Does Advance Food Menu have any unpatched vulnerabilities?

Yes — Advance Food Menu currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Advance Food Menu compatible with WordPress 4.9.29?

According to WordPress.org data, Advance Food Menu 1.0 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

How often is Advance Food Menu updated?

Advance Food Menu was last updated on Jul 27, 2018. Frequent updates are generally a positive security signal.

What is Advance Food Menu's security score?

Advance Food Menu has a WP-Safety security score of 63/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Advance Food Menu Security & Risk Analysis

wordpress.org/plugins/advance-food-menu

Create a Advance Food Menu!

0 active installs v1.0 PHP + WP 4.0+ Updated Jul 27, 2018

advance-food-menuadvance-food-menu-pluginrestaurantrestaurant-menurestaurant-menu-plugin

C · Use Caution

CVEs total1

Unpatched1

Last CVEAug 22, 2025

Plugin page Download

Safety Verdict

Is Advance Food Menu Safe to Use in 2026?

Use With Caution

Score 63/100

Advance Food Menu has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Aug 22, 2025Updated 7yr ago

Risk Assessment

The "advance-food-menu" v1.0 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by having no dangerous functions, no file operations, no external HTTP requests, and all SQL queries are properly prepared. The static analysis also shows a limited attack surface with no unprotected entry points in terms of AJAX or REST API routes. However, a significant concern is the low percentage of properly escaped output (33%), indicating potential for Cross-Site Scripting (XSS) vulnerabilities, especially given the plugin's history. The complete absence of nonce and capability checks on entry points, while currently not exposed as unprotected, leaves the plugin vulnerable if new entry points are added or existing ones are misused without proper authorization mechanisms in place.

The vulnerability history reveals a pattern of security issues, including a medium-severity XSS vulnerability discovered recently. The fact that this vulnerability remains unpatched is a critical red flag. While the static analysis didn't uncover active taint flows or critical code signals of immediate compromise, the historical data strongly suggests that the plugin's development may not consistently prioritize secure coding practices, particularly regarding output sanitization. Therefore, despite some strengths in specific areas like SQL handling, the unpatched medium vulnerability and the high rate of unescaped output present a substantial risk to users.

Key Concerns

Unpatched medium CVE
Low percentage of properly escaped output
No nonce checks
No capability checks

Vulnerabilities

Advance Food Menu Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-48323medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advance Food Menu <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

Aug 22, 2025Unpatched

Code Analysis

Analyzed Mar 17, 2026

Advance Food Menu Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

4 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

jQuery

Output Escaping

33% escaped12 total outputs

Attack Surface

Advance Food Menu Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[afm_shortcode] includes\advance-food-menu-shortcode.php:106

WordPress Hooks 7

actionwp_enqueue_scriptsadvance-food-menu.php:46

actioninitincludes\advance-food-menu-cpts.php:37

actioninitincludes\advance-food-menu-cpts.php:75

actionadd_meta_boxesincludes\advance-food-menu-meta.php:10

actionsave_postincludes\advance-food-menu-meta.php:37

actionadmin_menuincludes\advance-food-menu-settings.php:7

actionadmin_initincludes\advance-food-menu-settings.php:48

Maintenance & Trust

Advance Food Menu Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedJul 27, 2018

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Advance Food Menu Alternatives

Simple Restaurant Menu

simple-restaurant-menu

Create a simple restaurant menu!

70 1 unpatched

Restaurant Menu – Food Ordering System – Table Reservation

menu-ordering-reservations

Create a restaurant menu and start taking food orders online, with no commissions or costs. Table reservations are also available for free.

8K 7 CVEs

Orderable – WordPress Restaurant Online Ordering System and Food Ordering Plugin

orderable

Take your restaurant/food business online with the online ordering system plugin for WordPress, Orderable.

6K 1 unpatched

Five Star Restaurant Menu and Food Ordering

food-and-drink-menu

Restaurant menu and food ordering system that is easy to set up and integrates with any theme. Includes restaurant menu blocks and patterns.

5K 5 CVEs

Stylish Price List – Price Table Builder & QR Code Restaurant Menu

stylish-price-list

Stop Losing Customers Due to Confusing Pricing - Transform confused visitors into paying customers with crystal-clear price lists that increase conver …

3K 6 CVEs

Developer Profile

Advance Food Menu Developer Profile

Md Abunaser Khan

2 plugins · 10 total installs

trust score

Avg Security Score

74/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Advance Food Menu

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/advance-food-menu/assets/css/bootstrap.min.css/wp-content/plugins/advance-food-menu/assets/css/lightbox.min.css/wp-content/plugins/advance-food-menu/assets/css/afm.css/wp-content/plugins/advance-food-menu/assets/js/bootstrap.min.js/wp-content/plugins/advance-food-menu/assets/js/lightbox-plus-jquery.min.js/wp-content/plugins/advance-food-menu/assets/js/images-loded.min.js/wp-content/plugins/advance-food-menu/assets/js/isotope.min.js/wp-content/plugins/advance-food-menu/assets/js/afm-scripts.js

Script Paths

/wp-content/plugins/advance-food-menu/assets/js/bootstrap.min.js/wp-content/plugins/advance-food-menu/assets/js/lightbox-plus-jquery.min.js/wp-content/plugins/advance-food-menu/assets/js/images-loded.min.js/wp-content/plugins/advance-food-menu/assets/js/isotope.min.js/wp-content/plugins/advance-food-menu/assets/js/afm-scripts.js

Version Parameters

/wp-content/plugins/advance-food-menu/assets/js/bootstrap.min.js?ver=/wp-content/plugins/advance-food-menu/assets/js/lightbox-plus-jquery.min.js?ver=/wp-content/plugins/advance-food-menu/assets/js/images-loded.min.js?ver=/wp-content/plugins/advance-food-menu/assets/js/isotope.min.js?ver=/wp-content/plugins/advance-food-menu/assets/js/afm-scripts.js?ver=

HTML / DOM Fingerprints

CSS Classes

menu-areamenu-listgrid-itemmenu-itemmenu-imagemenu-textthumbnail-11

Data Attributes

data-filterdata-lightboxtitle

Shortcode Output

<div class="menu-area"><div class="menu-list"><button data-filter=

FAQ