WP-Safety

Quick Restaurant Menu Security & Risk Analysis

wordpress.org/plugins/quick-restaurant-menu

Create easily restaurant menus with drag and drop.

2K active installs v2.1.0 PHP + WP 3.5+ Updated Jan 20, 2023
drinkfoodmenurestaurantrestaurant-menu
82
B · Generally Safe
CVEs total5
Unpatched0
Last CVEJan 27, 2023
Plugin page Download
Safety Verdict

Is Quick Restaurant Menu Safe to Use in 2026?

Mostly Safe

Score 82/100

Quick Restaurant Menu is generally safe to use though it hasn't been updated recently. 5 past CVEs were resolved. Keep it updated.

5 known CVEsLast CVE: Jan 27, 2023Updated 3yr ago
Risk Assessment

The quick-restaurant-menu plugin v2.1.0 exhibits a mixed security posture. On the positive side, the code analysis shows a strong adherence to secure coding practices with 100% of SQL queries using prepared statements and a very high rate of output escaping (87%). The absence of dangerous functions, file operations, and external HTTP requests is also commendable. The plugin also implements a reasonable number of nonce and capability checks across its entry points. However, a significant concern arises from the presence of one unprotected AJAX handler, representing a direct entry point without proper authentication, which could lead to unauthorized actions.

The plugin's vulnerability history paints a concerning picture, with a total of 5 known CVEs, including 3 high and 2 medium severity vulnerabilities. The common types of these past vulnerabilities (Missing Authorization, CSRF, Authorization Bypass, XSS) suggest recurring patterns of authorization and input validation issues. Although there are currently no unpatched CVEs, the historical prevalence of these serious vulnerability types indicates a potential for similar issues to resurface if not rigorously addressed. In conclusion, while the plugin demonstrates good secure coding fundamentals in its current version, the past vulnerability record and the identified unprotected AJAX handler necessitate careful monitoring and a proactive approach to security.

Key Concerns

  • Unprotected AJAX handler
  • 5 total known CVEs (3 high, 2 medium)
  • Recurring vulnerability types (Auth, CSRF, XSS)
  • Low percentage of fully escaped outputs (87%)
Vulnerabilities
5

Quick Restaurant Menu Security Vulnerabilities

CVEs by Year

1 CVE in 2022
2022
4 CVEs in 2023
2023
Patched Has unpatched

Severity Breakdown

High
3
Medium
2

5 total CVEs

CVE-2023-0555high · 8.1Missing Authorization

Quick Restaurant Menu <= 2.0.2 - Missing Authorization

Jan 27, 2023 Patched in 2.1.0 (361d)
CVE-2023-0554high · 8.1Cross-Site Request Forgery (CSRF)

Quick Restaurant Menu <= 2.0.2 - Cross-Site Request Forgery

Jan 27, 2023 Patched in 2.1.0 (361d)
CVE-2023-0553medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Quick Restaurant Menu <= 2.0.2 - Authenticated (Administrator+) Cross-Site Scripting

Jan 27, 2023 Patched in 2.1.0 (361d)
CVE-2023-0550high · 8.1Authorization Bypass Through User-Controlled Key

Quick Restaurant Menu <= 2.0.2 - Insecure Direct Object Reference

Jan 27, 2023 Patched in 2.1.0 (361d)
WF-057a440e-4917-45c5-90ab-bb8654eae68f-quick-restaurant-menumedium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Quick Restaurant Menu <= 2.0.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting

Oct 3, 2022 Patched in 2.0.1 (477d)
Code Analysis
Analyzed Mar 16, 2026

Quick Restaurant Menu Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
13
86 escaped
Nonce Checks
5
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

87% escaped99 total outputs
Attack Surface
1 unprotected

Quick Restaurant Menu Attack Surface

Entry Points7
Unprotected1

AJAX Handlers 5

authwp_ajax_erm_update_menu_itemincludes\admin\ajax-functions.php:62
authwp_ajax_erm_delete_menu_itemincludes\admin\ajax-functions.php:86
authwp_ajax_erm_create_menu_itemincludes\admin\ajax-functions.php:129
authwp_ajax_erm_update_list_menu_itemsincludes\admin\ajax-functions.php:157
authwp_ajax_erm_list_menu_itemsincludes\admin\ajax-functions.php:191

Shortcodes 2

[erm_menu] includes\shortcodes.php:49
[erm_menu_week] includes\shortcodes.php:122
WordPress Hooks 30
actionwp_trash_postincludes\admin\actions.php:31
actionuntrash_postincludes\admin\actions.php:53
actionbefore_delete_postincludes\admin\actions.php:75
actionsave_postincludes\admin\actions.php:91
filtermanage_erm_menu_posts_columnsincludes\admin\erm_menu\ERM_menu_Admin.php:10
actionmanage_erm_menu_posts_custom_columnincludes\admin\erm_menu\ERM_menu_Admin.php:11
actionadd_meta_boxesincludes\admin\erm_menu\ERM_menu_Admin.php:13
actionsave_postincludes\admin\erm_menu\ERM_menu_Admin.php:15
actionerm_meta_box_menu_itemsincludes\admin\erm_menu\ERM_menu_Admin.php:23
actionerm_meta_box_footerincludes\admin\erm_menu\ERM_menu_Admin.php:24
filtermanage_erm_menu_item_posts_columnsincludes\admin\erm_menu_item\ERM_menu_item_Admin.php:10
actionmanage_erm_menu_item_posts_custom_columnincludes\admin\erm_menu_item\ERM_menu_item_Admin.php:11
filtermanage_erm_menu_week_posts_columnsincludes\admin\erm_menu_week\ERM_menu_week_Admin.php:10
actionmanage_erm_menu_week_posts_custom_columnincludes\admin\erm_menu_week\ERM_menu_week_Admin.php:11
actionadd_meta_boxesincludes\admin\erm_menu_week\ERM_menu_week_Admin.php:13
actionerm_render_menu_week_meta_boxincludes\admin\erm_menu_week\ERM_menu_week_Admin.php:21
actionerm_render_menu_week_shortcode_meta_boxincludes\admin\erm_menu_week\ERM_menu_week_Admin.php:22
actionadmin_enqueue_scriptsincludes\admin\scripts-admin.php:59
actionadmin_menuincludes\admin\settings\menu-settings.php:13
actionadmin_initincludes\admin\settings\settings.php:27
filtererm_settings_sanitize_textincludes\admin\settings\settings.php:431
filtererm_settings_sanitize_textareaincludes\admin\settings\settings.php:444
actionerm_before_settings_pageincludes\admin\thanks-for-using.php:12
filtererm_filter_priceincludes\misc-functions.php:81
actioninitincludes\post-types.php:135
actionwp_enqueue_scriptsincludes\scripts-front.php:46
filterthe_contentincludes\template-functions.php:27
filterthe_contentincludes\template-functions.php:54
actionerm_after_menu_contentincludes\template-functions.php:72
actionplugins_loadedquick-restaurant-menu.php:69
Maintenance & Trust

Quick Restaurant Menu Maintenance & Trust

Maintenance Signals

WordPress version tested6.0.11
Last updatedJan 20, 2023
PHP min version
Downloads70K

Community Trust

Rating86/100
Number of ratings27
Active installs2K
Alternatives

Quick Restaurant Menu Alternatives

Phoca Restaurant Menu Block

Phoca Restaurant Menu Block

phoca-restaurant-menu-block

A
100

Create menus for various establishments, such as restaurants, cafeterias, fast-food joints, school canteens, buffets, bars, clubs, ...

0 No CVEs
Phoca Restaurant Menu Groups Items Block

Phoca Restaurant Menu Groups Items Block

phoca-restaurant-menu-groups-and-items-block

A
92

Phoca Restaurant Menu Groups and Items Block is a Gutenberg plugin that works together with its parent block Phoca Restaurant Block

0 No CVEs
Restaurant Menu – Food Ordering System – Table Reservation

Restaurant Menu – Food Ordering System – Table Reservation

menu-ordering-reservations

A
96

Create a restaurant menu and start taking food orders online, with no commissions or costs. Table reservations are also available for free.

8K 7 CVEs
Orderable – WordPress Restaurant Online Ordering System and Food Ordering Plugin

Orderable – WordPress Restaurant Online Ordering System and Food Ordering Plugin

orderable

B
75

Take your restaurant/food business online with the online ordering system plugin for WordPress, Orderable.

6K 1 unpatched
Food Menu – Restaurant Menu & Online Ordering for WooCommerce

Food Menu – Restaurant Menu & Online Ordering for WooCommerce

tlp-food-menu

A
99

A Simple Food & Restaurant Menu Display Plugin for Restaurant, Cafes, Fast Food, Coffee House with WooCommerce Online Ordering.

3K 1 CVE
Developer Profile

Quick Restaurant Menu Developer Profile

Alejandro

2 plugins · 3K total installs

57
trust score
Avg Security Score
69/100
Avg Patch Time
426 days
View full developer profile
Detection Fingerprints

How We Detect Quick Restaurant Menu

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/quick-restaurant-menu/assets/js/erm_menu/main.js/wp-content/plugins/quick-restaurant-menu/assets/js/jquery.magnific-popup.min.js/wp-content/plugins/quick-restaurant-menu/assets/js/erm-front-scripts.js/wp-content/plugins/quick-restaurant-menu/assets/css/magnific-popup.css/wp-content/plugins/quick-restaurant-menu/assets/css/erm-front.css
Script Paths
/wp-content/plugins/quick-restaurant-menu/assets/js/erm_menu/main.js/wp-content/plugins/quick-restaurant-menu/assets/js/jquery.magnific-popup.min.js/wp-content/plugins/quick-restaurant-menu/assets/js/erm-front-scripts.js
Version Parameters
quick-restaurant-menu/assets/css/erm-front.css?ver=quick-restaurant-menu/assets/js/erm_menu/main.js?ver=quick-restaurant-menu/assets/js/erm-front-scripts.js?ver=

HTML / DOM Fingerprints

CSS Classes
erm-menu-item
Data Attributes
data-erm-id
JS Globals
ERM_MENU
Shortcode Output
[erm_menu][erm_menu_week]
FAQ

Frequently Asked Questions about Quick Restaurant Menu