WP-Safety

Quick Restaurant Reservations Security & Risk Analysis

wordpress.org/plugins/quick-restaurant-reservations

Manage restaurant reservations the easiest way.

600 active installs v1.6.7 PHP + WP 3.5+ Updated Apr 2, 2023
bookingsreservationsrestaurantrestaurant-reservationstable-bookings
56
C · Use Caution
CVEs total3
Unpatched1
Last CVEJan 26, 2026
Plugin page Download
Safety Verdict

Is Quick Restaurant Reservations Safe to Use in 2026?

Use With Caution

Score 56/100

Quick Restaurant Reservations has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

3 known CVEs 1 unpatched Last CVE: Jan 26, 2026Updated 3yr ago
Risk Assessment

The "quick-restaurant-reservations" plugin v1.6.7 presents a mixed security posture. On the positive side, the plugin demonstrates good practices regarding database interactions, exclusively using prepared statements for its SQL queries and having a high percentage of properly escaped output. It also implements nonce and capability checks for a majority of its entry points, and does not perform file operations or external HTTP requests, limiting potential attack vectors. However, a significant concern arises from the large attack surface exposed by unprotected AJAX handlers. Out of 10 total entry points, 9 are unprotected, with 9 AJAX handlers lacking authentication checks. This creates a substantial risk for unauthorized actions.

The vulnerability history of this plugin is also a notable red flag. With 3 known CVEs, and one still unpatched, the plugin has a history of severe security flaws including missing authorization, CSRF, and XSS. The fact that a high-severity vulnerability remains unpatched, and the last vulnerability was recorded very recently, suggests a lack of ongoing security maintenance and a tendency for critical issues to emerge. While the current static analysis shows no direct indication of critical taint flows or dangerous functions, the historical pattern of vulnerabilities, particularly those related to authorization and input validation, combined with the high number of unprotected entry points, points to a significant risk of exploitation.

Key Concerns

  • Unprotected AJAX handlers
  • Currently unpatched high severity CVE
  • Significant historical vulnerability record
  • Flow with unsanitized paths (Taint Analysis)
Vulnerabilities
3

Quick Restaurant Reservations Security Vulnerabilities

CVEs by Year

2 CVEs in 2022
2022
1 CVE in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

High
1
Medium
2

3 total CVEs

CVE-2026-24529medium · 5.3Missing Authorization

Quick Restaurant Reservations <= 1.6.7 - Missing Authorization

Jan 26, 2026Unpatched
CVE-2022-44739high · 8.8Cross-Site Request Forgery (CSRF)

Quick Restaurant Reservations <= 1.5.4 - Cross-Site Request Forgery

Nov 9, 2022 Patched in 1.5.5 (440d)
CVE-2022-29923medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Quick Restaurant Reservations <= 1.4.1 - Reflected Cross-Site Scripting

May 12, 2022 Patched in 1.4.2 (621d)
Code Analysis
Analyzed Mar 16, 2026

Quick Restaurant Reservations Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
6 prepared
Unescaped Output
37
470 escaped
Nonce Checks
7
Capability Checks
7
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared6 total queries

Output Escaping

93% escaped507 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

3 flows1 with unsanitized paths
table_filters (includes\admin\booking\Booking_admin.php:644)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
9 unprotected

Quick Restaurant Reservations Attack Surface

Entry Points10
Unprotected9

AJAX Handlers 9

authwp_ajax_test_schedules_dateincludes\ajax-actions.php:12
noprivwp_ajax_test_schedules_dateincludes\ajax-actions.php:13
authwp_ajax_get_available_hoursincludes\ajax-actions.php:82
noprivwp_ajax_get_available_hoursincludes\ajax-actions.php:83
authwp_ajax_request_bookingincludes\ajax-actions.php:125
noprivwp_ajax_request_bookingincludes\ajax-actions.php:126
authwp_ajax_send_update_emailincludes\ajax-actions.php:234
noprivwp_ajax_send_update_emailincludes\ajax-actions.php:235
authwp_ajax_get_available_hours_allincludes\ajax-actions.php:256

Shortcodes 1

[qrr_form] includes\shortcodes.php:10
WordPress Hooks 43
actionadmin_menuincludes\admin\admin-pages.php:32
actionadmin_menuincludes\admin\admin-pages.php:48
actionadmin_enqueue_scriptsincludes\admin\booking\Booking_admin.php:12
filtermanage_qrr_booking_posts_columnsincludes\admin\booking\Booking_admin.php:14
actionmanage_qrr_booking_posts_custom_columnincludes\admin\booking\Booking_admin.php:15
filterpost_row_actionsincludes\admin\booking\Booking_admin.php:18
filterbulk_actions-edit-qrr_bookingincludes\admin\booking\Booking_admin.php:20
actionadmin_footer-edit.phpincludes\admin\booking\Booking_admin.php:23
actionload-edit.phpincludes\admin\booking\Booking_admin.php:24
actionload-edit.phpincludes\admin\booking\Booking_admin.php:25
actionadmin_noticesincludes\admin\booking\Booking_admin.php:26
filterparse_queryincludes\admin\booking\Booking_admin.php:29
filtermonths_dropdown_resultsincludes\admin\booking\Booking_admin.php:32
actionrestrict_manage_postsincludes\admin\booking\Booking_admin.php:35
actionadmin_initincludes\admin\booking\Booking_admin.php:38
actionadmin_enqueue_scriptsincludes\admin\booking\Booking_edit.php:19
actionadd_meta_boxesincludes\admin\booking\Booking_edit.php:21
actiondo_meta_boxesincludes\admin\booking\Booking_edit.php:22
actionsave_postincludes\admin\booking\Booking_edit.php:23
actionqrr_booking_post_type_before_metaboxesincludes\admin\booking\Booking_edit.php:25
actionqrr_email_sentincludes\admin\booking\Booking_record.php:16
actionadmin_enqueue_scriptsincludes\admin\client\Client_admin.php:13
filtermanage_qrr_client_posts_columnsincludes\admin\client\Client_admin.php:15
actionmanage_qrr_client_posts_custom_columnincludes\admin\client\Client_admin.php:16
actionadd_meta_boxesincludes\admin\client\Client_edit.php:15
actiondo_meta_boxesincludes\admin\client\Client_edit.php:16
actionsave_postincludes\admin\client\Client_edit.php:17
actionadmin_enqueue_scriptsincludes\admin\restaurant\Restaurant_edit.php:16
actionadd_meta_boxesincludes\admin\restaurant\Restaurant_edit.php:18
actiondo_meta_boxesincludes\admin\restaurant\Restaurant_edit.php:21
actionsave_postincludes\admin\restaurant\Restaurant_edit.php:22
actionadmin_initincludes\admin\restaurant\Restaurant_edit.php:26
actionadmin_noticesincludes\admin\restaurant\Restaurant_edit.php:27
actionadmin_enqueue_scriptsincludes\admin\scripts-admin.php:8
actionadmin_initincludes\admin\settings\class-settings.php:8
actionqrr_settings_admin_pageincludes\admin\settings\class-settings.php:17
actionadmin_initincludes\admin\settings\settings.php:18
filterqrr_settings_sanitize_textincludes\admin\settings\settings.php:494
filterqrr_settings_sanitize_textareaincludes\admin\settings\settings.php:507
actionadmin_bar_menuincludes\banner.php:6
actioninitincludes\post-types.php:132
actionwp_enqueue_scriptsincludes\scripts-front.php:54
actionplugins_loadedquick-restaurant-reservations.php:58
Maintenance & Trust

Quick Restaurant Reservations Maintenance & Trust

Maintenance Signals

WordPress version tested6.2.9
Last updatedApr 2, 2023
PHP min version
Downloads25K

Community Trust

Rating98/100
Number of ratings10
Active installs600
Alternatives

Quick Restaurant Reservations Alternatives

Online Restaurant Reservation

Online Restaurant Reservation

online-restaurant-reservation

A
85

Accept online restaurant reservations and table bookings with ease.

20 No CVEs
Five Star Restaurant Reservations – WordPress Booking Plugin

Five Star Restaurant Reservations – WordPress Booking Plugin

restaurant-reservations

A
92

Restaurant reservations made easy. Accept bookings online. Quickly confirm or reject reservations, send email notifications, set booking times and mor &hellip;

10K 9 CVEs
Guestplan Booking Widget

Guestplan Booking Widget

guestplan-booking-widget

A
100

Turn website visitors into guests with our Guestplan Booking Widget for your website. Install our booking widget on your website and turn your visitor &hellip;

1K No CVEs
Alex Reservations: Smart Restaurant Booking

Alex Reservations: Smart Restaurant Booking

alex-reservations

A
96

Restaurant reservations solution to help you manage your daily bookings.

200 2 CVEs
Molzait Widget

Molzait Widget

molzait-widget

A
100

Regain command of your reservation process with Molzait.

40 No CVEs
Developer Profile

Quick Restaurant Reservations Developer Profile

Alejandro

2 plugins · 3K total installs

57
trust score
Avg Security Score
69/100
Avg Patch Time
426 days
View full developer profile
Detection Fingerprints

How We Detect Quick Restaurant Reservations

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/quick-restaurant-reservations/css/custom.css/wp-content/plugins/quick-restaurant-reservations/css/responsive.css/wp-content/plugins/quick-restaurant-reservations/css/select2.css/wp-content/plugins/quick-restaurant-reservations/css/style.css/wp-content/plugins/quick-restaurant-reservations/js/admin.js/wp-content/plugins/quick-restaurant-reservations/js/bootstrap-datepicker.js/wp-content/plugins/quick-restaurant-reservations/js/bootstrap.js/wp-content/plugins/quick-restaurant-reservations/js/custom.js+15 more
Script Paths
/wp-content/plugins/quick-restaurant-reservations/js/admin.js/wp-content/plugins/quick-restaurant-reservations/js/bootstrap-datepicker.js/wp-content/plugins/quick-restaurant-reservations/js/bootstrap.js/wp-content/plugins/quick-restaurant-reservations/js/custom.js/wp-content/plugins/quick-restaurant-reservations/js/datepicker.js/wp-content/plugins/quick-restaurant-reservations/js/gmaps.js+13 more
Version Parameters
quick-restaurant-reservations/css/custom.css?ver=quick-restaurant-reservations/css/responsive.css?ver=quick-restaurant-reservations/css/select2.css?ver=quick-restaurant-reservations/css/style.css?ver=quick-restaurant-reservations/js/admin.js?ver=quick-restaurant-reservations/js/bootstrap-datepicker.js?ver=quick-restaurant-reservations/js/bootstrap.js?ver=quick-restaurant-reservations/js/custom.js?ver=quick-restaurant-reservations/js/datepicker.js?ver=quick-restaurant-reservations/js/gmaps.js?ver=quick-restaurant-reservations/js/jquery.chained.js?ver=quick-restaurant-reservations/js/jquery.form.min.js?ver=quick-restaurant-reservations/js/jquery.maskedinput.js?ver=quick-restaurant-reservations/js/jquery.mobile.custom.min.js?ver=quick-restaurant-reservations/js/jquery.validate.min.js?ver=quick-restaurant-reservations/js/moment.min.js?ver=quick-restaurant-reservations/js/qrr-bookings-admin.js?ver=quick-restaurant-reservations/js/qrr-rest-admin.js?ver=quick-restaurant-reservations/js/qrr-settings.js?ver=quick-restaurant-reservations/js/select2.js?ver=quick-restaurant-reservations/js/tinymce.js?ver=quick-restaurant-reservations/js/timepicker.js?ver=quick-restaurant-reservations/js/validation.js?ver=

HTML / DOM Fingerprints

CSS Classes
qrr-admin-wrapqrr-booking-containerqrr-booking-formqrr-booking-wrapperqrr-rest-admin-wrapqrr-restaurant-formqrr-restaurant-listqrr-restaurant-wrap+1 more
HTML Comments
<!-- Quick Restaurant Reservations --><!-- The code below is for the banner --><!-- Restaurant Addons --><!-- Booking Addons -->+7 more
Data Attributes
data-qrr-iddata-qrr-settingsdata-qrr-restaurant-id
JS Globals
QRRqrr_booking_paramsqrr_restaurant_params
REST Endpoints
/wp-json/qrr/v1/bookings/wp-json/qrr/v1/restaurants
Shortcode Output
[qrr_booking_form][qrr_restaurant_list][qrr_restaurant_details][qrr_booking_calendar]
FAQ

Frequently Asked Questions about Quick Restaurant Reservations