WP-Safety

WP Responsive Menu Security & Risk Analysis

wordpress.org/plugins/wp-responsive-menu

WP Responsive Menu turns your WordPress menu to a highly customizable sliding responsive menu.

30K active installs v3.2.1 PHP 5.4+ WP 3.0+ Updated Dec 13, 2025
menumobilemobile-responsiveresponsiveresponsive-menu
100
A · Safe
CVEs total1
Unpatched0
Last CVEJan 26, 2022
Plugin page Download
Safety Verdict

Is WP Responsive Menu Safe to Use in 2026?

Generally Safe

Score 100/100

WP Responsive Menu has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jan 26, 2022Updated 3mo ago
Risk Assessment

The wp-responsive-menu plugin version 3.2.1 demonstrates a generally good security posture with strong adherence to secure coding practices. The absence of critical or high severity taint flows, along with a high percentage of properly escaped output and the exclusive use of prepared statements for SQL queries, are significant strengths. The presence of nonce and capability checks on its two AJAX entry points further mitigates common attack vectors. The plugin also avoids dangerous functions and file operations, minimizing its attack surface in these critical areas.

However, the plugin's vulnerability history does present a notable concern. The existence of one past CVE, specifically related to Cross-site Scripting (XSS), even though it is currently patched, suggests a historical susceptibility to input manipulation. While the static analysis shows no immediate XSS risks in this version, it's a pattern that warrants continued vigilance. The use of a bundled library, Select2, could also pose a risk if it's not kept up-to-date, though no specific version information is provided to assess this directly.

In conclusion, wp-responsive-menu v3.2.1 is well-secured against common vulnerabilities based on the static analysis. Its secure coding practices are commendable. The primary area for improvement and continued monitoring revolves around its past XSS vulnerability, highlighting the importance of ongoing security reviews and prompt patching of any future vulnerabilities discovered.

Key Concerns

  • Past XSS vulnerability
  • Bundled library (Select2) - potential for outdated version
Vulnerabilities
1

WP Responsive Menu Security Vulnerabilities

CVEs by Year

1 CVE in 2022
2022
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2021-24971medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Responsive Menu <= 3.1.7 - Missing Authorization to Settings Update & Stored Cross-Site Scripting

Jan 26, 2022 Patched in 3.1.7.1 (727d)
Code Analysis
Analyzed Mar 16, 2026

WP Responsive Menu Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
6
153 escaped
Nonce Checks
2
Capability Checks
4
File Operations
0
External Requests
2
Bundled Libraries
1

Bundled Libraries

Select2

Output Escaping

96% escaped159 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
wprmenu_import_data (inc\class-wp-responsive-menu.php:334)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

WP Responsive Menu Attack Surface

Entry Points2
Unprotected0

AJAX Handlers 2

authwp_ajax_wprmenu_import_datainc\class-wp-responsive-menu.php:52
authwp_ajax_wpr_get_transient_from_datainc\class-wp-responsive-menu.php:54
WordPress Hooks 45
actionplugins_loadedinc\class-wp-responsive-menu.php:40
actionwp_enqueue_scriptsinc\class-wp-responsive-menu.php:43
actionwp_enqueue_scriptsinc\class-wp-responsive-menu.php:44
actionwp_footerinc\class-wp-responsive-menu.php:45
actionwp_footerinc\class-wp-responsive-menu.php:46
actionadmin_bar_menuinc\class-wp-responsive-menu.php:56
filterplugin_row_metainc\class-wp-responsive-menu.php:58
actionadmin_menuinc\includes\class-wprmenu-framework-admin.php:38
actionadmin_enqueue_scriptsinc\includes\class-wprmenu-framework-admin.php:41
actionadmin_enqueue_scriptsinc\includes\class-wprmenu-framework-admin.php:43
actionadmin_initinc\includes\class-wprmenu-framework-admin.php:46
actionwp_before_admin_bar_renderinc\includes\class-wprmenu-framework-admin.php:49
actionadmin_menuinc\includes\class-wprmenu-framework-admin.php:51
actionadmin_enqueue_scriptsinc\includes\class-wprmenu-framework-admin.php:53
actionadmin_enqueue_scriptsinc\includes\class-wprmenu-framework-admin.php:55
actionwpr_optionsframework_after_validateinc\includes\class-wprmenu-framework-admin.php:74
actionadmin_headinc\includes\class-wprmenu-framework-admin.php:297
actionadmin_initinc\includes\class-wprmenu-framework.php:24
filtersafe_style_cssinc\includes\class-wprmenu-interface.php:9
actionadmin_enqueue_scriptsinc\includes\class-wprmenu-media-uploader.php:13
filterwpr_of_sanitize_menusortinc\includes\class-wprmenu-sanitization.php:12
filterwpr_of_sanitize_textinc\includes\class-wprmenu-sanitization.php:16
filterwpr_of_sanitize_codeinc\includes\class-wprmenu-sanitization.php:20
filterwpr_of_sanitize_passwordinc\includes\class-wprmenu-sanitization.php:24
filterwpr_of_sanitize_textareainc\includes\class-wprmenu-sanitization.php:34
filterwpr_of_sanitize_selectinc\includes\class-wprmenu-sanitization.php:38
filterwpr_of_sanitize_radioinc\includes\class-wprmenu-sanitization.php:42
filterwpr_of_sanitize_imagesinc\includes\class-wprmenu-sanitization.php:46
filterwpr_of_sanitize_checkboxinc\includes\class-wprmenu-sanitization.php:58
filterwpr_of_sanitize_multicheckinc\includes\class-wprmenu-sanitization.php:76
filterwpr_of_sanitize_colorinc\includes\class-wprmenu-sanitization.php:80
filterwpr_of_sanitize_uploadinc\includes\class-wprmenu-sanitization.php:92
filterwpr_of_sanitize_editorinc\includes\class-wprmenu-sanitization.php:106
filterwpr_of_sanitize_infoinc\includes\class-wprmenu-sanitization.php:123
filterwpr_of_sanitize_backgroundinc\includes\class-wprmenu-sanitization.php:154
filterwpr_of_background_repeatinc\includes\class-wprmenu-sanitization.php:163
filterwpr_of_background_positioninc\includes\class-wprmenu-sanitization.php:172
filterwpr_of_background_attachmentinc\includes\class-wprmenu-sanitization.php:181
filterwpr_of_sanitize_typographyinc\includes\class-wprmenu-sanitization.php:209
filterwpr_of_font_sizeinc\includes\class-wprmenu-sanitization.php:219
filterwpr_of_font_styleinc\includes\class-wprmenu-sanitization.php:229
filterwpr_of_font_faceinc\includes\class-wprmenu-sanitization.php:239
actioninitinc\wprmenu-framework.php:40
filterwpr_optionsframework_menuinc\wprmenu-options.php:30
actionadmin_noticesinc\wprmenu-options.php:66
Maintenance & Trust

WP Responsive Menu Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 13, 2025
PHP min version5.4
Downloads994K

Community Trust

Rating86/100
Number of ratings100
Active installs30K
Alternatives

WP Responsive Menu Alternatives

Max Mega Menu

Max Mega Menu

megamenu

A
99

An easy to use mega menu plugin. Written the WordPress way.

300K 2 CVEs
WP Mobile Menu – The Mobile-Friendly Responsive Menu

WP Mobile Menu – The Mobile-Friendly Responsive Menu

mobile-menu

A
96

Need some help with the mobile website experience? Need an Mobile Menu plugin that keep your mobile visitors engaged?

80K 4 CVEs
QuadMenu – Mega Menu

QuadMenu – Mega Menu

quadmenu

A
94

Responsive mega menu plugin for WordPress with customizable layouts and an intuitive drag-and-drop builder.

10K 2 CVEs
Easy Mega Menu Plugin for WordPress – ThemeHunk

Easy Mega Menu Plugin for WordPress – ThemeHunk

themehunk-megamenu-plus

B
75

Free, fast, and user-friendly mega menu plugin for WordPress & WooCommerce. Add pages, posts, widgets, products, text, and custom links effortlessly.

2K 1 unpatched
Mobile Menu Builder for WordPress

Mobile Menu Builder for WordPress

mobile-menu-builder

A
85

WordPress Mobile Menu Builder plugin is specially designed for mobiles. It is easy to use, customizable, and is highly flexible.

600 No CVEs
Developer Profile

WP Responsive Menu Developer Profile

Nirmal Kumar Ram

6 plugins · 31K total installs

74
trust score
Avg Security Score
93/100
Avg Patch Time
826 days
View full developer profile
Detection Fingerprints

How We Detect WP Responsive Menu

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-responsive-menu/assets/css/wpr-hamburger.css/wp-content/plugins/wp-responsive-menu/assets/css/wprmenu.css/wp-content/plugins/wp-responsive-menu/inc/assets/icons/wpr-icons.css/wp-content/plugins/wp-responsive-menu/assets/js/modernizr.custom.js/wp-content/plugins/wp-responsive-menu/assets/js/touchSwipe.js/wp-content/plugins/wp-responsive-menu/assets/js/wprmenu.js
Script Paths
/wp-content/plugins/wp-responsive-menu/assets/js/modernizr.custom.js/wp-content/plugins/wp-responsive-menu/assets/js/touchSwipe.js/wp-content/plugins/wp-responsive-menu/assets/js/wprmenu.js
Version Parameters
wp-responsive-menu/assets/css/wpr-hamburger.css?ver=wp-responsive-menu/assets/css/wprmenu.css?ver=wp-responsive-menu/inc/assets/icons/wpr-icons.css?ver=wp-responsive-menu/assets/js/modernizr.custom.js?ver=wp-responsive-menu/assets/js/touchSwipe.js?ver=wp-responsive-menu/assets/js/wprmenu.js?ver=

HTML / DOM Fingerprints

CSS Classes
wprmenu_wrapperwprmenu_containerwprmenu_overlaywprmenu_barwprmenu_menuwprmenu_searchwprmenu_search_inputwprmenu_logo+6 more
Data Attributes
data-wprmenu-themedata-wprmenu-slidedata-wprmenu-posdata-wprmenu-widthdata-wprmenu-parent-clickdata-wprmenu-swipe+1 more
JS Globals
wprmenu
FAQ

Frequently Asked Questions about WP Responsive Menu