WP-Safety

Responsive Menu – Create Mobile-Friendly Menu Security & Risk Analysis

wordpress.org/plugins/responsive-menu

Highly customisable Responsive Menu plugin with 150+ options. No coding knowledge needed to design it exactly as you want.

80K active installs v4.7.1 PHP 5.6+ WP 3.6+ Updated Mar 2, 2026
hamburgermega-menumobilenavigationresponsive
97
A · Safe
CVEs total5
Unpatched0
Last CVEMar 16, 2022
Plugin page Download
Safety Verdict

Is Responsive Menu – Create Mobile-Friendly Menu Safe to Use in 2026?

Generally Safe

Score 97/100

Responsive Menu – Create Mobile-Friendly Menu has a strong security track record. Known vulnerabilities have been patched promptly.

5 known CVEsLast CVE: Mar 16, 2022Updated 1mo ago
Risk Assessment

The 'responsive-menu' plugin v4.7.1 presents a mixed security posture. On the positive side, it demonstrates good practices with a high percentage of prepared SQL statements and properly escaped output. The absence of dangerous functions and critical/high severity taint flows is also encouraging. However, significant concerns exist due to its vulnerability history. With 5 known CVEs, including 4 high severity ones, the plugin has a history of serious security flaws, with the most recent being in March 2022. This indicates a past pattern of vulnerabilities like Missing Authorization, CSRF, and Unrestricted Uploads, which require vigilant monitoring. The static analysis reveals one AJAX handler without authentication checks, creating a potential entry point for unauthorized actions if exploited in conjunction with other weaknesses. While the current version has no unpatched CVEs, the historical pattern and the presence of an unprotected AJAX handler warrant caution. Overall, while the code itself shows some solid security implementations, the plugin's past issues and the identified unprotected entry point suggest a need for continued vigilance and potential updates.

Key Concerns

  • 1 AJAX handler without auth checks
  • Total known CVEs: 5 (4 high, 1 medium)
Vulnerabilities
5

Responsive Menu – Create Mobile-Friendly Menu Security Vulnerabilities

CVEs by Year

1 CVE in 2020
2020
3 CVEs in 2021
2021
1 CVE in 2022
2022
Patched Has unpatched

Severity Breakdown

High
4
Medium
1

5 total CVEs

CVE-2022-25602medium · 6.3Missing Authorization

Responsive Menu <= 4.1.7 - Missing Authorization Checks

Mar 16, 2022 Patched in 4.1.8 (677d)
CVE-2021-24162high · 8.8Cross-Site Request Forgery (CSRF)

Responsive Menu <= 4.0.3 - Cross-Site Request Forgery to Setting Modification

Feb 10, 2021 Patched in 4.0.4 (1077d)
CVE-2021-24161high · 8.8Cross-Site Request Forgery (CSRF)

Responsive Menu <= 4.0.3 - Cross-Site Request Forgery to Arbitrary File Upload

Feb 10, 2021 Patched in 4.0.4 (1077d)
CVE-2021-24160high · 8.8Unrestricted Upload of File with Dangerous Type

Responsive Menu 4.0 - 4.0.3 - Authenticated Arbitrary File Upload

Feb 10, 2021 Patched in 4.0.4 (1077d)
CVE-2017-18513high · 8.8Cross-Site Request Forgery (CSRF)

Responsive Menu <= 3.1.3 - Cross-Site Request Forgery

Jul 12, 2020 Patched in 3.1.4 (1290d)
Code Analysis
Analyzed Mar 16, 2026

Responsive Menu – Create Mobile-Friendly Menu Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
7 prepared
Unescaped Output
36
688 escaped
Nonce Checks
14
Capability Checks
18
File Operations
2
External Requests
1
Bundled Libraries
0

SQL Query Safety

88% prepared8 total queries

Output Escaping

95% escaped724 total outputs
Data Flows
All sanitized

Data Flow Analysis

1 flows
<class-theme-manager> (v4.0.0\inc\classes\class-theme-manager.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Responsive Menu – Create Mobile-Friendly Menu Attack Surface

Entry Points16
Unprotected1

AJAX Handlers 14

authwp_ajax_rmp_save_global_settingsv4.0.0\inc\classes\class-admin.php:53
authwp_ajax_rmp_create_new_menuv4.0.0\inc\classes\class-admin.php:54
authwp_ajax_rmp_export_menuv4.0.0\inc\classes\class-admin.php:55
authwp_ajax_rmp_import_menuv4.0.0\inc\classes\class-admin.php:56
authwp_ajax_rmp_save_menu_actionv4.0.0\inc\classes\class-editor-manager.php:44
authwp_ajax_rmp_mega_menu_item_enablev4.0.0\inc\classes\class-editor-manager.php:45
authwp_ajax_rmp_save_mega_menu_itemv4.0.0\inc\classes\class-editor-manager.php:46
authwp_ajax_rmp_upgrade_admin_notice_dismissv4.0.0\inc\classes\class-plugin.php:58
authwp_ajax_rmp_enable_menu_itemv4.0.0\inc\classes\class-preview.php:44
authwp_ajax_rmp_save_themev4.0.0\inc\classes\class-theme-manager.php:60
authwp_ajax_rmp_menu_theme_uploadv4.0.0\inc\classes\class-theme-manager.php:62
authwp_ajax_rmp_theme_deletev4.0.0\inc\classes\class-theme-manager.php:63
authwp_ajax_rmp_theme_applyv4.0.0\inc\classes\class-theme-manager.php:64
authwp_ajax_rmp_call_theme_apiv4.0.0\inc\classes\class-theme-manager.php:65

Shortcodes 2

[rmp_menu] v4.0.0\inc\classes\class-admin.php:58
[responsive_menu] v4.0.0\inc\classes\class-admin.php:59
WordPress Hooks 52
actionadmin_initresponsive-menu.php:24
actionadmin_noticesresponsive-menu.php:27
actionadmin_initreview-banner-class.php:35
actionadmin_noticesreview-banner-class.php:49
actioninitv4.0.0\inc\classes\class-admin.php:60
filterpost_row_actionsv4.0.0\inc\classes\class-admin.php:62
filterget_edit_post_linkv4.0.0\inc\classes\class-admin.php:63
filtermanage_rmp_menu_posts_columnsv4.0.0\inc\classes\class-admin.php:65
actionmanage_rmp_menu_posts_custom_columnv4.0.0\inc\classes\class-admin.php:66
actionadmin_footerv4.0.0\inc\classes\class-admin.php:67
actionadmin_menuv4.0.0\inc\classes\class-admin.php:68
actionadmin_menuv4.0.0\inc\classes\class-admin.php:69
actionrmp_create_new_menuv4.0.0\inc\classes\class-admin.php:70
actionadmin_enqueue_scriptsv4.0.0\inc\classes\class-assets.php:41
actionadmin_enqueue_scriptsv4.0.0\inc\classes\class-assets.php:42
actionadmin_enqueue_scriptsv4.0.0\inc\classes\class-assets.php:43
filtershow_admin_barv4.0.0\inc\classes\class-editor-manager.php:50
actionadmin_headv4.0.0\inc\classes\class-editor.php:43
actionplugins_loadedv4.0.0\inc\classes\class-plugin.php:47
actionadmin_noticesv4.0.0\inc\classes\class-plugin.php:48
actionadmin_noticesv4.0.0\inc\classes\class-plugin.php:55
actionadmin_noticesv4.0.0\inc\classes\class-plugin.php:59
actionwp_body_openv4.0.0\inc\classes\class-plugin.php:63
actionwp_footerv4.0.0\inc\classes\class-plugin.php:65
actionrmp_after_cpt_registeredv4.0.0\inc\classes\class-rmp-migration.php:63
actionwp_enqueue_scriptsv4.0.0\inc\classes\class-style-manager.php:59
actionwp_enqueue_scriptsv4.0.0\inc\classes\class-style-manager.php:60
actionrmp_create_new_menuv4.0.0\inc\classes\class-style-manager.php:61
actionrmp_save_menuv4.0.0\inc\classes\class-style-manager.php:62
actionrmp_update_mega_menu_itemv4.0.0\inc\classes\class-style-manager.php:63
actionrmp_save_global_settingsv4.0.0\inc\classes\class-style-manager.php:64
actionrmp_theme_applyv4.0.0\inc\classes\class-style-manager.php:65
actionrmp_migrate_menu_stylev4.0.0\inc\classes\class-style-manager.php:66
actionrmp_import_menuv4.0.0\inc\classes\class-style-manager.php:67
actionafter_setup_themev4.0.0\inc\classes\class-style-manager.php:68
filtershow_admin_barv4.0.0\inc\classes\class-style-manager.php:72
actionadmin_post_rmp_upload_theme_filev4.0.0\inc\classes\class-theme-manager.php:61
actionplugins_loadedv4.0.0\inc\classes\elementor\class-elementor-manager.php:57
actionelementor/editor/after_enqueue_scriptsv4.0.0\inc\classes\elementor\class-elementor-manager.php:58
actionadmin_noticesv4.0.0\inc\classes\elementor\class-elementor-manager.php:94
actionadmin_noticesv4.0.0\inc\classes\elementor\class-elementor-manager.php:100
actionadmin_noticesv4.0.0\inc\classes\elementor\class-elementor-manager.php:106
actionelementor/widgets/widgets_registeredv4.0.0\inc\classes\elementor\class-elementor-manager.php:110
actionadmin_footerv4.0.0\inc\helpers\custom-functions.php:380
actionwp_nav_menu_item_custom_fieldsv4.0.0\inc\helpers\custom-functions.php:408
actionwp_update_nav_menu_itemv4.0.0\inc\helpers\custom-functions.php:420
filterwp_nav_menu_objectsv4.0.0\inc\helpers\custom-functions.php:442
actionadmin_initv4.0.0\templates\rmp-roadmap.php:22
actionin_admin_footerv4.0.0\templates\rmp-roadmap.php:25
filterget_available_theme_settingsv4.0.0\themes\electric blue theme\electric-blue-theme.php:47
filterget_available_theme_settingsv4.0.0\themes\full-width-theme\full-width-theme.php:47
filterget_available_theme_settingsv4.0.0\themes\simple-red-free\simple-red-theme.php:47
Maintenance & Trust

Responsive Menu – Create Mobile-Friendly Menu Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 2, 2026
PHP min version5.6
Downloads4.5M

Community Trust

Rating90/100
Number of ratings566
Active installs80K
Alternatives

Responsive Menu – Create Mobile-Friendly Menu Alternatives

Max Mega Menu

Max Mega Menu

megamenu

A
99

An easy to use mega menu plugin. Written the WordPress way.

300K 2 CVEs
Better Navigation Block Styles

Better Navigation Block Styles

better-navigation-block-styles

A
100

Enhances the default WordPress mobile hamburger menu with improved spacing and readability using custom CSS.

0 No CVEs
QuadMenu – Mega Menu

QuadMenu – Mega Menu

quadmenu

A
94

Responsive mega menu plugin for WordPress with customizable layouts and an intuitive drag-and-drop builder.

10K 2 CVEs
ShiftNav – Responsive Mobile Menu

ShiftNav – Responsive Mobile Menu

shiftnav-responsive-mobile-menu

A
98

Add a native-style, off-canvas, responsive mobile navigation menu to your site.

10K 2 CVEs
WP Mega Menu

WP Mega Menu

wp-megamenu

C
61

WordPress Mega Menu is a responsive, highly customizable drag and drop menu builder plugin. Download free WordPress megamenu plugin.

9K 1 unpatched
Developer Profile

Responsive Menu – Create Mobile-Friendly Menu Developer Profile

ExpressTech Systems

21 plugins · 122K total installs

75
trust score
Avg Security Score
94/100
Avg Patch Time
560 days
View full developer profile
Detection Fingerprints

How We Detect Responsive Menu – Create Mobile-Friendly Menu

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/responsive-menu/v4.0.0/assets/admin/js/selectize.js/wp-content/plugins/responsive-menu/v4.0.0/assets/admin/scss/selectize.css/wp-content/plugins/responsive-menu/v4.0.0/inc/helpers/autoloader.php/wp-content/plugins/responsive-menu/v4.0.0/inc/helpers/custom-functions.php/wp-content/plugins/responsive-menu/v4.0.0/inc/helpers/default-options.php/wp-content/plugins/responsive-menu/v4.0.0/libs/scssphp/vendor/autoload.php/wp-content/plugins/responsive-menu/v4.0.0/templates/rmp-roadmap.php
Script Paths
v4.0.0/assets/admin/js/selectize.js
Version Parameters
responsive-menu?ver=v4.0.0/assets/admin/js/selectize.js?ver=v4.0.0/assets/admin/scss/selectize.css?ver=rmp_admin_main_styles?ver=

HTML / DOM Fingerprints

CSS Classes
rmp_menuresponsive-menu-license-upgrade-link
Data Attributes
data-editor="rmp_menu"
JS Globals
RMPRMP_PLUGIN_VERSIONRMP_PLUGIN_URL_V4
FAQ

Frequently Asked Questions about Responsive Menu – Create Mobile-Friendly Menu