Foodlist Security & Risk Analysis
wordpress.org/plugins/foodlistAllows you to build restaurant/bar/café menu.
Is Foodlist Safe to Use in 2026?
Generally Safe
Score 85/100Foodlist has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The foodlist plugin v1.13 exhibits a concerning security posture despite a clean vulnerability history and a seemingly small attack surface. The static analysis reveals significant weaknesses in output escaping, with 100% of identified output not being properly escaped. This is a critical vulnerability, as it opens the door to Cross-Site Scripting (XSS) attacks if any user-supplied data is displayed without proper sanitization. The absence of nonce checks and capability checks, coupled with a complete lack of authentication checks on AJAX handlers and permission callbacks for REST API routes (though none are present, the potential remains), further exacerbates the risk. The plugin also bundles an outdated version of Select2 (v3.4.2), which could itself contain undiscovered vulnerabilities.
Key Concerns
- Output escaping is not implemented
- Bundled outdated library (Select2 v3.4.2)
- Lack of capability checks
- Lack of nonce checks
Foodlist Security Vulnerabilities
Foodlist Code Analysis
Bundled Libraries
SQL Query Safety
Output Escaping
Foodlist Attack Surface
WordPress Hooks 4
Maintenance & Trust
Foodlist Maintenance & Trust
Maintenance Signals
Community Trust
Foodlist Alternatives
Restaurant Menu and Food Ordering
mp-restaurant-menu
Create and maintain modern online menus for almost any kind of restaurant. Sell food and beverages online. All in one plugin.
Easy restaurant menu manager
easy-pdf-restaurant-menu-upload
Restaurant Menu Plugin to effortlessly manage restaurant menus. Delegate uploads: user solely for menu uploads.
Restaurant Menu Manager
restaurant-menu-manager
Create restaurant menu in WordPress, group different menu items, display them in a list or jQuery accordion or tabs.
Elegance Menu
elegance-menu
Elegant Menu plugin designed to display for a variety of businesses, including restaurants, cafes, fast food outlets, coffee houses, salons, and more.
MenuMaster – Interactive Mobile-First Restaurant Menu Plugin for WooCommerce
menumaster-restaurant-menu
Create mobile-friendly restaurant menus that are easy for customers to access by scanning a QR code. Custom tags and filters make navigation simple, h …
Foodlist Developer Profile
3 plugins · 140 total installs
How We Detect Foodlist
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/foodlist/assets/css/style.css/wp-content/plugins/foodlist/assets/css/menu-builder.css/wp-content/plugins/foodlist/assets/css/admin.css/wp-content/plugins/foodlist/assets/js/foodlist-admin.js/wp-content/plugins/foodlist/assets/js/menu-builder.js/wp-content/plugins/foodlist/assets/js/foodlist.js/wp-content/plugins/foodlist/assets/js/foodlist-admin.js/wp-content/plugins/foodlist/assets/js/menu-builder.js/wp-content/plugins/foodlist/assets/js/foodlist.jsfoodlist/assets/css/style.css?ver=foodlist/assets/css/menu-builder.css?ver=foodlist/assets/css/admin.css?ver=foodlist/assets/js/foodlist-admin.js?ver=foodlist/assets/js/menu-builder.js?ver=foodlist/assets/js/foodlist.js?ver=HTML / DOM Fingerprints
foodlist-menufoodlist-menu-itemfoodlist-menu-categoryfoodlist-menu-pricefoodlist-menu-descriptionfoodlist-menu-titlefoodlist-menu-imagefoodlist-menu-section+9 moredata-foodlist-menu-iddata-foodlist-menu-item-iddata-foodlist-menu-category-idfoodlist_paramsfoodlist_admin_params/wp-json/foodlist/v1/menu/wp-json/foodlist/v1/menu-item/wp-json/foodlist/v1/menu-category[foodlist_menu id=""][foodlist_menu_category id=""]