WP-Safety

Pickup | Delivery | Dine-in date time Security & Risk Analysis

wordpress.org/plugins/restaurant-pickup-delivery-dine-in

WooCommerce based restaurant ordering system for dine in, pickup and delivery. Let you customers book a table online or place an order for delivery or …

20 active installs v1.0.9 PHP 5.2.4+ WP 3.5+ Updated Apr 7, 2022
delivery-datedelivery-timepickup-datewoocommerce-delivery-datewoocommerce-pickup-date
64
C · Use Caution
CVEs total1
Unpatched1
Last CVEApr 12, 2023
Plugin page Download
Safety Verdict

Is Pickup | Delivery | Dine-in date time Safe to Use in 2026?

Use With Caution

Score 64/100

Pickup | Delivery | Dine-in date time has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Apr 12, 2023Updated 3yr ago
Risk Assessment

The 'restaurant-pickup-delivery-dine-in' plugin v1.0.9 exhibits a concerning security posture despite some positive indicators. While the code analysis shows no dangerous functions, no direct SQL queries, and no file operations, the presence of two unprotected AJAX handlers presents a significant entry point for attackers. The fact that 40% of outputs are not properly escaped raises concerns about potential Cross-Site Scripting (XSS) vulnerabilities, especially when combined with the history of an XSS vulnerability in April 2023. This suggests a pattern of input sanitization and output escaping issues. The plugin also has one unpatched medium severity CVE, which is a critical oversight that leaves users exposed to known exploits. Overall, the lack of comprehensive authentication checks on AJAX endpoints, coupled with the historical vulnerability and the presence of unpatched issues, outweighs the positive aspects of the code analysis, making this plugin a moderate to high risk for WordPress sites.

Key Concerns

  • Unprotected AJAX handlers
  • 40% of outputs not properly escaped
  • One unpatched medium CVE
  • No nonce checks on AJAX handlers
  • No capability checks on AJAX handlers
Vulnerabilities
1

Pickup | Delivery | Dine-in date time Security Vulnerabilities

CVEs by Year

1 CVE in 2023 · unpatched
2023
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2023-0894medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Pickup | Delivery | Dine-in date time <= 1.0.9 - Authenticated (Admin+) Stored Cross-Site Scripting

Apr 12, 2023Unpatched
Code Analysis
Analyzed Mar 16, 2026

Pickup | Delivery | Dine-in date time Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
148
100 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

40% escaped248 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths
byconsolewooodtrestro_footer_script (ByConsoleWooODTRestro.php:3398)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Pickup | Delivery | Dine-in date time Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_get_byconsolewooodtrestro_timeslot_by_selected_dateByConsoleWooODTRestro.php:53
noprivwp_ajax_get_byconsolewooodtrestro_timeslot_by_selected_dateByConsoleWooODTRestro.php:55
WordPress Hooks 26
actionadmin_noticesByConsoleWooODTRestro.php:282
actionplugins_loadedByConsoleWooODTRestro.php:292
actioninitByConsoleWooODTRestro.php:300
actionwidgets_initByConsoleWooODTRestro.php:770
actioninitByConsoleWooODTRestro.php:804
actionwoocommerce_checkout_before_customer_detailsByConsoleWooODTRestro.php:808
actionwoocommerce_checkout_processByConsoleWooODTRestro.php:1268
actionwoocommerce_checkout_update_order_metaByConsoleWooODTRestro.php:1476
actionwoocommerce_admin_order_data_after_shipping_addressByConsoleWooODTRestro.php:1752
actionwoocommerce_order_details_after_order_table_itemsByConsoleWooODTRestro.php:2056
actionwoocommerce_order_details_after_order_tableByConsoleWooODTRestro.php:2076
actionwoocommerce_email_after_order_tableByConsoleWooODTRestro.php:2574
actionwp_enqueue_scriptsByConsoleWooODTRestro.php:2850
actionwp_enqueue_scriptsByConsoleWooODTRestro.php:2906
actionadmin_enqueue_scriptsByConsoleWooODTRestro.php:2970
actionwp_enqueue_scriptsByConsoleWooODTRestro.php:2986
filterwoocommerce_package_ratesByConsoleWooODTRestro.php:3030
actionwp_headByConsoleWooODTRestro.php:3390
actionwp_footerByConsoleWooODTRestro.php:6104
actionwp_footerByConsoleWooODTRestro.php:6112
actionadmin_menuinc\admin.php:15
actionadmin_initinc\admin.php:642
actionadmin_initinc\byconsolewooodtrestro_holiday_management.php:493
actionadmin_initinc\byconsolewooodtrestro_modification_request_details.php:749
actionadmin_initinc\byconsolewooodtrestro_timeslot_setting.php:38
actionadmin_initinc\byconsolewooodtrestro_tweak_features.php:45
Maintenance & Trust

Pickup | Delivery | Dine-in date time Maintenance & Trust

Maintenance Signals

WordPress version tested5.9.13
Last updatedApr 7, 2022
PHP min version5.2.4
Downloads4K

Community Trust

Rating98/100
Number of ratings20
Active installs20
Alternatives

Pickup | Delivery | Dine-in date time Alternatives

Delivery & Pickup Date Time for WooCommerce

Delivery & Pickup Date Time for WooCommerce

woo-delivery

A
100

Gives the facility of selecting delivery/pickup/both date/time/both at order checkout page.

5K No CVEs
WooODT Lite – Delivery & pickup date time location for WooCommerce

WooODT Lite – Delivery & pickup date time location for WooCommerce

byconsole-woo-order-delivery-time

C
61

WooODT Lite is a WooCommerce Delivery & Pickup Date Time extension that gives the facility of selecting delivery/pickup date and time/time slot o &hellip;

500 1 unpatched
PiWeb Delivery & Pickup Date Time for WooCommerce

PiWeb Delivery & Pickup Date Time for WooCommerce

pi-woocommerce-order-date-time-and-type

A
100

WooCommerce delivery date | delivery time | pickup date | pickup time | pickup location

500 1 CVE
AICOSO Pickup and Delivery Date Time for WooCommerce

AICOSO Pickup and Delivery Date Time for WooCommerce

aicoso-pickup-and-delivery-for-woocommerce

A
100

A comprehensive WooCommerce extension that enables customers to choose between home delivery and pickup options with flexible scheduling capabilities.

0 No CVEs
Order Delivery Date And Time

Order Delivery Date And Time

order-delivery-date-and-time

A
100

Order Delivery Date And Time plugin lets customers select delivery/pickup dates and times at checkout page.

1K No CVEs
Developer Profile

Pickup | Delivery | Dine-in date time Developer Profile

mdalabar

5 plugins · 560 total installs

71
trust score
Avg Security Score
76/100
Avg Patch Time
71 days
View full developer profile
Detection Fingerprints

How We Detect Pickup | Delivery | Dine-in date time

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/restaurant-pickup-delivery-dine-in/inc/widget/widget.js/wp-content/plugins/restaurant-pickup-delivery-dine-in/inc/widget/widget.css
Script Paths
/wp-content/plugins/restaurant-pickup-delivery-dine-in/inc/widget/widget.js
Version Parameters
restaurant-pickup-delivery-dine-in/inc/widget/widget.css?ver=restaurant-pickup-delivery-dine-in/inc/widget/widget.js?ver=

HTML / DOM Fingerprints

CSS Classes
byconsolewooodtrestro_widgetbyconsolewooodtrestro_datebyconsolewooodtrestro_timebyconsolewooodtrestro_order_typebyconsolewooodtrestro_guest_countbyconsolewooodtrestro_guest_purpose
HTML Comments
<!-- START BYCONSOLEWOOODTRESTRO WIDGET --><!-- END BYCONSOLEWOOODTRESTRO WIDGET -->
Data Attributes
data-widget-position
JS Globals
byconsolewooodtrestro_settings
REST Endpoints
/wp-json/byconsolewooodtrestro/v1/settings
Shortcode Output
[byconsole_restro_delivery_widget]
FAQ

Frequently Asked Questions about Pickup | Delivery | Dine-in date time