QuadMenu – Mega Menu

Responsive mega menu plugin for WordPress with customizable layouts and an intuitive drag-and-drop builder.

v3.3.6quadlayersUpdated Added 10k+ installs90% rating
25
Score
2,128
Errors
455
Warnings
+1
Change

Category Scores

Security0
Repo100
Performance96
Maintainability0

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

2,583 findings

Security

1,717

8 issue groups

I18n

590

3 issue groups

Maintainability

245

14 issue groups

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"$jsonp_callback($json)"'.1,402
Category
Security
Occurrences
1,402
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"$jsonp_callback($json)"'.

ERRORI18nText Domain MismatchMismatched text domain. Expected 'quadmenu' but got 'jetpack-assets'.473
Category
I18n
Occurrences
473
Severity
error

Sample message

Mismatched text domain. Expected 'quadmenu' but got 'jetpack-assets'.

WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$$this".107
Category
Maintainability
Occurrences
107
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$$this".

WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.91
Category
Security
Occurrences
91
Severity
warning

Sample message

Processing form data without nonce verification.

ERRORI18nMissing Translators CommentA function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.90
Category
I18n
Occurrences
90
Severity
error

Sample message

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;73
Category
Maintainability
Occurrences
73
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

WARNINGSecurityRequest data is not unslashed$_COOKIE['redux_update_check'] not unslashed before sanitization. Use wp_unslash() or similar71
Category
Security
Occurrences
71
Severity
warning

Sample message

$_COOKIE['redux_update_check'] not unslashed before sanitization. Use wp_unslash() or similar

WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_COOKIE['redux_update_check']66
Category
Security
Occurrences
66
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_COOKIE['redux_update_check']

WARNINGSecurityInput is not validatedDetected usage of a possibly undefined superglobal array index: $_COOKIE['redux_current_tab']. Check that the array index exists before using it.49
Category
Security
Occurrences
49
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_COOKIE['redux_current_tab']. Check that the array index exists before using it.

ERRORI18nMissing Arg DomainMissing $domain parameter in function call to _x().27
Category
I18n
Occurrences
27
Severity
error

Sample message

Missing $domain parameter in function call to _x().

Show 15 more
WARNINGSecurityMissing nonce verification20
Category
Security
Occurrences
20
Severity
warning

Sample message

Processing form data without nonce verification.

ERRORSecurityUnsafe printing function15
Category
Security
Occurrences
15
Severity
error

Sample message

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

ERRORMaintainabilitywp function not compatible with requires wp15
Category
Maintainability
Occurrences
15
Severity
error

Sample message

Function "determine_locale()" requires WordPress 5.0.0, but your plugin minimum supported version is WordPress 4.7.0.

WARNINGMaintainabilityNon-prefixed hook name8
Category
Maintainability
Occurrences
8
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "admin_footer-widgets.php".

WARNINGMaintainabilityNon-prefixed function7
Category
Maintainability
Occurrences
7
Severity
warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "_QuadMenu".

ERRORMaintainabilitystrip tags strip tags6
Category
Maintainability
Occurrences
6
Severity
error

Sample message

strip_tags() is discouraged. Use the more comprehensive wp_strip_all_tags() instead.

WARNINGMaintainabilityNon-prefixed class5
Category
Maintainability
Occurrences
5
Severity
warning

Sample message

Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "Browser".

WARNINGMaintainabilityDirect Query4
Category
Maintainability
Occurrences
4
Severity
warning

Sample message

Use of a direct database call is discouraged.

WARNINGMaintainabilityNo Caching4
Category
Maintainability
Occurrences
4
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WARNINGMaintainabilityMissing Version4
Category
Maintainability
Occurrences
4
Severity
warning

Sample message

Resource version not set in call to wp_enqueue_script(). This means new versions of the script may not always be loaded due to browser caching.

ERRORMaintainabilityForbidden PHP function found3
Category
Maintainability
Occurrences
3
Severity
error

Sample message

The use of function _cleanup_header_comment() is forbidden

WARNINGSecuritywp redirect wp redirect3
Category
Security
Occurrences
3
Severity
warning

Sample message

wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.

ERRORMaintainabilityDeprecated parameter: get_terms parameter 23
Category
Maintainability
Occurrences
3
Severity
error

Sample message

The parameter "$args" at position #2 of get_terms() has been deprecated since WordPress version 4.5.0. Instead do not pass the parameter.

WARNINGMaintainabilityNot In Footer3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

In footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.

ERRORMaintainabilityNon Enqueued Stylesheet3
Category
Maintainability
Occurrences
3
Severity
error

Sample message

Stylesheets must be registered/enqueued via wp_enqueue_style()

External Connections

Potential connections found in static code analysis.

86 domains

Outbound calls

272

External assets

1

Incoming endpoints

27

Notable Domains

quadmenu.com19 · outbound
en.wikipedia.org10 · outbound
elusiveicons.com8 · outbound
fontawesome.com8 · outbound
quadlayers.com8 · outbound

Platform / Reference Domains

github.com42 · platform/reference
gnu.org29 · platform/reference
w3.org9 · platform/reference
codex.wordpress.org8 · platform/reference
wordpress.org4 · platform/reference
opensource.org3 · platform/reference
es.wordpress.org2 · platform/reference
validator.w3.org1 · platform/reference

External Asset Domains

ajax.googleapis.com3 · asset + outbound

Incoming Endpoints

wp_ajax_nopriv_public

wp_ajax

wp_ajax_nopriv_ajax_quadmenu_divi_modulepublic

wp_ajax

wp_ajax_nopriv_quadmenu_compiler_savepublic

wp_ajax

wp_ajax_nopriv_redux_download_options-public

wp_ajax

wp_ajax_nopriv_redux_link_options-public

wp_ajax

wp_ajax_nopriv_redux_ppublic

wp_ajax

Admin AJAX endpoints18
wp_ajax_ajax_quadmenu_divi_moduleauthenticated

wp_ajax

wp_ajax_quadmenu_add_nav_menu_itemauthenticated

wp_ajax

wp_ajax_quadmenu_add_nav_menu_item_panelauthenticated

wp_ajax

wp_ajax_quadmenu_add_nav_menu_item_settingsauthenticated

wp_ajax

wp_ajax_quadmenu_add_themeauthenticated

wp_ajax

wp_ajax_quadmenu_compiler_saveauthenticated

wp_ajax

wp_ajax_quadmenu_delete_nav_menu_itemauthenticated

wp_ajax

wp_ajax_quadmenu_delete_themeauthenticated

wp_ajax

wp_ajax_quadmenu_form_widgetauthenticated

wp_ajax

wp_ajax_quadmenu_save_nav_menu_item_settingsauthenticated

wp_ajax

wp_ajax_quadmenu_save_widgetauthenticated

wp_ajax

wp_ajax_quadmenu_update_nav_menu_itemauthenticated

wp_ajax

6 more hidden

Score History

2 score snapshots

+1
1007550250Jun 20, 2026, 12:40 PM UTC Score 24/100 Plugin v3.3.4 Plugin Check 2.0.0 2,129 errors, 455 warningsJun 28, 2026, 04:33 PM UTC Score 25/100 Plugin v3.3.6 Plugin Check 2.0.0 2,128 errors, 455 warningsJun 20, 2026Jun 28, 2026

v3.3.6

25

Latest

Findings
2,583
Errors
2,128
Warnings
455
Check
2.0.0

v3.3.4

24

Score

Findings
2,584
Errors
2,129
Warnings
455
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

37 nodes

Related Plugins

Breadcrumb Block

3k+ active installs

100
Menu In Post

2k+ active installs

100
SideMenu

900 active installs

100
Menu Visibility Control

500 active installs

99