The Advanced Menu Manager plugin for WordPress is not secure in versions up to 2.9.6. This means that unauthenticated attackers can take control of the vulnerable services menu by sending a false request that a site administrator unknowingly follows, such as clicking a link. This is caused by the ‘amm_save_existing_menu’ function not having the proper security measures in place.