WP-Safety

Five Star Restaurant Menu and Food Ordering Security & Risk Analysis

wordpress.org/plugins/food-and-drink-menu

Restaurant menu and food ordering system that is easy to set up and integrates with any theme. Includes restaurant menu blocks and patterns.

5K active installs v2.5.0 PHP + WP 6.0+ Updated Jan 8, 2026
mobile-restaurant-menuonline-restaurantrestaurantrestaurant-menurestaurant-order
91
A · Safe
CVEs total5
Unpatched0
Last CVEJun 4, 2024
Plugin page Download
Safety Verdict

Is Five Star Restaurant Menu and Food Ordering Safe to Use in 2026?

Generally Safe

Score 91/100

Five Star Restaurant Menu and Food Ordering has a strong security track record. Known vulnerabilities have been patched promptly.

5 known CVEsLast CVE: Jun 4, 2024Updated 2mo ago
Risk Assessment

The 'food-and-drink-menu' plugin v2.5.0 presents a mixed security posture. While it demonstrates some positive security practices, such as 100% of SQL queries using prepared statements and a significant number of capability checks (18), several concerning indicators warrant attention. The plugin has a notable attack surface with 37 total entry points, and critically, 5 of these (all AJAX handlers) lack authentication checks. This directly exposes these handlers to unauthorized access, potentially leading to various exploits. The static analysis also flagged 3 instances of the `unserialize` function, which is a known vector for deserialization vulnerabilities if not handled with extreme care and robust input validation. The plugin's vulnerability history is particularly concerning, with 5 known CVEs, including 2 critical and 3 medium severity vulnerabilities. The types of past vulnerabilities, such as Missing Authorization, Cross-Site Scripting, CSRF, and Deserialization of Untrusted Data, align with the weaknesses identified in the static analysis (unprotected AJAX handlers and `unserialize` usage). The fact that the last vulnerability was very recent (2024-06-04) and that there are currently no unpatched CVEs is a positive sign, but the historical pattern suggests a recurring susceptibility to certain vulnerability classes. Overall, while some good practices are in place, the significant number of unprotected entry points and the history of critical vulnerabilities necessitate careful consideration and remediation.

Key Concerns

  • Unprotected AJAX handlers
  • Dangerous function: unserialize
  • Total known CVEs: 5
  • 2 Critical CVEs in history
  • 3 Medium CVEs in history
  • Vulnerability types: Missing Authorization
  • Vulnerability types: XSS
  • Vulnerability types: CSRF
  • Vulnerability types: Deserialization
  • Output escaping: 72% properly escaped
Vulnerabilities
5

Five Star Restaurant Menu and Food Ordering Security Vulnerabilities

CVEs by Year

1 CVE in 2021
2021
2 CVEs in 2023
2023
2 CVEs in 2024
2024
Patched Has unpatched

Severity Breakdown

Critical
2
Medium
3

5 total CVEs

CVE-2024-5459medium · 4.3Missing Authorization

Restaurant Menu and Food Ordering <= 2.4.16 - Missing Authorization to Menu Creation

Jun 4, 2024 Patched in 2.4.17 (2d)
CVE-2024-29089medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Five Star Restaurant Menu <= 2.4.14 - Authenticated (Contributor+) Stored Cross-Site Scripting

Mar 15, 2024 Patched in 2.4.15 (6d)
CVE-2023-5340critical · 9.8Deserialization of Untrusted Data

Five Star Restaurant Menu and Food Ordering <= 2.4.10 - Unauthenticated PHP Object Injection

Oct 27, 2023 Patched in 2.4.11 (88d)
CVE-2023-37985medium · 4.3Cross-Site Request Forgery (CSRF)

Restaurant Menu and Food Ordering by Five Star Plugins <= 2.4.6 - Cross-Site Request Forgery via maybe_duplicate_item

Jul 17, 2023 Patched in 2.4.7 (190d)
CVE-2020-29045critical · 9.8Deserialization of Untrusted Data

Five Star Restaurant Menu <= 2.2.0 - Unauthenticated Arbitrary Object Deserialization leading to Remote Code Execution

Jan 11, 2021 Patched in 2.2.1 (1107d)
Code Analysis
Analyzed Mar 16, 2026

Five Star Restaurant Menu and Food Ordering Code Analysis

Dangerous Functions
3
Raw SQL Queries
0
1 prepared
Unescaped Output
249
628 escaped
Nonce Checks
26
Capability Checks
18
File Operations
2
External Requests
3
Bundled Libraries
0

Dangerous Functions Found

unserialize$cart_items = is_array( unserialize( $order_content ) ) ? unserialize( $order_content ) : array();includes\class-ajax.php:139
unserialize$cart_items = is_array( unserialize( $order_content ) ) ? unserialize( $order_content ) : array();includes\class-ajax.php:139
unserialize$this->order_items = unserialize( $post->post_content );includes\class-order-item.php:115

SQL Query Safety

100% prepared1 total queries

Output Escaping

72% escaped877 total outputs
Data Flows
All sanitized

Data Flow Analysis

9 flows
admin_add_item_to_order (includes\class-ajax.php:110)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
5 unprotected

Five Star Restaurant Menu and Food Ordering Attack Surface

Entry Points37
Unprotected5

AJAX Handlers 34

authwp_ajax_fdm_hide_helper_noticefood-and-drink-menu.php:156
authwp_ajax_fdm_hide_new_plugin_noticefood-and-drink-menu.php:160
authwp_ajax_fdm_send_feature_suggestionincludes\class-about-us.php:14
authwp_ajax_fdm_menu_item_detailsincludes\class-ajax.php:16
noprivwp_ajax_fdm_menu_item_detailsincludes\class-ajax.php:17
authwp_ajax_fdm_admin_add_to_orderincludes\class-ajax.php:19
authwp_ajax_fdm_add_to_cartincludes\class-ajax.php:21
noprivwp_ajax_fdm_add_to_cartincludes\class-ajax.php:22
authwp_ajax_fdm_update_cart_qtyincludes\class-ajax.php:24
noprivwp_ajax_fdm_update_cart_qtyincludes\class-ajax.php:25
authwp_ajax_fdm_delete_from_cartincludes\class-ajax.php:27
noprivwp_ajax_fdm_delete_from_cartincludes\class-ajax.php:28
authwp_ajax_fdm_clear_cartincludes\class-ajax.php:30
noprivwp_ajax_fdm_clear_cartincludes\class-ajax.php:31
authwp_ajax_fdm_check_discount_codeincludes\class-ajax.php:33
noprivwp_ajax_fdm_check_discount_codeincludes\class-ajax.php:34
authwp_ajax_fdm_submit_orderincludes\class-ajax.php:36
noprivwp_ajax_fdm_submit_orderincludes\class-ajax.php:37
authwp_ajax_fdm_update_order_progressincludes\class-ajax.php:39
noprivwp_ajax_fdm_update_order_progressincludes\class-ajax.php:40
noprivwp_ajax_fdm-menu-item-priceincludes\class-custom-post-types.php:61
authwp_ajax_fdm-menu-item-priceincludes\class-custom-post-types.php:62
authwp_ajax_fdm_hide_upgrade_boxincludes\class-dashboard.php:23
authwp_ajax_fdm_display_upgrade_boxincludes\class-dashboard.php:24
authwp_ajax_fdm_welcome_add_sectionincludes\class-installation-walkthrough.php:20
authwp_ajax_fdm_welcome_add_menu_itemincludes\class-installation-walkthrough.php:21
authwp_ajax_fdm_welcome_create_menuincludes\class-installation-walkthrough.php:22
authwp_ajax_fdm_welcome_add_menu_pageincludes\class-installation-walkthrough.php:23
authwp_ajax_fdm_stripe_get_intentincludes\class-order-payments.php:20
noprivwp_ajax_fdm_stripe_get_intentincludes\class-order-payments.php:21
authwp_ajax_fdm_stripe_payment_succeedincludes\class-order-payments.php:23
noprivwp_ajax_fdm_stripe_payment_succeedincludes\class-order-payments.php:24
authwp_ajax_fdm_hide_review_askincludes\class-review-ask.php:15
authwp_ajax_fdm_send_feedbackincludes\class-review-ask.php:16

Shortcodes 3

[fdm-menu] includes\template-functions.php:63
[fdm-menu-section] includes\template-functions.php:89
[fdm-menu-item] includes\template-functions.php:116
WordPress Hooks 104
actionplugins_loadedfood-and-drink-menu.php:71
actioninitfood-and-drink-menu.php:72
actioninitfood-and-drink-menu.php:73
actioninitfood-and-drink-menu.php:108
actionadmin_noticesfood-and-drink-menu.php:146
actionadmin_enqueue_scriptsfood-and-drink-menu.php:152
actionadmin_noticesfood-and-drink-menu.php:155
actionadmin_noticesfood-and-drink-menu.php:159
actionwidgets_initfood-and-drink-menu.php:171
filterpre_get_postsfood-and-drink-menu.php:174
filterthe_contentfood-and-drink-menu.php:177
actionwp_footerfood-and-drink-menu.php:180
filterplugin_action_linksfood-and-drink-menu.php:183
actionsplit_shared_termfood-and-drink-menu.php:188
actionupgrader_process_completefood-and-drink-menu.php:190
actionthe_contentfood-and-drink-menu.php:438
actionadmin_footerfood-and-drink-menu.php:552
actionadmin_menuincludes\class-about-us.php:16
actionadmin_menuincludes\class-admin-orders.php:18
actionadmin_headincludes\class-admin-orders.php:21
actionwp_headincludes\class-ajax.php:14
actionplugins_loadedincludes\class-backwards-compatibility.php:16
actioninitincludes\class-blocks.php:19
filterblock_categories_allincludes\class-blocks.php:21
actioncurrent_screenincludes\class-blocks.php:61
actionadmin_initincludes\class-custom-post-types.php:25
actioninitincludes\class-custom-post-types.php:26
actionadmin_menuincludes\class-custom-post-types.php:27
filterfdm_menu_item_taxonomiesincludes\class-custom-post-types.php:28
actionadd_meta_boxesincludes\class-custom-post-types.php:31
actionsave_postincludes\class-custom-post-types.php:32
filterfdm_save_metaincludes\class-custom-post-types.php:33
filtermanage_fdm-menu-item_posts_columnsincludes\class-custom-post-types.php:36
filtermanage_edit-fdm-menu-item_sortable_columnsincludes\class-custom-post-types.php:37
actionpre_get_postsincludes\class-custom-post-types.php:38
actionmanage_fdm-menu-item_posts_custom_columnincludes\class-custom-post-types.php:39
actionrestrict_manage_postsincludes\class-custom-post-types.php:40
filterparse_queryincludes\class-custom-post-types.php:41
actionfdm_show_item_priceincludes\class-custom-post-types.php:42
filterpost_row_actionsincludes\class-custom-post-types.php:43
filtermanage_fdm-menu_posts_columnsincludes\class-custom-post-types.php:46
actionmanage_fdm-menu_posts_custom_columnincludes\class-custom-post-types.php:47
actionfdm-menu-section_add_form_fieldsincludes\class-custom-post-types.php:50
actionfdm-menu-section_edit_form_fieldsincludes\class-custom-post-types.php:51
actioncreate_fdm-menu-sectionincludes\class-custom-post-types.php:52
actionedit_fdm-menu-sectionincludes\class-custom-post-types.php:53
actionfdm-menu-item-flag_add_form_fieldsincludes\class-custom-post-types.php:55
actionfdm-menu-item-flag_edit_form_fieldsincludes\class-custom-post-types.php:56
actionedited_fdm-menu-item-flagincludes\class-custom-post-types.php:57
actioncreate_fdm-menu-item-flagincludes\class-custom-post-types.php:58
filterfdm_ajax_menu_item_priceincludes\class-custom-post-types.php:63
filtertemplate_includeincludes\class-custom-post-types.php:67
actioninitincludes\class-custom-post-types.php:70
actionadmin_menuincludes\class-dashboard.php:19
actioninitincludes\class-dashboard.php:21
actioncurrent_screenincludes\class-deactivation-survey.php:13
actionadmin_enqueue_scriptsincludes\class-deactivation-survey.php:18
actionadmin_footerincludes\class-deactivation-survey.php:19
actionadmin_menuincludes\class-export.php:17
actionadmin_menuincludes\class-export.php:19
actionadmin_menuincludes\class-export.php:20
actionadmin_menuincludes\class-import.php:18
actionadmin_menuincludes\class-import.php:20
actionadmin_noticesincludes\class-import.php:71
actionadmin_noticesincludes\class-import.php:175
actionadmin_menuincludes\class-installation-walkthrough.php:14
actionadmin_headincludes\class-installation-walkthrough.php:15
actionadmin_initincludes\class-installation-walkthrough.php:16
actionadmin_headincludes\class-installation-walkthrough.php:18
actionadmin_initincludes\class-order-manager.php:17
actiontransition_post_statusincludes\class-order-manager.php:19
actionfdm_menu_initincludes\class-order-payments.php:14
actioninitincludes\class-order-payments.php:16
actionfdm_menu_initincludes\class-order-payments.php:18
filterfdm_order_metadata_defaultsincludes\class-order-payments.php:26
actionfdm_order_load_post_dataincludes\class-order-payments.php:27
filterfdm_insert_order_metadataincludes\class-order-payments.php:28
filterfdm_admin_orders_list_row_classesincludes\class-order-payments.php:33
filterfdm_orders_table_column_detailsincludes\class-order-payments.php:34
filterfdm_orders_table_bulk_actionsincludes\class-order-payments.php:35
filterfdm_orders_table_bulk_actionincludes\class-order-payments.php:36
actioninitincludes\class-order-payments.php:94
actionshutdownincludes\class-order-payments.php:95
actioninitincludes\class-patterns.php:18
actioninitincludes\class-patterns.php:19
actionadmin_noticesincludes\class-review-ask.php:13
actionadmin_enqueue_scriptsincludes\class-review-ask.php:18
actioninitincludes\class-settings.php:62
actioninitincludes\class-settings.php:65
filterfdm_menu_argsincludes\class-settings.php:68
filterfdm_shortcode_menu_attsincludes\class-settings.php:69
filterfdm_shortcode_menu_section_attsincludes\class-settings.php:70
filterfdm_shortcode_menu_item_attsincludes\class-settings.php:71
filterbpfwp_settings_pageincludes\integrations\business-profile.php:36
filterbpwfwp_component_callbacksincludes\integrations\business-profile.php:48
filtermanage_edit-fdm-menu_columnsincludes\integrations\wordpress-seo.php:33
filtermanage_edit-fdm-menu-item_columnsincludes\integrations\wordpress-seo.php:34
filterfdm-setting-fdm-pro-styleincludes\template-functions.php:32
filterfdm-sidebarincludes\template-functions.php:37
filterbody_classincludes\template-functions.php:42
filterfdm_orders_table_column_detailsincludes\WP_List_Table.OrdersTable.class.php:139
actionfdm_orders_table_topincludes\WP_List_Table.OrdersTable.class.php:718
actionfdm_orders_table_topincludes\WP_List_Table.OrdersTable.class.php:748
filterfdm_menu_item_classesviews\View.Item.class.php:100
Maintenance & Trust

Five Star Restaurant Menu and Food Ordering Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 8, 2026
PHP min version
Downloads418K

Community Trust

Rating92/100
Number of ratings107
Active installs5K
Alternatives

Five Star Restaurant Menu and Food Ordering Alternatives

Smart Menupad

Smart Menupad

smart-menupad

A
85

Plugin to keep your menu at one place and sync to your own wordpress website from smart menupad platform.

0 No CVEs
RestroPress – Online Food Ordering System

RestroPress – Online Food Ordering System

restropress

F
27

RestroPress is a Food Ordering System for WordPress which will help the restaurant owners to sell their food online.

1K 4 unpatched
AForms Eats

AForms Eats

aforms-eats

A
91

An order form builder for restaurants. You can create comfortable order forms and sell your food online.

400 1 CVE
Restaurant Menu – Food Ordering System – Table Reservation

Restaurant Menu – Food Ordering System – Table Reservation

menu-ordering-reservations

A
96

Create a restaurant menu and start taking food orders online, with no commissions or costs. Table reservations are also available for free.

8K 7 CVEs
Orderable – WordPress Restaurant Online Ordering System and Food Ordering Plugin

Orderable – WordPress Restaurant Online Ordering System and Food Ordering Plugin

orderable

B
75

Take your restaurant/food business online with the online ordering system plugin for WordPress, Orderable.

6K 1 unpatched
Developer Profile

Five Star Restaurant Menu and Food Ordering Developer Profile

Rustaurius

21 plugins · 66K total installs

72
trust score
Avg Security Score
90/100
Avg Patch Time
716 days
View full developer profile
Detection Fingerprints

How We Detect Five Star Restaurant Menu and Food Ordering

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/food-and-drink-menu/assets/css/style.css/wp-content/plugins/food-and-drink-menu/assets/css/frontend.css/wp-content/plugins/food-and-drink-menu/assets/css/frontend-rtl.css/wp-content/plugins/food-and-drink-menu/assets/js/frontend.js/wp-content/plugins/food-and-drink-menu/assets/js/frontend-init.js/wp-content/plugins/food-and-drink-menu/assets/js/frontend-rtl.js/wp-content/plugins/food-and-drink-menu/assets/js/frontend-init-rtl.js/wp-content/plugins/food-and-drink-menu/assets/css/admin.css+9 more
Script Paths
/wp-content/plugins/food-and-drink-menu/assets/js/frontend.js/wp-content/plugins/food-and-drink-menu/assets/js/frontend-init.js/wp-content/plugins/food-and-drink-menu/assets/js/frontend-rtl.js/wp-content/plugins/food-and-drink-menu/assets/js/frontend-init-rtl.js/wp-content/plugins/food-and-drink-menu/assets/js/admin.js/wp-content/plugins/food-and-drink-menu/assets/js/admin-init.js+7 more
Version Parameters
food-and-drink-menu/style.css?ver=food-and-drink-menu/frontend.css?ver=food-and-drink-menu/frontend-rtl.css?ver=food-and-drink-menu/frontend.js?ver=food-and-drink-menu/frontend-init.js?ver=food-and-drink-menu/frontend-rtl.js?ver=food-and-drink-menu/frontend-init-rtl.js?ver=food-and-drink-menu/admin.css?ver=food-and-drink-menu/admin.js?ver=food-and-drink-menu/admin-init.js?ver=food-and-drink-menu/jquery.dd.min.js?ver=food-and-drink-menu/imagesloaded.min.js?ver=food-and-drink-menu/isotope.min.js?ver=food-and-drink-menu/jquery.magnific-popup.min.js?ver=food-and-drink-menu/jquery.fittext.js?ver=food-and-drink-menu/jquery.colorbox.js?ver=food-and-drink-menu/jquery.isotope.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
fdm-menu-itemfdm-menu-titlefdm-menu-descriptionfdm-menu-pricefdm-menu-imagefdm-add-to-cart-buttonfdm-cartfdm-cart-item+8 more
HTML Comments
Five Star Restaurant Menu and Food OrderingThis section is for the Front End onlyThis section is for the Admin only
Data Attributes
data-fdm-menu-iddata-fdm-item-iddata-fdm-add-to-cart-urldata-fdm-cart-update-urldata-fdm-checkout-url
JS Globals
fdm_frontend_paramsfdm_admin_params
REST Endpoints
/wp-json/fdm/v1/cart/add/wp-json/fdm/v1/cart/update/wp-json/fdm/v1/cart/remove/wp-json/fdm/v1/checkout
Shortcode Output
[fdm_menu id="[fdm_menu_item id="[fdm_ordering][fdm_cart]
FAQ

Frequently Asked Questions about Five Star Restaurant Menu and Food Ordering