WP-Safety

Easy Mega Menu for WordPress – ThemeHunk Security & Risk Analysis

wordpress.org/plugins/themehunk-megamenu-plus

Free, fast, and user-friendly mega menu plugin for WordPress & WooCommerce. Add pages, posts, widgets, products, text, and custom links effortlessly.

2K active installs v1.2.1 PHP + WP 5.5+ Updated Apr 2, 2026
mega-menumegamenumobile-menuresponsive-menuwoocommerce-menu
97
A · Safe
CVEs total3
Unpatched0
Last CVEJun 5, 2025
Plugin page Download
Safety Verdict

Is Easy Mega Menu for WordPress – ThemeHunk Safe to Use in 2026?

Generally Safe

Score 97/100

Easy Mega Menu for WordPress – ThemeHunk has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

3 known CVEsLast CVE: Jun 5, 2025Updated 1mo ago
Risk Assessment

The "themehunk-megamenu-plus" plugin v1.1.2 exhibits a mixed security posture. On the positive side, the code demonstrates strong practices in handling SQL queries with prepared statements and a high percentage of properly escaped output, suggesting a good understanding of common web vulnerabilities. The absence of dangerous functions, file operations, and external HTTP requests is also commendable.

However, significant concerns arise from the attack surface. With 16 AJAX handlers, 5 of which lack authentication checks, there's a clear pathway for unauthorized actions. This is further underscored by 5 taint flows with unsanitized paths, indicating potential vulnerabilities if these unchecked AJAX handlers are exploited. The plugin's vulnerability history, with 3 known medium-severity CVEs and one currently unpatched, is a substantial red flag. The common types of vulnerabilities (Missing Authorization, Cross-site Scripting) directly align with the static analysis findings, suggesting a recurring pattern of security weaknesses.

In conclusion, while the plugin employs some good security practices, the substantial number of unprotected AJAX handlers and the existing, unpatched vulnerability create a notable risk. The recurring nature of the disclosed vulnerability types suggests that these issues may not be adequately addressed, necessitating caution for users.

Key Concerns

  • 5 AJAX handlers without auth checks
  • 1 unpatched medium severity CVE
  • 5 flows with unsanitized paths
  • Recurring vulnerability types (Missing Auth, XSS)
Vulnerabilities
3 published

Easy Mega Menu for WordPress – ThemeHunk Security Vulnerabilities

CVEs by Year

2 CVEs in 2024
2024
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
3

3 total CVEs

CVE-2025-30990medium · 4.3Missing Authorization

ThemeHunk <= 1.2.0 - Missing Authorization

Jun 5, 2025 Patched in 1.2.1 (315d)
CVE-2024-8433medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Easy Mega Menu Plugin for WordPress – ThemeHunk <= 1.1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting

Oct 7, 2024 Patched in 1.1.1 (1d)
CVE-2024-8434medium · 4.3Missing Authorization

Easy Mega Menu Plugin for WordPress – ThemeHunk <= 1.0.9 - Missing Authorization to Authenticated (Subscriber+) Settings Updates

Sep 24, 2024 Patched in 1.1.0 (1d)
Version History

Easy Mega Menu for WordPress – ThemeHunk Release Timeline

v1.2.1Current
v1.2.01 CVE
CVE-2025-30990
v1.1.21 CVE
CVE-2025-30990
v1.1.11 CVE
CVE-2025-30990
v1.1.02 CVEs
CVE-2025-30990 CVE-2024-8433
v1.0.83 CVEs
CVE-2025-30990 CVE-2024-8434 CVE-2024-8433
v1.0.73 CVEs
CVE-2025-30990 CVE-2024-8434 CVE-2024-8433
Code Analysis
Analyzed Mar 16, 2026

Easy Mega Menu for WordPress – ThemeHunk Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
19
343 escaped
Nonce Checks
13
Capability Checks
12
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

95% escaped362 total outputs
Data Flows · Security
5 unsanitized

Data Flow Analysis

7 flows5 with unsanitized paths
<megamenu-nav-menu-metadata> (inc\megamenu-nav-menu-metadata.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
5 unprotected

Easy Mega Menu for WordPress – ThemeHunk Attack Surface

Entry Points17
Unprotected5

AJAX Handlers 16

authwp_ajax_themehunk_megamenu_item_enable_megamenuinc\megamenu-base.php:35
authwp_ajax_themehunk_megamenu_item_settings_loadinc\megamenu-base.php:36
authwp_ajax_themehunk_megamenu_save_layoutinc\megamenu-base.php:37
authwp_ajax_themehunk_megamenu_save_builder_optionsinc\megamenu-base.php:39
authwp_ajax_themehunk_megamenu_update_megamenu_iconinc\megamenu-base.php:40
authwp_ajax_themehunk_megamenu_nav_menu_saveinc\megamenu-nav-menu-settings.php:9
authwp_ajax_themehunk_megamenu_save_settinginc\megamenu-setting.php:38
authwp_ajax_themehunk_megamenu_reorder_itemsinc\megamenu-widgets.php:14
authwp_ajax_themehunk_megamenu_save_widgetinc\megamenu-widgets.php:15
authwp_ajax_themehunk_megamenu_drag_to_add_widget_iteminc\megamenu-widgets.php:16
authwp_ajax_themehunk_megamenu_delete_rowinc\megamenu-widgets.php:18
authwp_ajax_themehunk_megamenu_delete_columninc\megamenu-widgets.php:19
authwp_ajax_themehunk_megamenu_delete_widgetinc\megamenu-widgets.php:20
authwp_ajax_themehunk_megamenu_reorder_rowinc\megamenu-widgets.php:21
authwp_ajax_themehunk_megamenu_reorder_colinc\megamenu-widgets.php:22
authwp_ajax_themehunk_megamenu_add_grid_row_columninc\megamenu-widgets.php:23

Shortcodes 1

[themehunk_megamenu_test_shortcode] inc\megamenu-functions.php:111
WordPress Hooks 24
actionadmin_print_scripts-nav-menus.phpinc\megamenu-base.php:30
filterbody_classinc\megamenu-base.php:31
actionadmin_print_footer_scripts-nav-menus.phpinc\megamenu-base.php:32
actionwp_enqueue_scriptsinc\megamenu-base.php:33
actionadmin_enqueue_scriptsinc\megamenu-base.php:34
filterwp_nav_menu_objectsinc\megamenu-base.php:38
filterwp_nav_menu_argsinc\megamenu-class.php:12
filterthemehunk_megamenu_nav_menu_css_classinc\megamenu-class.php:13
actionadmin_footerinc\megamenu-class.php:14
filterwp_nav_menuinc\megamenu-class.php:15
actionload-nav-menus.phpinc\megamenu-nav-menu-settings.php:8
actionadmin_post_themehunk_megamenu_save_settinginc\megamenu-setting.php:39
actionadmin_post_themehunk_megamenu_reset_themeinc\megamenu-setting.php:40
actionthemehunk_megamenu_page_general_settingsinc\megamenu-setting.php:41
actionadmin_menuinc\megamenu-setting.php:42
actionadmin_enqueue_scriptsinc\megamenu-setting.php:43
actionwp_headinc\megamenu-style.php:23
actioninitinc\megamenu-widgets.php:13
filterthemehunk_megamenu_toggle_bar_contentinc\toggle-themehunk-megamenu.php:36
actionthemehunk_megamenu_output_public_toggle_block_menu_toggleinc\toggle-themehunk-megamenu.php:37
actionadmin_initnotify\notify.php:14
actionadmin_noticesnotify\notify.php:19
actionadmin_enqueue_scriptsnotify\notify.php:20
actionadmin_noticesnotify\notify.php:25
Maintenance & Trust

Easy Mega Menu for WordPress – ThemeHunk Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 2, 2026
PHP min version
Downloads125K

Community Trust

Rating20/100
Number of ratings1
Active installs2K
Alternatives

Easy Mega Menu for WordPress – ThemeHunk Alternatives

QuadMenu – Mega Menu

QuadMenu – Mega Menu

quadmenu

A
96

Responsive mega menu plugin for WordPress with customizable layouts and an intuitive drag-and-drop builder.

10K 2 CVEs
Max Mega Menu

Max Mega Menu

megamenu

A
99

An easy to use mega menu plugin. Written the WordPress way.

300K 2 CVEs
WP Mega Menu

WP Mega Menu

wp-megamenu

C
61

WordPress Mega Menu is a responsive, highly customizable drag and drop menu builder plugin. Download free WordPress megamenu plugin.

9K 1 unpatched
QuadMenu Importer for Max Mega Menu

QuadMenu Importer for Max Mega Menu

quadmenu-megamenu

A
85

Import menus created with Max Mega Menu to QuadMenu.

10 No CVEs
WP Mobile Menu – The Mobile-Friendly Responsive Menu

WP Mobile Menu – The Mobile-Friendly Responsive Menu

mobile-menu

A
96

Need some help with the mobile website experience? Need an Mobile Menu plugin that keep your mobile visitors engaged?

80K 4 CVEs
Developer Profile

Easy Mega Menu for WordPress – ThemeHunk Developer Profile

ThemeHunk

49 plugins · 64K total installs

76
trust score
Avg Security Score
95/100
Avg Patch Time
188 days
View full developer profile
Detection Fingerprints

How We Detect Easy Mega Menu for WordPress – ThemeHunk

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/themehunk-megamenu-plus/assets/css/megamenu.css/wp-content/plugins/themehunk-megamenu-plus/lib/font-awesome-4.7.0/css/font-awesome.min.css/wp-content/plugins/themehunk-megamenu-plus/assets/js/megamenu.js/wp-content/plugins/themehunk-megamenu-plus/assets/css/megamenu-admin.css/wp-content/plugins/themehunk-megamenu-plus/lib/wpcolorpicker-alpha.js/wp-content/plugins/themehunk-megamenu-plus/assets/js/megamenu-admin.js
Script Paths
/wp-content/plugins/themehunk-megamenu-plus/assets/js/megamenu.js/wp-content/plugins/themehunk-megamenu-plus/assets/js/megamenu-admin.js
Version Parameters
/wp-content/plugins/themehunk-megamenu-plus/assets/css/megamenu.css?ver=/wp-content/plugins/themehunk-megamenu-plus/lib/font-awesome-4.7.0/css/font-awesome.min.css?ver=4.7.0/wp-content/plugins/themehunk-megamenu-plus/assets/js/megamenu.js?ver=/wp-content/plugins/themehunk-megamenu-plus/assets/css/megamenu-admin.css?ver=/wp-content/plugins/themehunk-megamenu-plus/lib/wpcolorpicker-alpha.js?ver=1.2.2/wp-content/plugins/themehunk-megamenu-plus/assets/js/megamenu-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
themehunk-megamenu-menuthemehunk-megamenu-menu-
Data Attributes
themehunk_megamenu_item_megamenu_statusthemehunk_megamenu_item_settings_loadthemehunk_megamenu_save_layoutthemehunk_megamenu_save_builder_optionsthemehunk_megamenu_update_megamenu_icon
JS Globals
megamenuthemehunk_megamenu_obj
FAQ

Frequently Asked Questions about Easy Mega Menu for WordPress – ThemeHunk