Does Ultra Menu Remove have any unpatched vulnerabilities?

No. All known vulnerabilities in Ultra Menu Remove have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Ultra Menu Remove compatible with WordPress 4.7.32?

According to WordPress.org data, Ultra Menu Remove 1.0.0 has been tested up to WordPress 4.7.32. Check the plugin's changelog for the latest compatibility information.

How often is Ultra Menu Remove updated?

Ultra Menu Remove was last updated on Jan 27, 2017. Frequent updates are generally a positive security signal.

What is Ultra Menu Remove's security score?

Ultra Menu Remove has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Ultra Menu Remove Security & Risk Analysis

wordpress.org/plugins/ultra-menu-remove

Ultra Menu Remove – It able to remove menu page . It's access to permit who is administator.

10 active installs v1.0.0 PHP + WP 4.7+ Updated Jan 27, 2017

admin-menu-page-removeremove-dashbordremove-menuremove-menu-page

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Ultra Menu Remove Safe to Use in 2026?

Generally Safe

Score 85/100

Ultra Menu Remove has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago

Risk Assessment

The 'ultra-menu-remove' v1.0.0 plugin exhibits a seemingly strong security posture based on the provided static analysis. There are no identified AJAX handlers, REST API routes, shortcodes, or cron events, which significantly limits the plugin's attack surface. Furthermore, the code demonstrates good practices by not using dangerous functions, all SQL queries are prepared, and all output is properly escaped. There are also no file operations or external HTTP requests detected.

However, a notable concern arises from the taint analysis, which reveals two flows with unsanitized paths. While no critical or high severity vulnerabilities were found in these flows, the presence of unsanitized paths suggests a potential for vulnerabilities if user-supplied data is not rigorously validated and sanitized before being used in file operations or other sensitive contexts. The lack of vulnerability history is positive, indicating a lack of past known issues, but this should not be a sole determinant of current safety.

In conclusion, the plugin has a limited attack surface and good implementation practices for SQL and output handling. The primary weakness identified is the presence of unsanitized paths in taint flows, which, though not currently leading to critical issues, represents a latent risk. The absence of known CVEs is a strength, but the taint analysis findings warrant careful consideration and potential further investigation.

Key Concerns

Flows with unsanitized paths

Vulnerabilities

None known

Ultra Menu Remove Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Ultra Menu Remove Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

11 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped11 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

umr_set_value (umpr_remove.php:306)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Ultra Menu Remove Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 4

actionadmin_menuumpr_remove.php:38

actionadmin_initumpr_remove.php:39

actionadmin_initumpr_remove.php:40

actionadmin_menuumpr_remove.php:41

Maintenance & Trust

Ultra Menu Remove Maintenance & Trust

Maintenance Signals

WordPress version tested4.7.32

Last updatedJan 27, 2017

PHP min version

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Ultra Menu Remove Alternatives

Easy remove item menu

easy-remove-item-menu

You can remove items from the menu very easily

6K No CVEs

Remove invalid menu items

remove-invalid-menu-items

100

Remove all the invalid menu items in one click.

900 No CVEs

Customize WP-admin

customize-wp-admin

100

Customize WP-admin lets you easily remove any menu or submenu from the admin sidebar, change the footer at wp-admin, and change the image and link of …

40 No CVEs

Developer Profile

Ultra Menu Remove Developer Profile

Sandip Mondal - a11n

8 plugins · 130 total installs

trust score

Avg Security Score

87/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Ultra Menu Remove

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/ultra-menu-remove/css/umr_bootstrap.css/wp-content/plugins/ultra-menu-remove/css/urm_bootstrap-toggle-style.min.css/wp-content/plugins/ultra-menu-remove/js/umr_bootstrap.min.js/wp-content/plugins/ultra-menu-remove/js/umr_bootstrap-toggle.min.js/wp-content/plugins/ultra-menu-remove/js/umr-setting.js

Script Paths

/wp-content/plugins/ultra-menu-remove/js/umr_bootstrap.min.js/wp-content/plugins/ultra-menu-remove/js/umr_bootstrap-toggle.min.js/wp-content/plugins/ultra-menu-remove/js/umr-setting.js

Version Parameters

ultra-menu-remove/css/umr_bootstrap.css?ver=ultra-menu-remove/css/urm_bootstrap-toggle-style.min.css?ver=ultra-menu-remove/js/umr_bootstrap.min.js?ver=ultra-menu-remove/js/umr_bootstrap-toggle.min.js?ver=ultra-menu-remove/js/umr-setting.js?ver=

HTML / DOM Fingerprints

CSS Classes

umrcontenertoggle-one

Data Attributes

name="dashbord"name="jetpack"name="posts"name="media"name="pages"name="attachment"+6 more

FAQ