WP-Safety

Food Store – Online Food Delivery & Pickup Security & Risk Analysis

wordpress.org/plugins/food-store

Food Store is complete online food ordering platform with all your favourite WooCommerce functionalities.

1K active installs v1.5.4 PHP 7.1+ WP 4.0+ Updated Dec 4, 2025
food-deliveryfood-orderingfood-pickuprestaurantrestaurant-menu
78
B · Generally Safe
CVEs total2
Unpatched1
Last CVEJan 6, 2025
Download
Safety Verdict

Is Food Store – Online Food Delivery & Pickup Safe to Use in 2026?

Mostly Safe

Score 78/100

Food Store – Online Food Delivery & Pickup is generally safe to use. 2 past CVEs were resolved. Keep it updated.

2 known CVEs 1 unpatched Last CVE: Jan 6, 2025Updated 4mo ago
Risk Assessment

The 'food-store' plugin v1.5.4 exhibits a mixed security posture. While it demonstrates good practices in SQL query handling (92% prepared statements) and incorporates nonce and capability checks, several significant concerns remain. The static analysis reveals a substantial number of unsanitized paths in taint flows (8 out of 9 analyzed), indicating potential weaknesses in how user input is processed, despite no critical or high severity taint issues being flagged. Furthermore, only 56% of output escaping is properly done, suggesting a moderate risk of Cross-Site Scripting (XSS) vulnerabilities. The plugin's vulnerability history is also a major concern, with two known CVEs, one of which is currently unpatched. The common types of past vulnerabilities, XSS and CSRF, align with the potential risks identified in the static analysis. The presence of an unpatched medium severity vulnerability is a clear and present danger.

Key Concerns

  • Unpatched CVE
  • High number of unsanitized taint flows
  • Low percentage of properly escaped output
  • Bundled outdated library (Freemius v1.0)
Vulnerabilities
2

Food Store – Online Food Delivery & Pickup Security Vulnerabilities

CVEs by Year

1 CVE in 2021
2021
1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-22314medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Food Store – Online Food Delivery & Pickup <= 1.5.2 - Reflected Cross-Site Scripting

Jan 6, 2025Unpatched
WF-1f2d149b-fe63-4fa3-b840-02dc8c5f9323-food-storemedium · 6.3Cross-Site Request Forgery (CSRF)

Food Store < 1.3.7 - Cross-Site Request Forgery

Jun 30, 2021 Patched in 1.3.7 (937d)
Code Analysis
Analyzed Mar 16, 2026

Food Store – Online Food Delivery & Pickup Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
12 prepared
Unescaped Output
242
302 escaped
Nonce Checks
3
Capability Checks
7
File Operations
1
External Requests
0
Bundled Libraries
1

Bundled Libraries

Freemius1.0

SQL Query Safety

92% prepared13 total queries

Output Escaping

56% escaped544 total outputs
Data Flows
8 unsanitized

Data Flow Analysis

9 flows8 with unsanitized paths
update_service_time (includes\class-wfs-ajax.php:617)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Food Store – Online Food Delivery & Pickup Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 85
filterwoocommerce_screen_idsincludes\admin\class-wfs-admin-assets.php:24
actionadmin_enqueue_scriptsincludes\admin\class-wfs-admin-assets.php:25
actionadmin_enqueue_scriptsincludes\admin\class-wfs-admin-assets.php:26
actionadmin_menuincludes\admin\class-wfs-admin-menus.php:26
actionwp_loadedincludes\admin\class-wfs-admin-menus.php:29
actionadmin_bar_menuincludes\admin\class-wfs-admin-menus.php:32
actionsave_postincludes\admin\class-wfs-admin-meta-boxes.php:32
actionadmin_noticesincludes\admin\class-wfs-admin-meta-boxes.php:35
actionshutdownincludes\admin\class-wfs-admin-meta-boxes.php:36
actionadmin_initincludes\admin\class-wfs-admin-meta-boxes.php:37
actionadmin_initincludes\admin\class-wfs-admin-notices.php:20
actioninitincludes\admin\class-wfs-admin.php:23
actionadmin_initincludes\admin\class-wfs-admin.php:24
actionwoocommerce_before_order_itemmetaincludes\admin\class-wfs-admin.php:25
filterwoocommerce_hidden_order_itemmetaincludes\admin\class-wfs-admin.php:26
actionfoodstore_admin_field_tools_settingincludes\admin\settings\class-wfs-settings-advanced.php:28
filterfoodstore_admin_settings_sanitize_option__wfs_tools_settingincludes\admin\settings\class-wfs-settings-advanced.php:29
actionadmin_initincludes\admin\settings\class-wfs-settings-advanced.php:30
actionadmin_initincludes\admin\settings\class-wfs-settings-advanced.php:31
filteradmin_body_classincludes\admin\settings\class-wfs-settings-advanced.php:32
filterfoodstore_settings_tabs_arrayincludes\admin\settings\class-wfs-settings-page.php:40
actionadmin_noticesincludes\class-food-store.php:60
actioninitincludes\class-food-store.php:107
actioninitincludes\class-food-store.php:108
actionafter_setup_themeincludes\class-food-store.php:110
filterplugin_row_metaincludes\class-food-store.php:113
filteradmin_footer_textincludes\class-food-store.php:114
actioninitincludes\class-wfs-ajax.php:24
actiontemplate_redirectincludes\class-wfs-ajax.php:25
actionwp_enqueue_scriptsincludes\class-wfs-frontend-scripts.php:43
actionwp_enqueue_scriptsincludes\class-wfs-frontend-scripts.php:44
actionwp_enqueue_scriptsincludes\class-wfs-frontend-scripts.php:45
actionwp_headincludes\class-wfs-frontend.php:21
actionwoocommerce_before_variations_formincludes\class-wfs-frontend.php:22
filterwoocommerce_get_item_dataincludes\class-wfs-frontend.php:23
actionwoocommerce_checkout_create_order_line_itemincludes\class-wfs-frontend.php:25
actionwoocommerce_order_item_meta_startincludes\class-wfs-frontend.php:26
actionwoocommerce_before_calculate_totalsincludes\class-wfs-frontend.php:27
actionwp_footerincludes\class-wfs-frontend.php:28
actionfoodstore_asap_blockincludes\class-wfs-frontend.php:29
actionwoocommerce_after_checkout_validationincludes\class-wfs-frontend.php:30
actioninitincludes\class-wfs-install.php:35
actionproduct_addon_edit_form_fieldsincludes\class-wfs-metaboxes.php:24
actionproduct_addon_edit_form_fieldsincludes\class-wfs-metaboxes.php:25
actionedited_product_addonincludes\class-wfs-metaboxes.php:26
filterwoocommerce_allow_marketplace_suggestionsincludes\class-wfs-metaboxes.php:27
filterwoocommerce_product_data_tabsincludes\class-wfs-metaboxes.php:28
actionwoocommerce_product_data_panelsincludes\class-wfs-metaboxes.php:29
actionwoocommerce_process_product_metaincludes\class-wfs-metaboxes.php:30
actionproduct_type_selectorincludes\class-wfs-metaboxes.php:31
actionproduct_type_optionsincludes\class-wfs-metaboxes.php:32
filterwoocommerce_products_admin_list_table_filtersincludes\class-wfs-metaboxes.php:33
filtermanage_edit-shop_order_columnsincludes\class-wfs-order.php:25
actionmanage_shop_order_posts_custom_columnincludes\class-wfs-order.php:26
actionwoocommerce_admin_order_data_after_order_detailsincludes\class-wfs-order.php:27
filterwoocommerce_shop_order_search_fieldsincludes\class-wfs-order.php:28
actionwoocommerce_thankyouincludes\class-wfs-order.php:29
actionsave_postincludes\class-wfs-order.php:30
actionwfs_order_status_changedincludes\class-wfs-order.php:31
filterwoocommerce_order_again_cart_item_dataincludes\class-wfs-order.php:32
actionwoocommerce_checkout_processincludes\class-wfs-order.php:33
actioninitincludes\class-wfs-services.php:24
filterwoocommerce_form_field_checkout_asap_fieldsincludes\class-wfs-services.php:27
actionwp_enqueue_scriptsincludes\class-wfs-services.php:28
actionwoocommerce_checkout_before_customer_detailsincludes\class-wfs-services.php:29
actionwoocommerce_checkout_processincludes\class-wfs-services.php:30
actionwoocommerce_checkout_update_order_metaincludes\class-wfs-services.php:33
actionwoocommerce_order_details_after_order_table_itemsincludes\class-wfs-services.php:36
actionwoocommerce_email_after_order_tableincludes\class-wfs-services.php:37
actionwoocommerce_admin_order_data_after_shipping_addressincludes\class-wfs-services.php:38
filtermanage_edit-shop_order_columnsincludes\class-wfs-services.php:39
actionmanage_shop_order_posts_custom_columnincludes\class-wfs-services.php:40
filterwoocommerce_package_ratesincludes\class-wfs-shipping.php:21
filtertransient_shipping-transient-versionincludes\class-wfs-shipping.php:24
actioninitincludes\class-wfs-taxonomies.php:22
filtersupport_forum_urlincludes\wfs-core-functions.php:65
actionwfs_subcategory_titleincludes\wfs-template-hooks.php:14
actionwfs_before_product_summaryincludes\wfs-template-hooks.php:17
actionwfs_product_summaryincludes\wfs-template-hooks.php:18
actionwfs_product_summaryincludes\wfs-template-hooks.php:19
actionwfs_product_summaryincludes\wfs-template-hooks.php:20
actionwfs_after_product_summaryincludes\wfs-template-hooks.php:21
actionwp_footerincludes\wfs-template-hooks.php:24
actionwfs_variable_dataincludes\wfs-template-hooks.php:30
actionwfs_product_addonincludes\wfs-template-hooks.php:33
Maintenance & Trust

Food Store – Online Food Delivery & Pickup Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 4, 2025
PHP min version7.1
Downloads116K

Community Trust

Rating94/100
Number of ratings44
Active installs1K
Alternatives

Food Store – Online Food Delivery & Pickup Alternatives

Reserving – Online Food Ordering & Reservation System

Reserving – Online Food Ordering & Reservation System

reserving

A
92

Reserving is designed for restaurants and food delivery services, helping manage online reservations, table bookings, and efficient delivery operation &hellip;

0 No CVEs
Orderable – WordPress Restaurant Online Ordering System and Food Ordering Plugin

Orderable – WordPress Restaurant Online Ordering System and Food Ordering Plugin

orderable

B
75

Take your restaurant/food business online with the online ordering system plugin for WordPress, Orderable.

6K 1 unpatched
Food Menu – Restaurant Menu & Online Ordering for WooCommerce

Food Menu – Restaurant Menu & Online Ordering for WooCommerce

tlp-food-menu

A
99

A Simple Food & Restaurant Menu Display Plugin for Restaurant, Cafes, Fast Food, Coffee House with WooCommerce Online Ordering.

3K 1 CVE
AForms Eats

AForms Eats

aforms-eats

A
91

An order form builder for restaurants. You can create comfortable order forms and sell your food online.

400 1 CVE
FoodBook Lite – Online Food Ordering System

FoodBook Lite – Online Food Ordering System

foodbook-light-online-food-ordering-system

A
100

Short Description: WooCommerce-based food ordering and restaurant delivery management plugin.

400 No CVEs
Developer Profile

Food Store – Online Food Delivery & Pickup Developer Profile

WP Scripts

1 plugin · 1K total installs

64
trust score
Avg Security Score
78/100
Avg Patch Time
937 days
View full developer profile
Detection Fingerprints

How We Detect Food Store – Online Food Delivery & Pickup

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/food-store/assets/css/menu.css/wp-content/plugins/food-store/assets/css/jquery.timepicker.css/wp-content/plugins/food-store/assets/css/admin.css/wp-content/plugins/food-store/assets/css/foodstore-admin-order.css/wp-content/plugins/food-store/assets/js/admin/jquery.timepicker.js/wp-content/plugins/food-store/assets/js/jquery-tiptip/jquery.tipTip.js/wp-content/plugins/food-store/assets/js/admin/foodstore-admin.js/wp-content/plugins/food-store/assets/js/admin/foodstore-admin-order.js+1 more
Version Parameters
food-store/assets/css/menu.css?ver=food-store/assets/css/jquery.timepicker.css?ver=food-store/assets/css/admin.css?ver=food-store/assets/css/foodstore-admin-order.css?ver=food-store/assets/js/admin/jquery.timepicker.js?ver=food-store/assets/js/jquery-tiptip/jquery.tipTip.js?ver=food-store/assets/js/admin/foodstore-admin.js?ver=food-store/assets/js/admin/foodstore-admin-order.js?ver=food-store/assets/js/admin/foodstore-admin-metaboxes.js?ver=

HTML / DOM Fingerprints

CSS Classes
wfs-admin-order-stylesselect2-dropdownselect2-dropdown--belowselect2-dropdown--aboveselect2-selection--singleselect2-container--focusselect2-container--openselect2-container--default+2 more
Data Attributes
data-selected
JS Globals
WFS
FAQ

Frequently Asked Questions about Food Store – Online Food Delivery & Pickup