Does WP Group Menu have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Group Menu compatible with WordPress 4.9.29?

According to WordPress.org data, WP Group Menu 1.0 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

How often is WP Group Menu updated?

WP Group Menu was last updated on Jul 2, 2018. Frequent updates are generally a positive security signal.

What is WP Group Menu's security score?

WP Group Menu has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Group Menu Security & Risk Analysis

wordpress.org/plugins/wp-group-menu

This plugin adds a universal top menu among WordPress sister websites.

10 active installs v1.0 PHP + WP 4.0+ Updated Jul 2, 2018

group-menumenusmultisite-menutop-menu

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP Group Menu Safe to Use in 2026?

Generally Safe

Score 85/100

WP Group Menu has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago

Risk Assessment

The wp-group-menu v1.0 plugin presents a significant security risk due to its handling of AJAX requests. A single AJAX handler lacks authentication checks, creating a direct entry point for unauthenticated users. Furthermore, the taint analysis reveals a concerning number of flows with unsanitized paths, with four classified as high severity. This indicates a strong potential for vulnerabilities like Cross-Site Scripting (XSS) or even Remote Code Execution (RCE) if these unsanitized paths can be exploited. The plugin also exhibits poor output escaping practices, with only 14% of outputs being properly escaped, increasing the likelihood of XSS attacks.

While the plugin has no recorded CVEs, this should not be interpreted as a guarantee of safety, especially given the identified code analysis issues. The absence of past vulnerabilities might simply mean the plugin hasn't been extensively targeted or that previous issues were not publicly disclosed. The limited capability checks and lack of nonce checks on the unprotected AJAX handler are also significant weaknesses. Overall, the plugin's current state is concerning, with critical areas for improvement in input validation, output sanitization, and access control, particularly for its AJAX endpoints.

Key Concerns

Unprotected AJAX handler
High severity taint flows
Low percentage of properly escaped output
Missing nonce checks on AJAX
Limited capability checks

Vulnerabilities

None known

WP Group Menu Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

WP Group Menu Release Timeline

v1.0Current

v0.2

v0.1

Code Analysis

Analyzed Mar 17, 2026

WP Group Menu Code Analysis

Dangerous Functions

Raw SQL Queries

5 prepared

Unescaped Output

7 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

63% prepared8 total queries

Output Escaping

14% escaped49 total outputs

Data Flows · Security

5 unsanitized

Data Flow Analysis

6 flows5 with unsanitized paths

<wpgroupmenu_manage> (wpgroupmenu_manage.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

WP Group Menu Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_submit_sitewpgroupmenu.php:17

WordPress Hooks 5

actioninitwpgroupmenu.php:16

actionadmin_menuwpgroupmenu.php:18

actionwp_headwpgroupmenu.php:19

filterwp_headwpgroupmenu.php:20

actionadmin_headwpgroupmenu.php:35

Maintenance & Trust

WP Group Menu Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedJul 2, 2018

PHP min version

Downloads2K

Community Trust

Rating60/100

Number of ratings2

Active installs10

Alternatives

WP Group Menu Alternatives

W2O Admin Dropdown Menu

w2o-admin-drop-down-menu

Neat, clean, responsive and WordPress environment friendly horizontal dropdown menu for Admin that eliminates the left menu and saves screen space!

100 No CVEs

Blog-Writer

blog-writer

Blog-Writer is a Gutenberg block plugin for designing highly customizable and responsive desktop and mobile menus.

0 No CVEs

PublishPress Capabilities – User Role Editor, Access Permissions, User Capabilities, Admin Menus

capability-manager-enhanced

PublishPress Capabilities is the access control plugin. You can manage user capabilities, permissions, user roles, admin menus and more.

100K 5 CVEs

User Menus – Nav Menu Visibility

user-menus

Show/hide menu items to logged in users, logged out users or specific user roles. Display logged in user details in menu. Add a logout link to menu.

80K No CVEs

Nav Menu Roles

nav-menu-roles

100

Hide custom menu items based on user roles.

70K No CVEs

Developer Profile

WP Group Menu Developer Profile

Kevon Adonis

2 plugins · 310 total installs

trust score

Avg Security Score

76/100

Avg Patch Time

95 days

View full developer profile

Detection Fingerprints

How We Detect WP Group Menu

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-group-menu/css/admin.css/wp-content/plugins/wp-group-menu/css/menu.css/wp-content/plugins/wp-group-menu/css/spectrum.css/wp-content/plugins/wp-group-menu/js/admin.js/wp-content/plugins/wp-group-menu/js/scripts.js/wp-content/plugins/wp-group-menu/js/spectrum.js

Script Paths

/wp-content/plugins/wp-group-menu/js/admin.js/wp-content/plugins/wp-group-menu/js/scripts.js/wp-content/plugins/wp-group-menu/js/spectrum.js

Version Parameters

/wp-content/plugins/wp-group-menu/js/admin.js?ver=/wp-content/plugins/wp-group-menu/js/scripts.js?ver=/wp-content/plugins/wp-group-menu/js/spectrum.js?ver=/wp-content/plugins/wp-group-menu/css/admin.css?ver=/wp-content/plugins/wp-group-menu/css/menu.css?ver=/wp-content/plugins/wp-group-menu/css/spectrum.css?ver=

HTML / DOM Fingerprints

CSS Classes

nav-tab-wrappernav-tabnav-tab-activemetabox-holderpost-bodypost-body-contentpostareapostbox+1 more

HTML Comments

Displays the tabs and manages tabs to be displayedThank you for installing this plugin. You are ready to start creating menus.After creating your menus, style your menu bar under settings. More options coming soon.This plugin may be used multiple times on the network / group of websites that you may want to interlink but for+2 more

Data Attributes

data-tab-name

FAQ