Food Lister Security & Risk Analysis
wordpress.org/plugins/easy-csv-restaurant-menusFood Lister Easy Menu plugin - Create orderable restaurant menus from a CSV file! Includes cost calculator + email order details using Contact Form 7.
Is Food Lister Safe to Use in 2026?
Generally Safe
Score 85/100Food Lister has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "easy-csv-restaurant-menus" plugin version 1.0 presents a mixed security profile. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and implementing nonce and capability checks, which are crucial for protecting against common web vulnerabilities. The absence of known CVEs and a clean vulnerability history further suggests a generally stable and secure development approach so far.
However, significant concerns arise from the static analysis. The presence of the `unserialize` function, a known vector for remote code execution if not handled with extreme care, is a major red flag. Coupled with this is the finding of unsanitized paths in the taint analysis, which, if exploited in conjunction with `unserialize`, could lead to directory traversal or arbitrary file access. The fact that 100% of output is not properly escaped also presents a risk of cross-site scripting (XSS) vulnerabilities, as user-supplied data could be injected into the rendered page without adequate sanitization.
While the plugin has a small attack surface and no known past vulnerabilities, these code-level risks cannot be ignored. The potential for serious compromise exists if the `unserialize` function is used with untrusted input that is also part of an unsanitized path flow, or if unescaped outputs allow for XSS. Developers should prioritize addressing these specific code issues to strengthen the plugin's overall security posture.
Key Concerns
- Dangerous function 'unserialize' used
- Flows with unsanitized paths found
- 0% output escaping
- File operations detected
Food Lister Security Vulnerabilities
Food Lister Code Analysis
Dangerous Functions Found
Output Escaping
Data Flow Analysis
Food Lister Attack Surface
Shortcodes 3
WordPress Hooks 7
Maintenance & Trust
Food Lister Maintenance & Trust
Maintenance Signals
Community Trust
Food Lister Alternatives
VikRestaurants Table Reservations and Take-Away
vikrestaurants
The all-in-one solution to manage your restaurant reservations and take-away or delivery orders.
Easy restaurant menu manager
easy-pdf-restaurant-menu-upload
Restaurant Menu Plugin to effortlessly manage restaurant menus. Delegate uploads: user solely for menu uploads.
Maimenu for Restaurant Menus Plugin
maimenu
FREE service for RESTAURANTS. Create your MENU easily! Join us now on www.maimenu.it!
Open Dining Menu
open-dining-menu
Show your restaurant's menu and take orders from your WordPress-powered site.
Restaurant Menu – Food Ordering System – Table Reservation
menu-ordering-reservations
Create a restaurant menu and start taking food orders online, with no commissions or costs. Table reservations are also available for free.
Food Lister Developer Profile
1 plugin · 10 total installs
How We Detect Food Lister
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/easy-csv-restaurant-menus/js/food_lister_admin.js/wp-content/plugins/easy-csv-restaurant-menus/css/food_lister_admin.css/wp-content/plugins/easy-csv-restaurant-menus/css/jquery-ui.css/wp-content/plugins/easy-csv-restaurant-menus/js/food_lister_admin.jsHTML / DOM Fingerprints
food_lister_noticeid="upload_to_media_button"id="add_cf7_form"name="add_cf7_form"id="add_food_lister_page"name="add_food_lister_page"id="foot_lister_contact_form"+1 more[food_lister menufile=[canape_calc][output_ordered_items]