Does Great Restaurant Menu WP have any unpatched vulnerabilities?

Yes — Great Restaurant Menu WP currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Great Restaurant Menu WP compatible with WordPress 6.6.5?

According to WordPress.org data, Great Restaurant Menu WP 1.4.3 has been tested up to WordPress 6.6.5. Check the plugin's changelog for the latest compatibility information.

How often is Great Restaurant Menu WP updated?

Great Restaurant Menu WP was last updated on Sep 20, 2024. Frequent updates are generally a positive security signal.

What is Great Restaurant Menu WP's security score?

Great Restaurant Menu WP has a WP-Safety security score of 63/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Great Restaurant Menu WP Security & Risk Analysis

wordpress.org/plugins/best-restaurant-menu-by-pricelisto

The fastest and easiest way to create a professional-looking menu or price list for your restaurant or business.

1K active installs v1.4.3 PHP + WP 6.2.0+ Updated Sep 20, 2024

dinner-menufood-menuprice-listrestaurantrestaurant-menu

C · Use Caution

CVEs total4

Unpatched1

Last CVESep 5, 2025

Plugin page Download

Safety Verdict

Is Great Restaurant Menu WP Safe to Use in 2026?

Use With Caution

Score 63/100

Great Restaurant Menu WP has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

4 known CVEs 1 unpatched Last CVE: Sep 5, 2025Updated 1yr ago

Risk Assessment

The 'best-restaurant-menu-by-pricelisto' plugin v1.4.3 presents a mixed security posture. On the positive side, the static analysis shows a robust implementation of security best practices, with a high percentage of SQL queries using prepared statements and properly escaped output. The presence of nonce and capability checks on most entry points is also commendable, and there are no identified unsanitized paths in the taint analysis, indicating good input handling for common web vulnerabilities. However, the plugin's history of four known CVEs, including one high-severity unpatched vulnerability, is a significant concern and suggests a recurring pattern of security weaknesses. The presence of the `unserialize` function, a known dangerous function, as a code signal also warrants caution, especially in conjunction with past vulnerabilities that could exploit deserialization flaws.

Key Concerns

1 unpatched high severity CVE
4 known CVEs historically
5 instances of 'unserialize' function
3 medium severity historical CVEs

Vulnerabilities

Great Restaurant Menu WP Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

2 CVEs in 2024

2024

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

High

Medium

4 total CVEs

CVE-2025-58812medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Best Restaurant Menu by PriceListo <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 5, 2025Unpatched

CVE-2024-49698medium · 4.3Missing Authorization

Best Restaurant Menu by PriceListo <= 1.4.2 - Missing Authorization

Oct 21, 2024 Patched in 1.4.3 (10d)

CVE-2024-38793high · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Best Restaurant Menu by PriceListo <= 1.4.1 - Authenticated (Contributor+) SQL Injection

Jul 22, 2024 Patched in 1.4.2 (11d)

CVE-2023-47649medium · 4.3Cross-Site Request Forgery (CSRF)

Best Restaurant Menu by PriceListo <= 1.3.1 - Cross-Site Request Forgery via menu_page

Nov 7, 2023 Patched in 1.4.0 (143d)

Code Analysis

Analyzed Mar 16, 2026

Great Restaurant Menu WP Code Analysis

Dangerous Functions

Raw SQL Queries

48 prepared

Unescaped Output

265 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$settings = $settings_values ? unserialize( $settings_values ) : false;best-restaurant-menu.php:351

unserialize$settings = unserialize( $wpdb->get_var( $sql ) ); // phpcs:ignore WordPress.DB.PreparedSQL.Notincludes\class-brm-shortcode.php:51

unserialize$settings = unserialize( $settings_value );includes\class-brm-utilities.php:481

unserialize$settings = unserialize( $wpdb->get_var( $sql ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepatemplates\admin\settings.php:20

unserialize$settings = unserialize( $wpdb->get_var( $sql ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepauninstall.php:63

SQL Query Safety

96% prepared50 total queries

Output Escaping

92% escaped288 total outputs

Data Flows

All sanitized

Data Flow Analysis

4 flows

order_nesting_groups_items (includes\admin\class-brm-admin-groups.php:46)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Great Restaurant Menu WP Attack Surface

Entry Points9

Unprotected0

AJAX Handlers 8

authwp_ajax_brm_save_groupincludes\admin\class-brm-admin-groups.php:32

authwp_ajax_brm_edit_groupincludes\admin\class-brm-admin-groups.php:33

authwp_ajax_brm_delete_groupincludes\admin\class-brm-admin-groups.php:34

authwp_ajax_brm_order_nesting_groups_itemsincludes\admin\class-brm-admin-groups.php:35

authwp_ajax_brm_save_itemincludes\admin\class-brm-admin-items.php:32

authwp_ajax_brm_edit_itemincludes\admin\class-brm-admin-items.php:33

authwp_ajax_brm_delete_itemincludes\admin\class-brm-admin-items.php:34

authwp_ajax_brm_shortcode_builder_formincludes\admin\class-brm-admin-shortcode-inserter.php:33

Shortcodes 1

[brm_restaurant_menu] includes\class-brm-shortcode.php:31

WordPress Hooks 17

actionwp_initialize_sitebest-restaurant-menu.php:146

actionwp_delete_sitebest-restaurant-menu.php:147

actionadmin_enqueue_scriptsincludes\admin\class-brm-admin-assets.php:31

actionadmin_enqueue_scriptsincludes\admin\class-brm-admin-assets.php:32

actionadmin_menuincludes\admin\class-brm-admin-menu.php:32

actionadmin_noticesincludes\admin\class-brm-admin-notices.php:38

actionwp_loadedincludes\admin\class-brm-admin-notices.php:39

actionadmin_initincludes\admin\class-brm-admin-shortcode-inserter.php:32

filtermce_external_pluginsincludes\admin\class-brm-admin-shortcode-inserter.php:75

filtermce_buttonsincludes\admin\class-brm-admin-shortcode-inserter.php:76

actionwp_enqueue_scriptsincludes\class-brm-assets.php:48

actionwp_enqueue_scriptsincludes\class-brm-assets.php:49

filterpage_attributes_dropdown_pages_argsincludes\class-brm-menu-template.php:43

filtertheme_page_templatesincludes\class-brm-menu-template.php:45

filterwp_insert_post_dataincludes\class-brm-menu-template.php:48

filtertemplate_includeincludes\class-brm-menu-template.php:49

actionbrm_after_template_partincludes\class-brm-shortcode.php:32

Maintenance & Trust

Great Restaurant Menu WP Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5

Last updatedSep 20, 2024

PHP min version

Downloads25K

Community Trust

Rating100/100

Number of ratings12

Active installs1K

Alternatives

Great Restaurant Menu WP Alternatives

Restaurant Menu – Food Ordering System – Table Reservation

menu-ordering-reservations

Create a restaurant menu and start taking food orders online, with no commissions or costs. Table reservations are also available for free.

8K 7 CVEs

Orderable – WordPress Restaurant Online Ordering System and Food Ordering Plugin

orderable

Take your restaurant/food business online with the online ordering system plugin for WordPress, Orderable.

6K 1 unpatched

Stylish Price List – Price Table Builder & QR Code Restaurant Menu

stylish-price-list

Stop Losing Customers Due to Confusing Pricing - Transform confused visitors into paying customers with crystal-clear price lists that increase conver …

3K 6 CVEs

Food Menu – Restaurant Menu & Online Ordering for WooCommerce

tlp-food-menu

A Simple Food & Restaurant Menu Display Plugin for Restaurant, Cafes, Fast Food, Coffee House with WooCommerce Online Ordering.

3K 1 CVE

Restaurant Menu and Food Ordering

mp-restaurant-menu

Create and maintain modern online menus for almost any kind of restaurant. Sell food and beverages online. All in one plugin.

2K 4 CVEs

Developer Profile

Great Restaurant Menu WP Developer Profile

PriceListo

1 plugin · 1K total installs

trust score

Avg Security Score

63/100

Avg Patch Time

55 days

View full developer profile

Detection Fingerprints

How We Detect Great Restaurant Menu WP

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/best-restaurant-menu-by-pricelisto/assets/css/frontend.css/wp-content/plugins/best-restaurant-menu-by-pricelisto/assets/css/style.css/wp-content/plugins/best-restaurant-menu-by-pricelisto/assets/js/frontend.js

Script Paths

/wp-content/plugins/best-restaurant-menu-by-pricelisto/assets/js/frontend.js

Version Parameters

best-restaurant-menu-by-pricelisto/assets/css/frontend.css?ver=best-restaurant-menu-by-pricelisto/assets/css/style.css?ver=best-restaurant-menu-by-pricelisto/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

brm-menu-containerbrm-menu-itembrm-menu-item-titlebrm-menu-item-descriptionbrm-menu-item-pricebrm-menu-groupbrm-menu-group-title

HTML Comments

Data Attributes

data-brm-iddata-brm-menu-id

JS Globals

brm_frontend_params

REST Endpoints

/wp-json/brm/v1/menu//wp-json/brm/v1/item//wp-json/brm/v1/group/

Shortcode Output

[brm_menu id=""[brm_menu id='"'

FAQ