WP-Safety

W2O Admin Dropdown Menu Security & Risk Analysis

wordpress.org/plugins/w2o-admin-drop-down-menu

Neat, clean, responsive and WordPress environment friendly horizontal dropdown menu for Admin that eliminates the left menu and saves screen space!

100 active installs v3.0 PHP + WP 4.0+ Updated Sep 3, 2018
adminmenumenustop-menuw2o
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is W2O Admin Dropdown Menu Safe to Use in 2026?

Generally Safe

Score 85/100

W2O Admin Dropdown Menu has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago
Risk Assessment

The w2o-admin-drop-down-menu plugin version 3.0 exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices by having no known CVEs, a clean vulnerability history, and utilizes prepared statements for all SQL queries. The attack surface appears minimal with no identified AJAX handlers, REST API routes, shortcodes, or cron events exposed without proper authentication or permission checks. However, a significant concern arises from the static analysis revealing that 100% of its eight output operations are not properly escaped, posing a high risk of Cross-Site Scripting (XSS) vulnerabilities. Additionally, the taint analysis detected one flow with an unsanitized path, which, while not classified as critical or high severity in this instance, warrants attention as it indicates potential for unintended data handling. The absence of nonce checks further contributes to potential security weaknesses, especially if any new entry points were to be introduced.

Key Concerns

  • 100% of outputs are not properly escaped
  • Taint analysis found 1 flow with unsanitized paths
  • 0 Nonce checks found
Vulnerabilities
None known

W2O Admin Dropdown Menu Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

W2O Admin Dropdown Menu Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
8
0 escaped
Nonce Checks
0
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

0% escaped8 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths
<w2oadm.css> (core\w2oadm.css.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

W2O Admin Dropdown Menu Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 5
actionadmin_initw2o-admin-drop-down-menu.php:40
actionadmin_headw2o-admin-drop-down-menu.php:41
filteradmin_bar_menuw2o-admin-drop-down-menu.php:47
filteradmin_bar_menuw2o-admin-drop-down-menu.php:50
actionadmin_footerw2o-admin-drop-down-menu.php:51
Maintenance & Trust

W2O Admin Dropdown Menu Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29
Last updatedSep 3, 2018
PHP min version
Downloads13K

Community Trust

Rating98/100
Number of ratings10
Active installs100
Alternatives

W2O Admin Dropdown Menu Alternatives

PublishPress Capabilities – User Role Editor, Access Permissions, User Capabilities, Admin Menus

PublishPress Capabilities – User Role Editor, Access Permissions, User Capabilities, Admin Menus

capability-manager-enhanced

A
96

PublishPress Capabilities is the access control plugin. You can manage user capabilities, permissions, user roles, admin menus and more.

100K 4 CVEs
User Admin Simplifier

User Admin Simplifier

user-admin-simplifier

A
85

Lets any Administrator simplify the WordPress Admin interface, on a per-user basis, by turning specific menu/submenu sections off.

10K No CVEs
Admin Tools

Admin Tools

admin-tools

A
85

Admin Tools Helps you to get better admin for your customers. Manage your menus, plugins, Top Bar, updates and more

4K No CVEs
Ozh' Admin Drop Down Menu

Ozh' Admin Drop Down Menu

ozh-admin-drop-down-menu

A
85

All admin links available in a neat horizontal drop down menu. Saves lots of screen real estate!

3K No CVEs
Admin Toolbar Menus

Admin Toolbar Menus

admin-toolbar-menus

A
92

Seamlessly adds 3 new menu locations to the admin toolbar.

1K No CVEs
Developer Profile

W2O Admin Dropdown Menu Developer Profile

Shishir Raj Adhikari

2 plugins · 110 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect W2O Admin Dropdown Menu

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/w2o-admin-drop-down-menu/css/w2oadm-menu.css/wp-content/plugins/w2o-admin-drop-down-menu/css/w2oadm- Responsive.css/wp-content/plugins/w2o-admin-drop-down-menu/css/w2oadm.css/wp-content/plugins/w2o-admin-drop-down-menu/js/w2oadm-menu.js
Script Paths
/wp-content/plugins/w2o-admin-drop-down-menu/js/w2oadm-menu.js
Version Parameters
w2o-admin-drop-down-menu/css/w2oadm-menu.css?ver=w2o-admin-drop-down-menu/css/w2oadm- Responsive.css?ver=w2o-admin-drop-down-menu/css/w2oadm.css?ver=w2o-admin-drop-down-menu/js/w2oadm-menu.js?ver=

HTML / DOM Fingerprints

CSS Classes
w2oadm_menu_text_toplevelw2oadm_menu_image_toplevelw2oadm_svgw2oadm_menu_imageonly_toplevelw2oadm-admin-bar-menuw2oadm_admin_bar_menuw2oadm-navw2oadm_nav+2 more
HTML Comments
<!-- Making the plugin compatible with Admin Menu Editor plugin, i.e. https://wordpress.org/plugins/admin-menu-editor/ --><!-- Hiding admin bar on the site page when logged in. Un-comment (remove //) if needed --><!-- Exit if accessed directly --><!-- The main function that hacks the original menu and display ours instead. This function is called in "w2o-admin-drop-down-menu.php" and triggers by the admin_bar_menu hook. -->
Data Attributes
w2oadm_customtag_toplevelw2oadm_menu_text_toplevelw2oadm_menu_image_toplevelw2oadm_svgw2oadm_menu_imageonly_toplevelw2oadm-admin-bar-menu+5 more
FAQ

Frequently Asked Questions about W2O Admin Dropdown Menu