Does ReDi Restaurant Reservation – Instant Availability & Confirmation have any unpatched vulnerabilities?

No. All known vulnerabilities in ReDi Restaurant Reservation – Instant Availability & Confirmation have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is ReDi Restaurant Reservation – Instant Availability & Confirmation compatible with WordPress 6.9.0?

According to WordPress.org data, ReDi Restaurant Reservation – Instant Availability & Confirmation 26.0.1 has been tested up to WordPress 6.9.0. Check the plugin's changelog for the latest compatibility information.

ReDi Restaurant Reservation – Instant Availability & Confirmation Security & Risk Analysis

wordpress.org/plugins/redi-restaurant-reservation

Get your restaurant booming with the ReDi Reservation plugin! Simplify bookings, offer instant confirmations, and customize settings. Try today!

900 active installs v26.0.1 PHP + WP 5.0.0+ Updated Dec 21, 2025

best-wordpress-restaurant-reservation-pluginonline-reservationrestaurant-booking-pluginrestaurant-reservation-systemtable-booking

A · Safe

CVEs total8

Unpatched0

Last CVEMay 22, 2025

Plugin page Download

Safety Verdict

Is ReDi Restaurant Reservation – Instant Availability & Confirmation Safe to Use in 2026?

Generally Safe

Score 94/100

ReDi Restaurant Reservation – Instant Availability & Confirmation has a strong security track record. Known vulnerabilities have been patched promptly.

8 known CVEsLast CVE: May 22, 2025Updated 3mo ago

Risk Assessment

The 'redi-restaurant-reservation' plugin v26.0.1 presents a mixed security posture. While it demonstrates some good practices, such as using prepared statements for a significant majority of its SQL queries and a low number of critical taint analysis findings, several concerning areas require attention. The presence of 8 AJAX handlers and 8 REST API routes, with a substantial portion (2 AJAX and all 8 REST API) lacking proper authorization checks, creates a significant attack surface that could be exploited by unauthenticated users. This is further amplified by only 3 nonce checks and 4 capability checks across the entire plugin, suggesting insufficient validation of user permissions and actions.

The vulnerability history is a significant red flag, with 8 known CVEs including one high-severity vulnerability and seven medium-severity ones. The historical prevalence of Cross-Site Scripting (XSS), Missing Authorization, and Cross-Site Request Forgery (CSRF) vulnerabilities indicates a pattern of insecure coding practices, particularly concerning input sanitization and access control. The fact that the last vulnerability was reported very recently (2025-05-22) suggests ongoing issues or a delayed patching process. While there are no currently unpatched vulnerabilities, the historical data strongly implies a need for more rigorous security development and testing.

In conclusion, despite some positive aspects like the use of prepared statements and limited critical taint flows, the plugin's security is weakened by a large, inadequately protected attack surface and a history replete with various security flaws. The lack of comprehensive authorization checks on numerous entry points is a primary concern, and the past vulnerability types highlight common weaknesses that need to be addressed proactively. Future development should prioritize robust authentication and authorization mechanisms for all entry points and meticulous input sanitization to prevent the recurrence of past vulnerabilities.

Key Concerns

Multiple unprotected AJAX handlers
Multiple unprotected REST API routes
Limited nonce checks
Limited capability checks
Low percentage of properly escaped output
History of 1 high severity CVE
History of 7 medium severity CVEs
Flows with unsanitized paths

Vulnerabilities

ReDi Restaurant Reservation – Instant Availability & Confirmation Security Vulnerabilities

CVEs by Year

1 CVE in 2021

2021

1 CVE in 2023

2023

5 CVEs in 2024

2024

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

High

Medium

8 total CVEs

CVE-2025-48286medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ReDi Restaurant Reservation <= 24.1209 - Reflected Cross-Site Scripting

May 22, 2025 Patched in 25.0513 (7d)

CVE-2024-9240medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ReDi Restaurant Reservation <= 24.0902 - Reflected Cross-Site Scripting

Oct 16, 2024 Patched in 24.1015 (1d)

CVE-2024-38737medium · 5.3Missing Authorization

ReDi Restaurant Reservation <= 24.0422 - Missing Authorization

Jul 11, 2024 Patched in 24.0712 (7d)

CVE-2024-31385medium · 4.3Cross-Site Request Forgery (CSRF)

ReDi Restaurant Reservation <= 24.0128 - Cross-Site Request Forgery via redi_restaurant_admin_options_page()

Apr 10, 2024 Patched in 24.0303 (7d)

CVE-2024-31299medium · 4.3Cross-Site Request Forgery (CSRF)

ReDi Restaurant Reservation <= 24.0128 - Cross-Site Request Forgery via redi_restaurant_admin_options_page()

Apr 5, 2024 Patched in 24.0303 (7d)

CVE-2024-29806medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ReDi Restaurant Reservation <= 24.0128 - Reflected Cross-Site Scripting

Mar 25, 2024 Patched in 24.0303 (8d)

CVE-2023-36510medium · 5.3Missing Authorization

ReDi Restaurant Reservation <= 23.0211 - Missing Authorization

Jun 22, 2023 Patched in 23.0212 (215d)

CVE-2021-24299high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ReDi Restaurant Reservation <= 21.0307 - Stored Cross-Site Scripting

May 9, 2021 Patched in 21.0426 (989d)

Code Analysis

Analyzed Mar 16, 2026

ReDi Restaurant Reservation – Instant Availability & Confirmation Code Analysis

Dangerous Functions

Raw SQL Queries

14 prepared

Unescaped Output

312

128 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

SQL Query Safety

82% prepared17 total queries

Output Escaping

29% escaped440 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

5 flows3 with unsanitized paths

redi_restaurant_ajax (redi-restaurant-reservation.php:2542)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

10 unprotected

ReDi Restaurant Reservation – Instant Availability & Confirmation Attack Surface

Entry Points17

Unprotected10

AJAX Handlers 8

noprivwp_ajax_redi_restaurant-submitredi-restaurant-reservation.php:149

authwp_ajax_redi_restaurant-submitredi-restaurant-reservation.php:150

noprivwp_ajax_redi_restaurant-page_createredi-restaurant-reservation.php:153

authwp_ajax_redi_restaurant-page_createredi-restaurant-reservation.php:154

noprivwp_ajax_redi_waitlist-submitredi-restaurant-reservation.php:156

authwp_ajax_redi_waitlist-submitredi-restaurant-reservation.php:157

noprivwp_ajax_redi_userfeedback_submitredi-restaurant-reservation.php:159

authwp_ajax_redi_userfeedback_submitredi-restaurant-reservation.php:160

REST API Routes 8

GET/wp-json/redi-restaurant-api/v1/placesredi-restaurant-reservation.php:203

GET/wp-json/redi-restaurant-api/v1/places/(?P<place_id>\d+)/custom-fieldsredi-restaurant-reservation.php:210

GET/wp-json/redi-restaurant-api/v1/places/(?P<place_id>\d+)/menuredi-restaurant-reservation.php:226

GET/wp-json/redi-restaurant-api/v1/places/(?P<place_id>\d+)/day-availabilityredi-restaurant-reservation.php:244

GET/wp-json/redi-restaurant-api/v1/places/(?P<place_id>\d+)/day/(?P<day>\d{4}-\d{2}-\d{2})/time-availabilityredi-restaurant-reservation.php:263

POST/wp-json/redi-restaurant-api/v1/places/(?P<place_id>\d+)/reservationsredi-restaurant-reservation.php:288

GET/wp-json/redi-restaurant-api/v1/reservations/(?P<id>\d+)redi-restaurant-reservation.php:308

PATCH/wp-json/redi-restaurant-api/v1/reservations/(?P<id>\d+)redi-restaurant-reservation.php:345

Shortcodes 1

[redirestaurant] redi-restaurant-reservation.php:164

WordPress Hooks 18

actionadmin_noticesfunctions\notice.php:35

actionadmin_noticesfunctions\notice.php:37

actionadmin_noticesfunctions\notice.php:39

actionadmin_noticesfunctions\notice.php:41

actioninitredi-restaurant-reservation.php:129

actionadmin_menuredi-restaurant-reservation.php:134

actionadmin_menuredi-restaurant-reservation.php:135

actionadmin_enqueue_scriptsredi-restaurant-reservation.php:147

filterhttp_request_timeoutredi-restaurant-reservation.php:162

filterhttp_request_argsredi-restaurant-reservation.php:163

actionredi-reservation-send-confirmation-emailredi-restaurant-reservation.php:166

actionredi-reservation-email-contentredi-restaurant-reservation.php:167

actionredi-reservation-send-confirmation-email-otherredi-restaurant-reservation.php:168

actionrest_api_initredi-restaurant-reservation.php:171

filterplugin_action_linksredi-restaurant-reservation.php:174

filterpre_set_site_transient_update_pluginredi-restaurant-reservation.php:177

actionwp_enqueue_scriptsredi-restaurant-reservation.php:182

actionadmin_footerredi.php:61

Maintenance & Trust

ReDi Restaurant Reservation – Instant Availability & Confirmation Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.0

Last updatedDec 21, 2025

PHP min version

Downloads88K

Community Trust

Rating90/100

Number of ratings27

Active installs900

Alternatives

ReDi Restaurant Reservation – Instant Availability & Confirmation Alternatives

Quick Restaurant Reservations

quick-restaurant-reservations

Manage restaurant reservations the easiest way.

600 1 unpatched

Reservation

reservation

Navotar Car Rental Reservation Plugin enables you to get your car rental reservations directly from your website which is synced real time with the Ca …

100 No CVEs

Online Restaurant Reservation

online-restaurant-reservation

Accept online restaurant reservations and table bookings with ease.

20 No CVEs

Gastro.site Table Reservation

gastro-site-table-reservation

100

Easily integrate the Gastro.site reservation widget into your WordPress website.

0 No CVEs

Developer Profile

ReDi Restaurant Reservation – Instant Availability & Confirmation Developer Profile

catkin

2 plugins · 900 total installs

trust score

Avg Security Score

97/100

Avg Patch Time

155 days

View full developer profile

Detection Fingerprints

How We Detect ReDi Restaurant Reservation – Instant Availability & Confirmation

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/redi-restaurant-reservation/js/redi-custom-fields.js

Script Paths

redi-restaurant-reservation/js/redi-custom-fields.js

Version Parameters

redi-restaurant-reservation/js/redi-custom-fields.js?ver=

HTML / DOM Fingerprints

REST Endpoints

/wp-json/redi-restaurant-reservation/v1/bookings/wp-json/redi-restaurant-reservation/v1/waitlist/wp-json/redi-restaurant-reservation/v1/feedback/wp-json/redi-restaurant-reservation/v1/restaurants/wp-json/redi-restaurant-reservation/v1/opening-hours/wp-json/redi-restaurant-reservation/v1/reservations/wp-json/redi-restaurant-reservation/v1/availability/wp-json/redi-restaurant-reservation/v1/customer-data

Shortcode Output

[redirestaurant]

FAQ