins · 180K total installs

73
trust score
Avg Security Score
91/100
Avg Patch Time
421 days
View full developer profile
Detection Fingerprints

How We Detect WP Mobile Menu – The Mobile-Friendly Responsive Menu

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/mobile-menu/assets/css/frontend.css/wp-content/plugins/mobile-menu/assets/css/jquery.mmenu.all.css/wp-content/plugins/mobile-menu/assets/css/responsive.css/wp-content/plugins/mobile-menu/assets/js/frontend.js/wp-content/plugins/mobile-menu/assets/js/jquery.mmenu.min.all.js/wp-content/plugins/mobile-menu/assets/js/owl.carousel.min.js/wp-content/plugins/mobile-menu/admin/css/admin.css/wp-content/plugins/mobile-menu/admin/js/admin.js+3 more
Script Paths
/wp-content/plugins/mobile-menu/assets/js/frontend.js/wp-content/plugins/mobile-menu/assets/js/jquery.mmenu.min.all.js/wp-content/plugins/mobile-menu/assets/js/owl.carousel.min.js/wp-content/plugins/mobile-menu/admin/js/admin.js/wp-content/plugins/mobile-menu/freemius/assets/js/freemius-forms.js/wp-content/plugins/mobile-menu/freemius/assets/js/freemius-sdk.js
Version Parameters
mobile-menu/assets/css/frontend.css?ver=mobile-menu/assets/css/jquery.mmenu.all.css?ver=mobile-menu/assets/css/responsive.css?ver=mobile-menu/assets/js/frontend.js?ver=mobile-menu/assets/js/jquery.mmenu.min.all.js?ver=mobile-menu/assets/js/owl.carousel.min.js?ver=mobile-menu/admin/css/admin.css?ver=mobile-menu/admin/js/admin.js?ver=mobile-menu/freemius/assets/css/freemius-forms.css?ver=mobile-menu/freemius/assets/js/freemius-forms.js?ver=mobile-menu/freemius/assets/js/freemius-sdk.js?ver=

HTML / DOM Fingerprints

CSS Classes
mm-menumm-wrappermm-pagewp-mobile-menu-wrapperwp-mobile-menu-content
HTML Comments
<!-- WP Mobile Menu --><!-- WP Mobile Menu Core --><!-- WP Mobile Menu Nav Menu -->
Data Attributes
data-mmenu-themedata-mmenu-position
JS Globals
wpmobilemenuMobileMenuOptions
REST Endpoints
/wp-json/mobile-menu/v1/search
FAQ

Frequently Asked Questions about WP Mobile Menu – The Mobile-Friendly Responsive Menu