Does Side Menu Lite – Sticky Floating Side Menu have any unpatched vulnerabilities?

No. All known vulnerabilities in Side Menu Lite – Sticky Floating Side Menu have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Side Menu Lite – Sticky Floating Side Menu compatible with WordPress 6.9.4?

According to WordPress.org data, Side Menu Lite – Sticky Floating Side Menu 5.5.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Side Menu Lite – Sticky Floating Side Menu compatible with PHP 7.4+?

Side Menu Lite – Sticky Floating Side Menu requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Side Menu Lite – Sticky Floating Side Menu updated?

Side Menu Lite – Sticky Floating Side Menu was last updated on Mar 10, 2026. Frequent updates are generally a positive security signal.

What is Side Menu Lite – Sticky Floating Side Menu's security score?

Side Menu Lite – Sticky Floating Side Menu has a WP-Safety security score of 95/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Side Menu Lite – Sticky Floating Side Menu Security & Risk Analysis

wordpress.org/plugins/side-menu-lite

Create a sticky vertical sidebar menu that enhances navigation and highlights important links on your website.

7K active installs v5.5.2 PHP 7.4+ WP 4.3+ Updated Mar 10, 2026

fixed-menufloating-buttonfloating-menunav-menusidebar-menu

A · Safe

CVEs total5

Unpatched0

Last CVEJan 24, 2025

Plugin page Download

Safety Verdict

Is Side Menu Lite – Sticky Floating Side Menu Safe to Use in 2026?

Generally Safe

Score 95/100

Side Menu Lite – Sticky Floating Side Menu has a strong security track record. Known vulnerabilities have been patched promptly.

5 known CVEsLast CVE: Jan 24, 2025Updated 24d ago

Risk Assessment

The side-menu-lite plugin version 5.5.2 exhibits a mixed security posture. On one hand, the static analysis reveals a strong adherence to good security practices in several areas. The absence of dangerous functions, file operations, and external HTTP requests is a positive sign. Furthermore, the high percentage of SQL queries using prepared statements (77%) and the proper escaping of a vast majority of outputs (97%) indicate a diligent effort to prevent common vulnerabilities like SQL injection and Cross-Site Scripting (XSS). The presence of nonce and capability checks, though limited in number, also suggests an awareness of authorization mechanisms.

However, the analysis does highlight significant areas of concern. The taint analysis reveals 10 flows with unsanitized paths, with 3 classified as high severity. This is a critical red flag, as unsanitized paths often lead to various injection vulnerabilities if they are processed without proper validation and sanitization. Despite the overall good practices, these high-severity taint flows represent a direct and immediate risk to the application. The plugin's history of 5 known CVEs, including 2 high-severity ones, further amplifies these concerns. Although no CVEs are currently unpatched, the recurring nature of high-severity vulnerabilities, particularly Cross-Site Request Forgery (CSRF) and SQL Injection, suggests a pattern of insecure coding practices that have been exploited in the past and could be exploitable again if not thoroughly addressed.

In conclusion, while side-menu-lite version 5.5.2 demonstrates some strengths in secure coding, particularly in output escaping and prepared statements, the presence of high-severity unsanitized paths in the taint analysis and a history of significant vulnerabilities, including SQL injection, points to a moderate to high-risk profile. The lack of a large attack surface is positive, but the identified taint flows and historical vulnerability patterns warrant careful investigation and remediation.

Key Concerns

High severity taint flows with unsanitized paths
History of 2 high severity CVEs
History of 3 medium severity CVEs
Low percentage of prepared statements for SQL queries
Limited nonce checks
Limited capability checks

Vulnerabilities

Side Menu Lite – Sticky Floating Side Menu Security Vulnerabilities

CVEs by Year

2 CVEs in 2021

2021

1 CVE in 2023

2023

1 CVE in 2024

2024

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

High

Medium

5 total CVEs

CVE-2025-24724medium · 4.3Cross-Site Request Forgery (CSRF)

Side Menu Lite <= 5.3.1 - Cross-Site Request Forgery to Settings Update

Jan 24, 2025 Patched in 5.3.2 (5d)

CVE-2024-3476medium · 4.3Cross-Site Request Forgery (CSRF)

Side Menu Lite – add sticky fixed buttons <= 4.2 - Cross-Site Request Forgery

Apr 11, 2024 Patched in 4.2.1 (27d)

CVE-2023-27418medium · 4.3Cross-Site Request Forgery (CSRF)

Side Menu Lite <= 4.0 - Cross-Site Request Forgery to Item Deletion

Mar 8, 2023 Patched in 4.0.1 (321d)

CVE-2021-24580high · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Side Menu Lite - add sticky fixed buttons < 2.2.6 - SQL Injection

Jul 27, 2021 Patched in 2.2.6 (910d)

CVE-2021-24521high · 7.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Side Menu Lite <= 2.2 - SQL Injection

Jun 28, 2021 Patched in 2.2.1 (939d)

Code Analysis

Analyzed Mar 16, 2026

Side Menu Lite – Sticky Floating Side Menu Code Analysis

Dangerous Functions

Raw SQL Queries

20 prepared

Unescaped Output

287 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

77% prepared26 total queries

Output Escaping

97% escaped295 total outputs

Data Flows

10 unsanitized

Data Flow Analysis

10 flows10 with unsanitized paths

menu (classes\Admin\Dashboard.php:153)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Side Menu Lite – Sticky Floating Side Menu Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 11

actionadmin_initclasses\Admin\AdminActions.php:12

actionadmin_noticesclasses\Admin\AdminNotices.php:13

filterplugin_action_linksclasses\Admin\Dashboard.php:25

filteradmin_footer_textclasses\Admin\Dashboard.php:26

actionadmin_enqueue_scriptsclasses\Admin\Dashboard.php:27

actionadmin_menuclasses\Admin\Dashboard.php:28

actionadmin_menuincludes\class-wow-company.php:22

actionadmin_enqueue_scriptsincludes\class-wow-company.php:23

actionwp_enqueue_scriptspublic\class-wowp-public.php:35

actionwp_footerpublic\class-wowp-public.php:36

actionplugins_loadedside-menu-lite.php:70

Maintenance & Trust

Side Menu Lite – Sticky Floating Side Menu Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 10, 2026

PHP min version7.4

Downloads145K

Community Trust

Rating78/100

Number of ratings11

Active installs7K

Alternatives

Side Menu Lite – Sticky Floating Side Menu Alternatives

Simple Floating Menu

simple-floating-menu

100

Simple Floating Menu add a simple floating button with various layouts and settings.

10K No CVEs

Button Generator – Easily Create Custom Buttons with Icons and Analytics

button-generation

Design and display custom buttons anywhere on your site. Add floating or inline buttons with icons, advanced targeting, and built-in analytics.

5K 8 CVEs

Floating Button – Easily Create Sticky, Fixed & Floating Buttons

floating-button

100

Floating Buttons let you easily create sticky, fixed, and floating action buttons

5K 1 CVE

Easy Sidebar Menu Widget

easy-sidebar-menu-widget

Add WordPress Dropdown Menu Widget easily! Upgrade your sidebar menus to responsive dropdown widget now!

3K No CVEs

Bubble Menu – Floating Button Menu with Sticky Navigation

bubble-menu

Create interactive floating bubble menus to enhance site navigation and boost user engagement effortlessly.

1K 3 CVEs

Developer Profile

Side Menu Lite – Sticky Floating Side Menu Developer Profile

Wow-Company

25 plugins · 98K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

236 days

View full developer profile

Detection Fingerprints

How We Detect Side Menu Lite – Sticky Floating Side Menu

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/side-menu-lite/assets/css/style.css/wp-content/plugins/side-menu-lite/assets/js/script.js/wp-content/plugins/side-menu-lite/admin/assets/css/style.css/wp-content/plugins/side-menu-lite/admin/assets/js/script.js

Script Paths

/wp-content/plugins/side-menu-lite/assets/js/script.js/wp-content/plugins/side-menu-lite/admin/assets/js/script.js

Version Parameters

side-menu-lite/assets/css/style.css?ver=side-menu-lite/assets/js/script.js?ver=side-menu-lite/admin/assets/css/style.css?ver=side-menu-lite/admin/assets/js/script.js?ver=

HTML / DOM Fingerprints

CSS Classes

side-menu-litewow-company-side-menu-lite

Data Attributes

data-wow-side-menu-lite

JS Globals

WOWP_PluginSideMenuLite

Shortcode Output

[Side-Menu

FAQ