WP-Safety

Widget Menuizer Security & Risk Analysis

wordpress.org/plugins/widget-menuizer

Unlock the full potential of the WordPress menu system to create mega menus and more by adding sidebar regions and widgets to your menus.

700 active installs v1.1.3 PHP + WP 3.9.2+ Updated Dec 3, 2025
menussidebarswidgets
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Widget Menuizer Safe to Use in 2026?

Generally Safe

Score 100/100

Widget Menuizer has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago
Risk Assessment

The "widget-menuizer" v1.1.3 plugin demonstrates a generally good security posture based on the provided static analysis and vulnerability history. The absence of any known CVEs and a clean slate in terms of vulnerability history is a significant positive indicator, suggesting a well-maintained and secure codebase. The static analysis reveals a small attack surface consisting of only two AJAX handlers, both of which appear to have authentication checks (as none are noted as unprotected). The code also shows strong adherence to secure coding practices, with 100% of SQL queries using prepared statements and 95% of output being properly escaped. The lack of dangerous functions, file operations, and external HTTP requests further bolsters its security profile. However, the presence of two AJAX handlers with no explicit mention of capability checks is a potential, albeit minor, concern. While nonce checks are present, the absence of capability checks could leave the AJAX endpoints vulnerable to unauthorized actions if the nonce check is not sufficient on its own to validate user intent or permissions. Despite this minor area of attention, the plugin's overall security is strong, with no critical or high-severity issues identified in the code analysis or past vulnerabilities.

Key Concerns

  • AJAX handlers without explicit capability checks
Vulnerabilities
None known

Widget Menuizer Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Widget Menuizer Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
11
211 escaped
Nonce Checks
2
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

95% escaped222 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
start_el (inc\classes\class-sidebar-walker-nav-menu-edit.php:31)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Widget Menuizer Attack Surface

Entry Points2
Unprotected0

AJAX Handlers 2

authwp_ajax_cshp_wm_add_widget_areawidget-menuizer.php:46
authwp_ajax_cshp_wm_remove_widget_areawidget-menuizer.php:47
WordPress Hooks 11
actionadmin_menuinc\classes\class-cshp-settings-page.php:52
actionadmin_initinc\classes\class-cshp-settings-section.php:52
actionadmin_initinc\classes\class-cshp-settings-setting.php:89
actionauth_redirectwidget-menuizer.php:39
actionwp_enqueue_scriptswidget-menuizer.php:40
actionadmin_enqueue_scriptswidget-menuizer.php:41
filterwp_edit_nav_menu_walkerwidget-menuizer.php:42
filterwalker_nav_menu_start_elwidget-menuizer.php:43
actionwp_update_nav_menu_itemwidget-menuizer.php:44
filterwp_setup_nav_menu_itemwidget-menuizer.php:45
actionwidgets_initwidget-menuizer.php:48
Maintenance & Trust

Widget Menuizer Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 3, 2025
PHP min version
Downloads14K

Community Trust

Rating86/100
Number of ratings6
Active installs700
Alternatives

Widget Menuizer Alternatives

Off-Canvas Sidebars & Menus (Slidebars)

Off-Canvas Sidebars & Menus (Slidebars)

off-canvas-sidebars

A
96

Add off-canvas sidebars (Slidebars) containing widgets, menus or other content using the Slidebars jQuery plugin.

1K 4 CVEs
WooSidebars

WooSidebars

woosidebars

A
92

WooSidebars adds functionality to display different widgets in a sidebar, according to a context (for example, a specific page or a category).

100K 1 CVE
Content Aware Sidebars – Fastest Widget Area Plugin

Content Aware Sidebars – Fastest Widget Area Plugin

content-aware-sidebars

A
99

Display new sidebars on any post, page, category etc. Works with Classic Widgets, Block Widgets, and all themes!

30K 1 CVE
Simple Page Sidebars

Simple Page Sidebars

simple-page-sidebars

A
92

Easily assign custom, widget-enabled sidebars to any page.

20K No CVEs
Advanced Sidebar Menu

Advanced Sidebar Menu

advanced-sidebar-menu

A
100

Fully automatic sidebar menus.

10K No CVEs
Developer Profile

Widget Menuizer Developer Profile

cornershop

9 plugins · 12K total installs

87
trust score
Avg Security Score
99/100
Avg Patch Time
70 days
View full developer profile
Detection Fingerprints

How We Detect Widget Menuizer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/widget-menuizer/assets/css/widget-menuizer.css/wp-content/plugins/widget-menuizer/assets/css/sidebars.css/wp-content/plugins/widget-menuizer/assets/js/sidebars.js/wp-content/plugins/widget-menuizer/assets/css/widget-menuizer-front.css
Script Paths
/wp-content/plugins/widget-menuizer/assets/js/sidebars.js
Version Parameters
widget-menuizer/assets/css/widget-menuizer.css?ver=widget-menuizer/assets/css/sidebars.css?ver=widget-menuizer/assets/js/sidebars.js?ver=widget-menuizer/assets/css/widget-menuizer-front.css?ver=

HTML / DOM Fingerprints

CSS Classes
sidebardivposttypedivsidebar-paneltabs-panel-activesidebar-checklistcategorychecklistmenu-item-checkboxmenu-item-title+14 more
HTML Comments
<!-- no touch! -->
Data Attributes
id="sidebardiv"id="sidebar-panel"class="tabs-panel tabs-panel-active"id="sidebar-checklist"class="form-no-clear categorychecklist"class="menu-item-title"+29 more
JS Globals
cshp_wm_sidebars_optionscshp_wm_sidebars_nonceadmin_urlwp_create_nonce
REST Endpoints
/wp-admin/admin-ajax.php
FAQ

Frequently Asked Questions about Widget Menuizer