WP-Safety

QRMenu Restaurant QR Menu Lite Security & Risk Analysis

wordpress.org/plugins/qrmenu-lite

QRMenu Lite is an advanced online menu tool for restaurants and other food establishments to manage digital menus right on your websites.

30 active installs v1.0.4 PHP 7.0+ WP 4.6+ Updated May 20, 2025
digital-menuonline-qr-menuqr-menuqr-menu-builderqr-menu-generator
77
B · Generally Safe
CVEs total1
Unpatched1
Last CVENov 18, 2024
Plugin page Download
Safety Verdict

Is QRMenu Restaurant QR Menu Lite Safe to Use in 2026?

Mostly Safe

Score 77/100

QRMenu Restaurant QR Menu Lite is generally safe to use. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Nov 18, 2024Updated 10mo ago
Risk Assessment

The qrmenu-lite plugin version 1.0.4 exhibits a mixed security posture. On the positive side, it demonstrates strong adherence to secure coding practices by utilizing prepared statements for all SQL queries and properly escaping a high percentage of its output. The plugin also implements nonce and capability checks on its entry points, which is a good defense against common web attacks. However, the presence of the `unserialize` function without explicit taint analysis results indicating it's safe is a significant concern, as deserialization vulnerabilities are often critical. Furthermore, a known high-severity vulnerability related to deserialization of untrusted data remains unpatched, indicating a historical pattern of this risk and a critical need for an update. While the static analysis didn't reveal immediate exploit paths for this specific version, the combination of a dangerous function and a historical vulnerability pattern presents a notable risk.

Despite the positive aspects like secure SQL handling and output escaping, the single critical weakness of an unpatched deserialization vulnerability overshadows the plugin's strengths. The existence of the `unserialize` function, even if not directly exploited in the static analysis, makes it a potential vector for future attacks if data is not rigorously validated before being passed to it. The vulnerability history strongly suggests that deserialization is an area where this plugin has struggled. Therefore, users should prioritize updating to a version that has addressed this known high-severity issue to mitigate the risk of data compromise.

Key Concerns

  • Unpatched High Severity CVE
  • Dangerous function unserialize used
Vulnerabilities
1

QRMenu Restaurant QR Menu Lite Security Vulnerabilities

CVEs by Year

1 CVE in 2024 · unpatched
2024
Patched Has unpatched

Severity Breakdown

High
1

1 total CVE

CVE-2024-52445high · 8.8Deserialization of Untrusted Data

QRMenu Restaurant QR Menu Lite <= 1.0.3 - Authenticated (Contributor+) PHP Object Injection

Nov 18, 2024Unpatched
Code Analysis
Analyzed Mar 16, 2026

QRMenu Restaurant QR Menu Lite Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
50
559 escaped
Nonce Checks
5
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
1

Dangerous Functions Found

unserialize$tab1 = unserialize(base64_decode($tab1));core\qrmenu-lite\widgets\menu-items\menu-items.shortcode.php:20

Bundled Libraries

Select2

Output Escaping

92% escaped609 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
qrlite_page_builder_body (inc\builder\builder.php:12)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

QRMenu Restaurant QR Menu Lite Attack Surface

Entry Points4
Unprotected0

AJAX Handlers 3

authwp_ajax_qrlite_import_elementinc\builder\elements\inc.php:50
noprivwp_ajax_qrlite_import_elementinc\builder\elements\inc.php:51
authwp_ajax_qrlite_dismiss_welcome_noticeinc\functions-admin.php:20

Shortcodes 1

[qrlite-menu-items] core\qrmenu-lite\widgets\menu-items\menu-items.shortcode.php:109
WordPress Hooks 33
actionelementor/widgets/registercore\qrmenu-lite\qrmenu-lite.php:22
actionwp_enqueue_scriptscore\qrmenu-lite\qrmenu-lite.php:29
actioncmb2_admin_initinc\admin\settings.general.php:6
actionadmin_menuinc\admin\settings.php:7
actionqrlite_before_wrap_tab_contentinc\admin\settings.php:44
actionqrlite_page_builder_frontendinc\builder\builder.php:11
actionadmin_initinc\builder\builder.save.php:51
actioninitinc\builder\builder.save.php:52
actioninitinc\CPT.php:37
filterpost_type_linkinc\CPT.php:44
filterpre_get_postsinc\CPT.php:60
filterpre_handle_404inc\CPT.php:81
filterpost_row_actionsinc\CPT.php:124
actionadmin_noticesinc\functions-admin.php:19
actionqrlite_page_contentinc\helpers.php:11
actionqrlite_page_contentinc\helpers.php:42
actionwp_enqueue_scriptsinc\helpers.php:214
actionqrlite_builder_qrinc\helpers.php:240
actionqrlite_sharing_panel_qrinc\helpers.php:241
actionqrlite_builder_after_titleinc\helpers.php:254
actionupdate_option_active_pluginsqrmenu-lite.php:24
actioninitqrmenu-lite.php:73
actionadmin_menuqrmenu-lite.php:79
filtertemplate_includeqrmenu-lite.php:85
filterwp_robotsqrmenu-lite.php:100
actionadmin_enqueue_scriptsqrmenu-lite.php:140
actionwp_enqueue_scriptsqrmenu-lite.php:156
actionpre_get_postsqrmenu-lite.php:166
actionwp_enqueue_scriptsqrmenu-lite.php:171
actioninitqrmenu-lite.php:190
actionqrlite_page_headerview\frontend.parts.php:54
actionqrlite_page_headerview\frontend.parts.php:61
filtershow_admin_barview\page_template.php:15
Maintenance & Trust

QRMenu Restaurant QR Menu Lite Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedMay 20, 2025
PHP min version7.0
Downloads4K

Community Trust

Rating20/100
Number of ratings1
Active installs30
Alternatives

QRMenu Restaurant QR Menu Lite Alternatives

MenuMaster – Interactive Mobile-First Restaurant Menu Plugin for WooCommerce

MenuMaster – Interactive Mobile-First Restaurant Menu Plugin for WooCommerce

menumaster-restaurant-menu

A
100

Create mobile-friendly restaurant menus that are easy for customers to access by scanning a QR code. Custom tags and filters make navigation simple, h &hellip;

60 No CVEs
Qreatmenu – Restaurant QR Menu for WooCommerce

Qreatmenu – Restaurant QR Menu for WooCommerce

qreatmenu-restaurant-qr-menu-for-woocommerce

A
85

This plugins helps you to create a Restaurant Menu from WooCommerce products. And generate a QR code for your menu.

10 No CVEs
wMenu Digital Menu and Restaurant Ordering

wMenu Digital Menu and Restaurant Ordering

wmenu-digital-menu-and-restaurant-ordering

A
85

wMenu is restaurant Menu and Ordering plugin. wMenu helps site builders to add restaurant Menu, Wine and Drink list into any WordPress theme.

10 No CVEs
MenuMax – Digital Restaurant Menus

MenuMax – Digital Restaurant Menus

menumax-digital-restaurant-menus

A
100

Create stunning, mobile-responsive digital restaurant menus with drag-and-drop builder, WooCommerce integration, and multi-currency support.

0 No CVEs
GASTROFIX Menu Plugin

GASTROFIX Menu Plugin

vendomat-gastrofix-menu

A
85

Präsentieren Sie ausgewählte Produkte aus der GASTROFIX Kasse direkt auf Ihrer Internet Präsenz. Present selected pdoructs from the GASTROFIX cash re &hellip;

0 No CVEs
Developer Profile

QRMenu Restaurant QR Menu Lite Developer Profile

ModelTheme

3 plugins · 70 total installs

85
trust score
Avg Security Score
87/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect QRMenu Restaurant QR Menu Lite

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/qrmenu-lite/assets/custom-style.css/wp-content/plugins/qrmenu-lite/vendor/bootstrap/css/bootstrap.min.css/wp-content/plugins/qrmenu-lite/vendor/font-awesome/all.min.css/wp-content/plugins/qrmenu-lite/vendor/select2/select2.min.css/wp-content/plugins/qrmenu-lite/vendor/coloris/coloris.min.css/wp-content/plugins/qrmenu-lite/assets/custom-scripts.js/wp-content/plugins/qrmenu-lite/assets/custom-template-style.css/wp-content/plugins/qrmenu-lite/assets/custom-template-scripts.js
Script Paths
/wp-content/plugins/qrmenu-lite/vendor/bootstrap/js/bootstrap.bundle.min.js/wp-content/plugins/qrmenu-lite/vendor/gianniAccordion/gianniAccordion.min.js/wp-content/plugins/qrmenu-lite/vendor/gianniAccordion/gianniAccordion.min2.js/wp-content/plugins/qrmenu-lite/vendor/jquery.repeater/jquery.repeater.min.js/wp-content/plugins/qrmenu-lite/vendor/select2/select2.full.min.js/wp-content/plugins/qrmenu-lite/vendor/coloris/coloris.min.js
Version Parameters
qrmenu-lite/assets/custom-style.css?ver=qrmenu-lite/vendor/bootstrap/css/bootstrap.min.css?ver=qrmenu-lite/vendor/font-awesome/all.min.css?ver=qrmenu-lite/vendor/select2/select2.min.css?ver=qrmenu-lite/vendor/coloris/coloris.min.css?ver=qrmenu-lite/assets/custom-scripts.js?ver=qrmenu-lite/assets/custom-template-style.css?ver=qrmenu-lite/assets/custom-template-scripts.js?ver=qrmenu-lite/vendor/bootstrap/js/bootstrap.bundle.min.js?ver=qrmenu-lite/vendor/gianniAccordion/gianniAccordion.min.js?ver=qrmenu-lite/vendor/gianniAccordion/gianniAccordion.min2.js?ver=qrmenu-lite/vendor/jquery.repeater/jquery.repeater.min.js?ver=qrmenu-lite/vendor/select2/select2.full.min.js?ver=qrmenu-lite/vendor/coloris/coloris.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
qrlite-custom-template-style
Data Attributes
data-bs-toggledata-bs-targetaria-controlsaria-labelledbydata-bs-parent
JS Globals
qrlite_builder_ajax
FAQ

Frequently Asked Questions about QRMenu Restaurant QR Menu Lite