PLUGIN SECURITY
Is Megamenu safe?
Known vulnerabilities, PHP compatibility and safer alternatives for the Megamenu WordPress plugin — checked against WP Clinic's local security database.
Plugin details
- Slug:
megamenu - Requires PHP: 7.4+
- Max supported PHP (analyzed): 8.4
Known vulnerabilities
- Max Mega Menu [megamenu] < 2.4 [CVE-2017-18525, Max Mega Menu <= 2.3.8 - Authenticated Cross-Site Scripting, Max Mega Menu <= 2.3.8 - Authenticated XSS]
- Max Mega Menu [megamenu] < 3.3.1 [CVE-2024-28003, WordPress Max Mega Menu Plugin <= 3.3 is vulnerable to Broken Access Control, Max Mega Menu <= 3.3. - Missing Authorization]
Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.
Safer / more established alternatives
- Happy Addons for Elementor — 400000+ active installs — max PHP 8.4
- Admin Menu Editor — 300000+ active installs — max PHP 8.4
- Menu Image, Icons made easy — 100000+ active installs — max PHP 8.4
- Duplicate Menu — 100000+ active installs
- GutenKit – Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor — 80000+ active installs
Check your own WordPress site
Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.