Does Restaurant Menu – Food Ordering System – Table Reservation have any unpatched vulnerabilities?

No. All known vulnerabilities in Restaurant Menu – Food Ordering System – Table Reservation have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Restaurant Menu – Food Ordering System – Table Reservation compatible with WordPress 6.6.5?

According to WordPress.org data, Restaurant Menu – Food Ordering System – Table Reservation 2.4.4 has been tested up to WordPress 6.6.5. Check the plugin's changelog for the latest compatibility information.

Is Restaurant Menu – Food Ordering System – Table Reservation compatible with PHP 5.5.0+?

Restaurant Menu – Food Ordering System – Table Reservation requires PHP 5.5.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

Restaurant Menu – Food Ordering System – Table Reservation Security & Risk Analysis

wordpress.org/plugins/menu-ordering-reservations

Create a restaurant menu and start taking food orders online, with no commissions or costs. Table reservations are also available for free.

8K active installs v2.4.4 PHP 5.5.0+ WP 5.0+ Updated Apr 14, 2025

food-menufood-orderfood-orderingrestaurant-menurestaurant-reservation

A · Safe

CVEs total7

Unpatched0

Last CVENov 19, 2024

Plugin page Download

Safety Verdict

Is Restaurant Menu – Food Ordering System – Table Reservation Safe to Use in 2026?

Generally Safe

Score 96/100

Restaurant Menu – Food Ordering System – Table Reservation has a strong security track record. Known vulnerabilities have been patched promptly.

7 known CVEsLast CVE: Nov 19, 2024Updated 11mo ago

Risk Assessment

The "menu-ordering-reservations" plugin, version 2.4.4, presents a concerning security posture due to a significant number of unprotected entry points, particularly its 17 AJAX handlers lacking authentication checks. While the code analysis shows no dangerous functions or critical taint flows, the high percentage of improperly escaped output (73%) is a significant risk for cross-site scripting (XSS) vulnerabilities. The presence of 4 unsanitized path flows, even if not flagged as critical or high in taint analysis, suggests potential for path traversal or other file-related vulnerabilities.

The plugin's vulnerability history is a major red flag, with 7 known CVEs, including one high severity vulnerability and six medium severity. The recurring types of vulnerabilities (XSS, Missing Authorization, CSRF) indicate a pattern of insecure coding practices, especially concerning authorization and input validation. The fact that the last vulnerability was very recent (2024-11-19) and that there are currently no unpatched CVEs is a positive, but the historical data strongly suggests a predisposition to security flaws.

In conclusion, while the current version may not have critical flaws directly observable in the static analysis and taint flows, the plugin's history of multiple vulnerabilities, particularly those related to authorization and XSS, combined with a large attack surface exposed without proper authentication, makes it a high-risk component. The lack of proper output escaping on a majority of outputs is a critical weakness that could easily lead to new vulnerabilities. It is recommended to exercise extreme caution or consider alternatives until these foundational security issues are addressed.

Key Concerns

17 unprotected AJAX handlers
73% of outputs not properly escaped
1 SQL query without prepared statements
4 unsanitized path flows
1 high severity known CVE
6 medium severity known CVEs
Vulnerability history: XSS, Missing Auth, CSRF

Vulnerabilities

Restaurant Menu – Food Ordering System – Table Reservation Security Vulnerabilities

CVEs by Year

2 CVEs in 2022

2022

2 CVEs in 2023

2023

3 CVEs in 2024

2024

Patched Has unpatched

Severity Breakdown

High

Medium

7 total CVEs

CVE-2024-9653medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Restaurant Menu – Food Ordering System – Table Reservation <= 2.4.2 - Reflected Cross-Site Scripting

Nov 19, 2024 Patched in 2.4.3 (1d)

CVE-2024-1399medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Restaurant Menu and Food Ordering <= 2.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Jun 14, 2024 Patched in 2.4.1 (1d)

CVE-2024-32579medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Restaurant Menu – Food Ordering System – Table Reservation <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Apr 16, 2024 Patched in 2.4.2 (9d)

CVE-2023-32516medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Menu - Ordering - Reservations <= 2.3.6 - Reflected Cross-Site Scripting via 'redirect'

May 9, 2023 Patched in 2.3.7 (259d)

CVE-2022-4657medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Restaurant Menu – Food Ordering System – Table Reservation <= 2.3.5 - Authenticated (Contributor+) Cross-Site Scripting

Jan 4, 2023 Patched in 2.3.6 (384d)

CVE-2022-2696medium · 6.3Missing Authorization

Restaurant Menu – Food Ordering System – Table Reservation <= 2.3.0 - Missing Authorization on AJAX Actions

Oct 31, 2022 Patched in 2.3.1 (449d)

CVE-2022-3776high · 8.8Cross-Site Request Forgery (CSRF)

Restaurant Menu – Food Ordering System – Table Reservation <= 2.3.1 - Cross-Site Request Forgery

Oct 31, 2022 Patched in 2.3.2 (449d)

Code Analysis

Analyzed Mar 17, 2026

Restaurant Menu – Food Ordering System – Table Reservation Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

109

41 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared1 total queries

Output Escaping

27% escaped150 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

6 flows4 with unsanitized paths

glf_validate_form (includes\admin\class-glf-admin-screens.php:353)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

17 unprotected

Restaurant Menu – Food Ordering System – Table Reservation Attack Surface

Entry Points22

Unprotected17

AJAX Handlers 17

authwp_ajax_glf_form_sign_upincludes\admin\class-glf-admin-screens.php:22

authwp_ajax_glf_form_loginincludes\admin\class-glf-admin-screens.php:23

authwp_ajax_glf_form_forgot_passwordincludes\admin\class-glf-admin-screens.php:24

authwp_ajax_glf_form_disconnectincludes\admin\class-glf-admin-screens.php:25

authwp_ajax_glf_set_optionincludes\admin\class-glf-admin-screens.php:27

authwp_ajax_glf_chosen_optionsincludes\admin\class-glf-admin-screens.php:28

authwp_ajax_glf_setup_options_removeincludes\admin\class-glf-admin-screens.php:29

authwp_ajax_glf_get_updated_urlsincludes\admin\class-glf-admin-screens.php:31

authwp_ajax_glf_load_screenincludes\admin\class-glf-admin-screens.php:33

authwp_ajax_glf_trackingincludes\admin\class-glf-admin-screens.php:35

authwp_ajax_glf_create_demo_pageincludes\admin\class-glf-admin-screens.php:37

authwp_ajax_glf_action_ask_for_review_user_responseincludes\modules\ask-for-review\class-glf-module-ask-for-review.php:73

authwp_ajax_glf_action_ask_for_review_cta_clickedincludes\modules\ask-for-review\class-glf-module-ask-for-review.php:74

authwp_ajax_restaurant_system_insert_dialogincludes\modules\classic-editor-mce\class-glf-module-classic-editor-mce.php:10

authwp_ajax_glf_refresh_elementor_widgetincludes\modules\elementor\class-glf-module-elementor.php:41

authwp_ajax_restaurant_system_customize_buttonrestaurant-system.php:85

authwp_ajax_glf_set_default_locationrestaurant-system.php:86

Shortcodes 5

[restaurant-menu-and-ordering] includes\modules\shortcodes\class-glf-module-shortcodes.php:18

[restaurant-reservations] includes\modules\shortcodes\class-glf-module-shortcodes.php:19

[restaurant-full-menu] includes\modules\shortcodes\class-glf-module-shortcodes.php:20

[restaurant-opening-hours] includes\modules\shortcodes\class-glf-module-shortcodes.php:21

[restaurant-promotions] includes\modules\shortcodes\class-glf-module-shortcodes.php:22

WordPress Hooks 28

actionadmin_menuincludes\admin\class-glf-admin-screens.php:46

actionadmin_noticesincludes\modules\ask-for-review\class-glf-module-ask-for-review.php:45

actionask_for_review_messageincludes\modules\ask-for-review\class-glf-module-ask-for-review.php:69

actionelementor/editor/wp_headincludes\modules\elementor\class-glf-module-elementor.php:17

actionelementor/elements/categories_registeredincludes\modules\elementor\class-glf-module-elementor.php:18

actionelementor/widgets/widgets_registeredincludes\modules\elementor\class-glf-module-elementor.php:28

actionelementor/widgets/widgets_registeredincludes\modules\elementor\class-glf-module-elementor.php:30

actionelementor/editor/after_saveincludes\modules\elementor\class-glf-module-elementor.php:32

actioninitincludes\modules\elementor\widgets\food-menu\class-glf-module-elementor-food-menu-widget.php:18

actioninitincludes\modules\elementor\widgets\opening-hours\class-glf-module-elementor-opening-hours-widget.php:18

actioninitincludes\modules\elementor\widgets\promotions\class-glf-module-elementor-promotions-widget.php:18

actioninitincludes\modules\gutenberg\class-glf-module-gutenberg.php:17

actionwp_enqueue_scriptsincludes\modules\gutenberg\class-glf-module-gutenberg.php:18

actionenqueue_block_assetsincludes\modules\gutenberg\class-glf-module-gutenberg.php:20

actionwidgets_initincludes\modules\widgets\class-glf-module-widgets.php:19

actionmedia_buttonsrestaurant-system.php:106

actionadmin_enqueue_scriptsrestaurant-system.php:107

actionwp_loadedrestaurant-system.php:108

actionwp_print_stylesrestaurant-system.php:120

actionwprestaurant-system.php:128

actionglf_cron_check_elementorrestaurant-system.php:129

actionwp_enqueue_scriptsrestaurant-system.php:132

actioninitrestaurant-system.php:133

actionadmin_initrestaurant-system.php:134

actionwpmu_new_blogrestaurant-system.php:135

actionupgrader_process_completerestaurant-system.php:138

actionplugins_loadedrestaurant-system.php:139

actiondelete_postrestaurant-system.php:195

Scheduled Events 1

glf_cron_check_elementor

Maintenance & Trust

Restaurant Menu – Food Ordering System – Table Reservation Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5

Last updatedApr 14, 2025

PHP min version5.5.0

Downloads347K

Community Trust

Rating88/100

Number of ratings54

Active installs8K

Alternatives

Restaurant Menu – Food Ordering System – Table Reservation Alternatives

Orderable – WordPress Restaurant Online Ordering System and Food Ordering Plugin

orderable

Take your restaurant/food business online with the online ordering system plugin for WordPress, Orderable.

6K 1 unpatched

Food Menu – Restaurant Menu & Online Ordering for WooCommerce

tlp-food-menu

A Simple Food & Restaurant Menu Display Plugin for Restaurant, Cafes, Fast Food, Coffee House with WooCommerce Online Ordering.

3K 1 CVE

Single Page Restaurant Menu for WooCommerce

single-page-restaurant-menu-for-woocommerce

This plugin is developed to list all woocommerce products/menus in a single page with category and editable cart information.

10 No CVEs

BookMyOrder – Food ordering, delivery, takeaway and reservation for restaurants

food-ordering-for-restaurants

BookMyOrder WordPress Plugin

0 No CVEs

WPCafe – Restaurant Menu, Online Food Ordering and Reservation Booking Solution

wp-cafe

Complete restaurant solution for restaurant menus, online food ordering, delivery, reservations and booking

6K 9 CVEs

Developer Profile

Restaurant Menu – Food Ordering System – Table Reservation Developer Profile

Gloriafood

2 plugins · 9K total installs

trust score

Avg Security Score

94/100

Avg Patch Time

222 days

View full developer profile

Detection Fingerprints

How We Detect Restaurant Menu – Food Ordering System – Table Reservation

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/menu-ordering-reservations/assets/css/style.css/wp-content/plugins/menu-ordering-reservations/assets/css/frontend.css/wp-content/plugins/menu-ordering-reservations/assets/js/script.js/wp-content/plugins/menu-ordering-reservations/assets/js/script.min.js

Script Paths

/wp-content/plugins/menu-ordering-reservations/assets/js/script.js/wp-content/plugins/menu-ordering-reservations/assets/js/script.min.js

Version Parameters

menu-ordering-reservations/assets/css/style.css?ver=menu-ordering-reservations/assets/css/frontend.css?ver=menu-ordering-reservations/assets/js/script.js?ver=menu-ordering-reservations/assets/js/script.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

glf_restaurant_system_admin_menusglf_customize_button

Data Attributes

data-glf-restaurant-systemdata-glf-customize

JS Globals

GLF_Restaurant_System

FAQ