WP-Safety

WP Spry Menu Security & Risk Analysis

wordpress.org/plugins/wp-spry-menu

Create Spry Drop Down Menu for WordPress category.

70 active installs v1.5.2 PHP + WP 3.0+ Updated Aug 10, 2014
category-excludecategory-menucss-menudropdown-menumenu
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WP Spry Menu Safe to Use in 2026?

Generally Safe

Score 85/100

WP Spry Menu has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago
Risk Assessment

The 'wp-spry-menu' v1.5.2 plugin exhibits a generally good security posture based on the provided static analysis. There are no known vulnerabilities (CVEs), no dangerous functions, no file operations, and no external HTTP requests. All SQL queries are properly prepared. However, a significant concern arises from the taint analysis, which identified two flows with unsanitized paths. While no critical or high severity issues were flagged in taint analysis, this indicates a potential for path traversal vulnerabilities if user-supplied input is involved in file operations or data handling within these flows, even if not immediately apparent in the static analysis. Additionally, the output escaping is poor, with only 22% of outputs properly escaped. This is a considerable risk, as it opens the door to cross-site scripting (XSS) vulnerabilities where user input could be rendered directly into the page without sanitization. The plugin also lacks nonce and capability checks on all entry points, which is a fundamental security practice that is missing. While the attack surface appears small and has no unprotected entry points directly identified, the poor output escaping and unsanitized paths are critical weaknesses that need immediate attention.

Key Concerns

  • Poor output escaping (22% proper)
  • Flows with unsanitized paths identified
  • Missing nonce checks on entry points
  • Missing capability checks on entry points
Vulnerabilities
None known

WP Spry Menu Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

WP Spry Menu Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
7
2 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

22% escaped9 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
option_page (inc\options\takien-easy-options.php:98)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

WP Spry Menu Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[wp_spry_menu] wp-spry-menu.php:35
WordPress Hooks 6
actionadmin_initinc\options\takien-easy-options.php:29
actionadmin_menuinc\options\takien-easy-options.php:30
actioninitwp-spry-menu.php:34
actionadmin_enqueue_scriptswp-spry-menu.php:36
actionwp_enqueue_scriptswp-spry-menu.php:37
filterwidget_textwp-spry-menu.php:40
Maintenance & Trust

WP Spry Menu Maintenance & Trust

Maintenance Signals

WordPress version tested3.6.1
Last updatedAug 10, 2014
PHP min version
Downloads32K

Community Trust

Rating100/100
Number of ratings1
Active installs70
Alternatives

WP Spry Menu Alternatives

Advanced Sidebar Menu

Advanced Sidebar Menu

advanced-sidebar-menu

A
100

Fully automatic sidebar menus.

10K No CVEs
Automatically Hierarchic Categories in Menu

Automatically Hierarchic Categories in Menu

automatically-hierarchic-categories-in-menu

A
97

Allows you to automatically add hierarchic categories in WordPress Navigation Menus.

2K 3 CVEs
Ollie Menu Designer

Ollie Menu Designer

ollie-menu-designer

A
100

Create custom dropdown & mobile menus using WordPress blocks. Design rich, responsive navigation with any block content in the block editor.

2K No CVEs
Dropdown multisite selector

Dropdown multisite selector

dropdown-multisite-selector

A
91

Gives you the resources to make select field with redirecting options to a given URLs.

1K 2 CVEs
Multilevel Navigation Menu

Multilevel Navigation Menu

multilevel-navigation-menu

A
92

Multilevel Navigation Menu plugin ability to add a full-screen navigation menu to our website.

500 No CVEs
Developer Profile

WP Spry Menu Developer Profile

takien

6 plugins · 1K total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WP Spry Menu

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-spry-menu/css/wp-spry-menu.css/wp-content/plugins/wp-spry-menu/js/SpryDOMUtils.js/wp-content/plugins/wp-spry-menu/js/SpryEffects.js/wp-content/plugins/wp-spry-menu/js/SpryWidget.js/wp-content/plugins/wp-spry-menu/js/SpryCollapsibleList.js/wp-content/plugins/wp-spry-menu/js/SpryAccordion.js/wp-content/plugins/wp-spry-menu/js/SpryMenu.js
Script Paths
/wp-content/plugins/wp-spry-menu/js/SpryDOMUtils.js/wp-content/plugins/wp-spry-menu/js/SpryEffects.js/wp-content/plugins/wp-spry-menu/js/SpryWidget.js/wp-content/plugins/wp-spry-menu/js/SpryCollapsibleList.js/wp-content/plugins/wp-spry-menu/js/SpryAccordion.js/wp-content/plugins/wp-spry-menu/js/SpryMenu.js
Version Parameters
wp-spry-menu/style.css?ver=wp-spry-menu/js/SpryDOMUtils.js?ver=wp-spry-menu/js/SpryEffects.js?ver=wp-spry-menu/js/SpryWidget.js?ver=wp-spry-menu/js/SpryCollapsibleList.js?ver=wp-spry-menu/js/SpryAccordion.js?ver=wp-spry-menu/js/SpryMenu.js?ver=

HTML / DOM Fingerprints

CSS Classes
spry-menu-container
JS Globals
SprySpryDOMUtilsSpryEffectsSpryWidgetSpryCollapsibleListSpryAccordion+1 more
FAQ

Frequently Asked Questions about WP Spry Menu