WP-Safety

Easy Mega Menu Plugin for WordPress – ThemeHunk Security & Risk Analysis

wordpress.org/plugins/themehunk-megamenu-plus

Free, fast, and user-friendly mega menu plugin for WordPress & WooCommerce. Add pages, posts, widgets, products, text, and custom links effortlessly.

2K active installs v1.1.2 PHP + WP 5.5+ Updated Jun 25, 2025
mega-menumegamenumobile-menuresponsive-menuwoocommerce-menu
75
B · Generally Safe
CVEs total3
Unpatched1
Last CVEJun 5, 2025
Plugin page Download
Safety Verdict

Is Easy Mega Menu Plugin for WordPress – ThemeHunk Safe to Use in 2026?

Mostly Safe

Score 75/100

Easy Mega Menu Plugin for WordPress – ThemeHunk is generally safe to use. 3 past CVEs were resolved. Keep it updated.

3 known CVEs 1 unpatched Last CVE: Jun 5, 2025Updated 9mo ago
Risk Assessment

The "themehunk-megamenu-plus" plugin v1.1.2 exhibits a mixed security posture. On the positive side, the code demonstrates strong practices in handling SQL queries with prepared statements and a high percentage of properly escaped output, suggesting a good understanding of common web vulnerabilities. The absence of dangerous functions, file operations, and external HTTP requests is also commendable.

However, significant concerns arise from the attack surface. With 16 AJAX handlers, 5 of which lack authentication checks, there's a clear pathway for unauthorized actions. This is further underscored by 5 taint flows with unsanitized paths, indicating potential vulnerabilities if these unchecked AJAX handlers are exploited. The plugin's vulnerability history, with 3 known medium-severity CVEs and one currently unpatched, is a substantial red flag. The common types of vulnerabilities (Missing Authorization, Cross-site Scripting) directly align with the static analysis findings, suggesting a recurring pattern of security weaknesses.

In conclusion, while the plugin employs some good security practices, the substantial number of unprotected AJAX handlers and the existing, unpatched vulnerability create a notable risk. The recurring nature of the disclosed vulnerability types suggests that these issues may not be adequately addressed, necessitating caution for users.

Key Concerns

  • 5 AJAX handlers without auth checks
  • 1 unpatched medium severity CVE
  • 5 flows with unsanitized paths
  • Recurring vulnerability types (Missing Auth, XSS)
Vulnerabilities
3

Easy Mega Menu Plugin for WordPress – ThemeHunk Security Vulnerabilities

CVEs by Year

2 CVEs in 2024
2024
1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
3

3 total CVEs

CVE-2025-30990medium · 4.3Missing Authorization

ThemeHunk <= 1.1.1 - Missing Authorization

Jun 5, 2025Unpatched
CVE-2024-8433medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Easy Mega Menu Plugin for WordPress – ThemeHunk <= 1.1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting

Oct 7, 2024 Patched in 1.1.1 (1d)
CVE-2024-8434medium · 4.3Missing Authorization

Easy Mega Menu Plugin for WordPress – ThemeHunk <= 1.0.9 - Missing Authorization to Authenticated (Subscriber+) Settings Updates

Sep 24, 2024 Patched in 1.1.0 (1d)
Code Analysis
Analyzed Mar 16, 2026

Easy Mega Menu Plugin for WordPress – ThemeHunk Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
19
343 escaped
Nonce Checks
13
Capability Checks
12
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

95% escaped362 total outputs
Data Flows
5 unsanitized

Data Flow Analysis

7 flows5 with unsanitized paths
<megamenu-nav-menu-metadata> (inc\megamenu-nav-menu-metadata.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
5 unprotected

Easy Mega Menu Plugin for WordPress – ThemeHunk Attack Surface

Entry Points17
Unprotected5

AJAX Handlers 16

authwp_ajax_themehunk_megamenu_item_enable_megamenuinc\megamenu-base.php:35
authwp_ajax_themehunk_megamenu_item_settings_loadinc\megamenu-base.php:36
authwp_ajax_themehunk_megamenu_save_layoutinc\megamenu-base.php:37
authwp_ajax_themehunk_megamenu_save_builder_optionsinc\megamenu-base.php:39
authwp_ajax_themehunk_megamenu_update_megamenu_iconinc\megamenu-base.php:40
authwp_ajax_themehunk_megamenu_nav_menu_saveinc\megamenu-nav-menu-settings.php:9
authwp_ajax_themehunk_megamenu_save_settinginc\megamenu-setting.php:38
authwp_ajax_themehunk_megamenu_reorder_itemsinc\megamenu-widgets.php:14
authwp_ajax_themehunk_megamenu_save_widgetinc\megamenu-widgets.php:15
authwp_ajax_themehunk_megamenu_drag_to_add_widget_iteminc\megamenu-widgets.php:16
authwp_ajax_themehunk_megamenu_delete_rowinc\megamenu-widgets.php:18
authwp_ajax_themehunk_megamenu_delete_columninc\megamenu-widgets.php:19
authwp_ajax_themehunk_megamenu_delete_widgetinc\megamenu-widgets.php:20
authwp_ajax_themehunk_megamenu_reorder_rowinc\megamenu-widgets.php:21
authwp_ajax_themehunk_megamenu_reorder_colinc\megamenu-widgets.php:22
authwp_ajax_themehunk_megamenu_add_grid_row_columninc\megamenu-widgets.php:23

Shortcodes 1

[themehunk_megamenu_test_shortcode] inc\megamenu-functions.php:111
WordPress Hooks 24
actionadmin_print_scripts-nav-menus.phpinc\megamenu-base.php:30
filterbody_classinc\megamenu-base.php:31
actionadmin_print_footer_scripts-nav-menus.phpinc\megamenu-base.php:32
actionwp_enqueue_scriptsinc\megamenu-base.php:33
actionadmin_enqueue_scriptsinc\megamenu-base.php:34
filterwp_nav_menu_objectsinc\megamenu-base.php:38
filterwp_nav_menu_argsinc\megamenu-class.php:12
filterthemehunk_megamenu_nav_menu_css_classinc\megamenu-class.php:13
actionadmin_footerinc\megamenu-class.php:14
filterwp_nav_menuinc\megamenu-class.php:15
actionload-nav-menus.phpinc\megamenu-nav-menu-settings.php:8
actionadmin_post_themehunk_megamenu_save_settinginc\megamenu-setting.php:39
actionadmin_post_themehunk_megamenu_reset_themeinc\megamenu-setting.php:40
actionthemehunk_megamenu_page_general_settingsinc\megamenu-setting.php:41
actionadmin_menuinc\megamenu-setting.php:42
actionadmin_enqueue_scriptsinc\megamenu-setting.php:43
actionwp_headinc\megamenu-style.php:23
actioninitinc\megamenu-widgets.php:13
filterthemehunk_megamenu_toggle_bar_contentinc\toggle-themehunk-megamenu.php:36
actionthemehunk_megamenu_output_public_toggle_block_menu_toggleinc\toggle-themehunk-megamenu.php:37
actionadmin_initnotify\notify.php:14
actionadmin_noticesnotify\notify.php:19
actionadmin_enqueue_scriptsnotify\notify.php:20
actionadmin_noticesnotify\notify.php:25
Maintenance & Trust

Easy Mega Menu Plugin for WordPress – ThemeHunk Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJun 25, 2025
PHP min version
Downloads122K

Community Trust

Rating0/100
Number of ratings0
Active installs2K
Alternatives

Easy Mega Menu Plugin for WordPress – ThemeHunk Alternatives

QuadMenu – Mega Menu

QuadMenu – Mega Menu

quadmenu

A
94

Responsive mega menu plugin for WordPress with customizable layouts and an intuitive drag-and-drop builder.

10K 2 CVEs
Max Mega Menu

Max Mega Menu

megamenu

A
99

An easy to use mega menu plugin. Written the WordPress way.

300K 2 CVEs
WP Mega Menu

WP Mega Menu

wp-megamenu

C
61

WordPress Mega Menu is a responsive, highly customizable drag and drop menu builder plugin. Download free WordPress megamenu plugin.

9K 1 unpatched
WP Mobile Menu – The Mobile-Friendly Responsive Menu

WP Mobile Menu – The Mobile-Friendly Responsive Menu

mobile-menu

A
96

Need some help with the mobile website experience? Need an Mobile Menu plugin that keep your mobile visitors engaged?

80K 4 CVEs
WP Menu Icons

WP Menu Icons

wp-menu-icons

A
100

WP Menu Icons allows you to add icons to your WordPress menu items.

20K No CVEs
Developer Profile

Easy Mega Menu Plugin for WordPress – ThemeHunk Developer Profile

ThemeHunk

48 plugins · 66K total installs

75
trust score
Avg Security Score
94/100
Avg Patch Time
189 days
View full developer profile
Detection Fingerprints

How We Detect Easy Mega Menu Plugin for WordPress – ThemeHunk

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/themehunk-megamenu-plus/assets/css/megamenu.css/wp-content/plugins/themehunk-megamenu-plus/lib/font-awesome-4.7.0/css/font-awesome.min.css/wp-content/plugins/themehunk-megamenu-plus/assets/js/megamenu.js/wp-content/plugins/themehunk-megamenu-plus/assets/css/megamenu-admin.css/wp-content/plugins/themehunk-megamenu-plus/lib/wpcolorpicker-alpha.js/wp-content/plugins/themehunk-megamenu-plus/assets/js/megamenu-admin.js
Script Paths
/wp-content/plugins/themehunk-megamenu-plus/assets/js/megamenu.js/wp-content/plugins/themehunk-megamenu-plus/assets/js/megamenu-admin.js
Version Parameters
/wp-content/plugins/themehunk-megamenu-plus/assets/css/megamenu.css?ver=/wp-content/plugins/themehunk-megamenu-plus/lib/font-awesome-4.7.0/css/font-awesome.min.css?ver=4.7.0/wp-content/plugins/themehunk-megamenu-plus/assets/js/megamenu.js?ver=/wp-content/plugins/themehunk-megamenu-plus/assets/css/megamenu-admin.css?ver=/wp-content/plugins/themehunk-megamenu-plus/lib/wpcolorpicker-alpha.js?ver=1.2.2/wp-content/plugins/themehunk-megamenu-plus/assets/js/megamenu-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
themehunk-megamenu-menuthemehunk-megamenu-menu-
Data Attributes
themehunk_megamenu_item_megamenu_statusthemehunk_megamenu_item_settings_loadthemehunk_megamenu_save_layoutthemehunk_megamenu_save_builder_optionsthemehunk_megamenu_update_megamenu_icon
JS Globals
megamenuthemehunk_megamenu_obj
FAQ

Frequently Asked Questions about Easy Mega Menu Plugin for WordPress – ThemeHunk