Does Opal Mega Menu have any unpatched vulnerabilities?

No. All known vulnerabilities in Opal Mega Menu have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Opal Mega Menu compatible with WordPress 5.9.13?

According to WordPress.org data, Opal Mega Menu 1.1.16 has been tested up to WordPress 5.9.13. Check the plugin's changelog for the latest compatibility information.

How often is Opal Mega Menu updated?

Opal Mega Menu was last updated on Feb 7, 2023. Frequent updates are generally a positive security signal.

What is Opal Mega Menu's security score?

Opal Mega Menu has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Opal Mega Menu Security & Risk Analysis

wordpress.org/plugins/opal-megamenu-for-elementor

This is great menu for your site which built in with elementor. This modules supports displaying rich content in submenu items with columns and row.

400 active installs v1.1.16 PHP + WP 5.0+ Updated Feb 7, 2023

builder-menu-page-builderbuilder-pageelementormegamenunav-menu-page-builder

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Opal Mega Menu Safe to Use in 2026?

Generally Safe

Score 85/100

Opal Mega Menu has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago

Risk Assessment

The "opal-megamenu-for-elementor" v1.1.16 plugin exhibits a mixed security posture. On the positive side, it has a relatively small attack surface with only two AJAX handlers and no REST API routes or shortcodes. Crucially, all SQL queries are properly prepared, and there are no recorded vulnerabilities in its history, suggesting a history of responsible development or a lack of prior exploitation. The presence of nonce checks on its AJAX endpoints is also a positive security measure.

However, there are significant concerns regarding output escaping. With only 39% of outputs properly escaped, a substantial portion of the plugin's output is potentially vulnerable to cross-site scripting (XSS) attacks. This is a critical weakness that could be exploited if user-supplied data is not adequately sanitized before being displayed to the user. The absence of capability checks on its entry points, while having nonce checks, means that while replay attacks might be mitigated, other forms of unauthorized access to the AJAX actions are not prevented by WordPress's role-based access control.

Overall, while the plugin avoids common pitfalls like raw SQL or bundled vulnerable libraries, the high percentage of unescaped output represents a serious risk. The lack of historical vulnerabilities is a good sign but does not negate the immediate security concerns identified in the code analysis. The plugin needs to address its output escaping immediately to improve its security posture.

Key Concerns

Insufficient output escaping (39% proper)
No capability checks on AJAX handlers

Vulnerabilities

None known

Opal Mega Menu Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Opal Mega Menu Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

21 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

39% escaped54 total outputs

Attack Surface

Opal Mega Menu Attack Surface

Entry Points2

Unprotected0

AJAX Handlers 2

authwp_ajax_osf_load_menu_dataincludes\hook-functions.php:133

authwp_ajax_osf_update_menu_item_dataincludes\hook-functions.php:175

WordPress Hooks 24

actionadmin_enqueue_scriptsincludes\admin\class-admin-assets.php:13

actionelementor/editor/after_enqueue_scriptsincludes\admin\class-admin-assets.php:14

actionadmin_menuincludes\admin\class-admin-menu.php:15

actionadmin_enqueue_scriptsincludes\admin\class-admin-menu.php:17

actionadmin_initincludes\admin\class-admin.php:11

actionelementor/frontend/after_register_stylesincludes\class-frontend.php:11

actionelementor/frontend/after_register_scriptsincludes\class-frontend.php:12

actioninitincludes\class-menu-item-post-type.php:16

actiontemplate_includeincludes\class-menu-item-post-type.php:17

actionelementor/widgets/registerincludes\hook-functions.php:5

actionbefore_delete_postincludes\hook-functions.php:22

filterelementor/editor/footerincludes\hook-functions.php:41

filteropal_nav_menu_argsincludes\hook-functions.php:196

actionadmin_footerincludes\hook-functions.php:203

filternav_menu_link_attributesincludes\widgets\megamenu.php:1110

filternav_menu_submenu_css_classincludes\widgets\megamenu.php:1111

filternav_menu_item_idincludes\widgets\megamenu.php:1112

filternav_menu_link_attributesincludes\widgets\nav_menu.php:1120

filternav_menu_submenu_css_classincludes\widgets\nav_menu.php:1121

filternav_menu_item_idincludes\widgets\nav_menu.php:1122

actionplugins_loadedopalmegamenu.php:41

filternav_menu_link_attributestemplates\widgets\megamenu.php:1250

filternav_menu_submenu_css_classtemplates\widgets\megamenu.php:1251

filternav_menu_item_idtemplates\widgets\megamenu.php:1252

Maintenance & Trust

Opal Mega Menu Maintenance & Trust

Maintenance Signals

WordPress version tested5.9.13

Last updatedFeb 7, 2023

PHP min version

Downloads29K

Community Trust

Rating60/100

Number of ratings2

Active installs400

Alternatives

Opal Mega Menu Alternatives

RT Mega Menu – Mega Menu Builder for Elementor & Gutenberg

rt-mega-menu

100

RT Mega Menu is a powerful WordPress mega menu plugin that lets you build advanced, responsive mega menus using Elementor or the Gutenberg block edito …

7K No CVEs

HT Menu – WordPress Mega Menu Builder for Elementor

ht-menu-lite

100

HT Menu is a Elementor page builder addon to create menu and mega menu for WordPress websites. It allows to add Elementor templates to build coloumn a …

3K 1 CVE

Elementor Website Builder – More Than Just a Page Builder

elementor

The Elementor Website Builder has it all: drag and drop page builder, pixel perfect design, mobile responsive editing, and more. Get started now!

10.0M 45 CVEs

Starter Templates – AI-Powered Templates for Elementor & Gutenberg

astra-sites

The growing library of 300+ ready-to-use templates that work with all WordPress themes including Astra, Hello, OceanWP, GeneratePress and more

2.0M 7 CVEs

ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor

elementskit-lite

Join millions who empower their websites with ElementsKit Elementor Addons. Get templates, & 100+ widgets like header-footer, mega menu, custom widget

2.0M 21 CVEs

Developer Profile

Opal Mega Menu Developer Profile

wpopal

19 plugins · 3K total installs

trust score

Avg Security Score

90/100

Avg Patch Time

50 days

View full developer profile

Detection Fingerprints

How We Detect Opal Mega Menu

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/opal-megamenu-for-elementor/assets/js/editor.js/wp-content/plugins/opal-megamenu-for-elementor/assets/js/admin.js/wp-content/plugins/opal-megamenu-for-elementor/assets/css/admin.css/wp-content/plugins/opal-megamenu-for-elementor/assets/css/frontend.css/wp-content/plugins/opal-megamenu-for-elementor/assets/js/libs/jquery.smartmenus.min.js/wp-content/plugins/opal-megamenu-for-elementor/assets/js/frontend.js

Script Paths

assets/js/editor.jsassets/js/admin.jsassets/js/libs/jquery.smartmenus.min.jsassets/js/frontend.js

Version Parameters

/opal-megamenu-for-elementor/assets/css/admin.css?ver=/opal-megamenu-for-elementor/assets/css/frontend.css?ver=/opal-megamenu-for-elementor/assets/js/editor.js?ver=/opal-megamenu-for-elementor/assets/js/admin.js?ver=/opal-megamenu-for-elementor/assets/js/libs/jquery.smartmenus.min.js?ver=/opal-megamenu-for-elementor/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

opal-megamenu-frontend

Data Attributes

opal-menu-editable

JS Globals

osf_memgamnu_params

FAQ