WP-Safety

RestaurantPress Security & Risk Analysis

wordpress.org/plugins/restaurantpress

Allows you to create awesome restaurant menus for restaurants, bars, and cafes in no time.

600 active installs v1.8.1 PHP + WP 4.7+ Updated May 27, 2020
appetizercafefoodmenurestaurant
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is RestaurantPress Safe to Use in 2026?

Generally Safe

Score 85/100

RestaurantPress has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago
Risk Assessment

The static analysis of RestaurantPress v1.8.1 reveals a generally positive security posture with good development practices in place. The plugin demonstrates a strong commitment to security by having zero known CVEs, no unpatched vulnerabilities, and no critical or high-severity taint flows identified. The majority of SQL queries utilize prepared statements, and a high percentage of output is properly escaped, significantly reducing the risk of common web vulnerabilities like SQL injection and cross-site scripting (XSS). Nonce and capability checks are also present, indicating an effort to protect against unauthorized actions.

However, there are minor areas for improvement. While the attack surface appears small with no directly exposed AJAX handlers, REST API routes, or shortcodes, the presence of a single cron event warrants attention. It's crucial to ensure this cron event is adequately secured and doesn't introduce any unintended vulnerabilities. The static analysis also identified external HTTP requests, which, depending on their implementation, could represent a potential attack vector if not handled with utmost care to prevent SSRF or other related issues. The bundling of libraries like Select2 and TinyMCE, while common, also necessitates diligence in ensuring they are kept up-to-date to avoid inheriting vulnerabilities from these dependencies.

Overall, RestaurantPress v1.8.1 exhibits a robust security foundation. The absence of historical vulnerabilities and the strong static analysis results are very encouraging. The identified minor concerns do not detract significantly from its secure standing but suggest continued vigilance in maintaining secure coding practices and dependency management.

Key Concerns

  • 1 cron event present
  • 3 external HTTP requests
  • Bundled libraries (Select2, TinyMCE)
Vulnerabilities
None known

RestaurantPress Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

RestaurantPress Release Timeline

v1.8.1Current
v1.8.0
v1.7.0
v1.6.0
v1.5.0
v1.4.2
v1.4.1
v1.4.0
v1.3.2
v1.3.1
v1.3
v1.2
v1.1.6
v1.1
v1.0.0
Code Analysis
Analyzed Mar 16, 2026

RestaurantPress Code Analysis

Dangerous Functions
0
Raw SQL Queries
15
19 prepared
Unescaped Output
163
761 escaped
Nonce Checks
6
Capability Checks
13
File Operations
0
External Requests
3
Bundled Libraries
2

Bundled Libraries

Select2TinyMCE

SQL Query Safety

56% prepared34 total queries

Output Escaping

82% escaped924 total outputs
Attack Surface

RestaurantPress Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 197
actionsave_postincludes\abstracts\abstract-rp-widget.php:70
actiondeleted_postincludes\abstracts\abstract-rp-widget.php:71
actionswitch_themeincludes\abstracts\abstract-rp-widget.php:72
actionadmin_enqueue_scriptsincludes\admin\class-rp-admin-assets.php:29
actionadmin_enqueue_scriptsincludes\admin\class-rp-admin-assets.php:30
actionadmin_menuincludes\admin\class-rp-admin-menus.php:30
actionadmin_menuincludes\admin\class-rp-admin-menus.php:31
actionadmin_menuincludes\admin\class-rp-admin-menus.php:34
actionadmin_headincludes\admin\class-rp-admin-menus.php:37
filtermenu_orderincludes\admin\class-rp-admin-menus.php:38
filtercustom_menu_orderincludes\admin\class-rp-admin-menus.php:39
actionadd_meta_boxesincludes\admin\class-rp-admin-meta-boxes.php:41
actionadd_meta_boxesincludes\admin\class-rp-admin-meta-boxes.php:42
actionadd_meta_boxesincludes\admin\class-rp-admin-meta-boxes.php:43
actionsave_postincludes\admin\class-rp-admin-meta-boxes.php:44
actionrestaurantpress_process_food_menu_metaincludes\admin\class-rp-admin-meta-boxes.php:47
actionrestaurantpress_process_food_menu_metaincludes\admin\class-rp-admin-meta-boxes.php:48
actionrestaurantpress_process_food_group_metaincludes\admin\class-rp-admin-meta-boxes.php:51
actionadmin_noticesincludes\admin\class-rp-admin-meta-boxes.php:54
actionshutdownincludes\admin\class-rp-admin-meta-boxes.php:55
actionwp_loadedincludes\admin\class-rp-admin-notices.php:41
actionshutdownincludes\admin\class-rp-admin-notices.php:42
actionadmin_print_stylesincludes\admin\class-rp-admin-notices.php:45
actionadmin_noticesincludes\admin\class-rp-admin-notices.php:138
actionadmin_noticesincludes\admin\class-rp-admin-notices.php:140
actionadmin_enqueue_scriptsincludes\admin\class-rp-admin-pointers.php:25
actioncurrent_screenincludes\admin\class-rp-admin-post-types.php:39
actioncheck_ajax_refererincludes\admin\class-rp-admin-post-types.php:40
filterpost_updated_messagesincludes\admin\class-rp-admin-post-types.php:43
filterbulk_post_updated_messagesincludes\admin\class-rp-admin-post-types.php:44
actionedit_form_topincludes\admin\class-rp-admin-post-types.php:47
filterenter_title_hereincludes\admin\class-rp-admin-post-types.php:48
actioncurrent_screenincludes\admin\class-rp-admin-post-types.php:49
filterdefault_hidden_meta_boxesincludes\admin\class-rp-admin-post-types.php:50
actionpost_submitbox_misc_actionsincludes\admin\class-rp-admin-post-types.php:51
filterdisplay_post_statesincludes\admin\class-rp-admin-post-types.php:54
actionedit_form_after_titleincludes\admin\class-rp-admin-post-types.php:227
actiondelete_termincludes\admin\class-rp-admin-taxonomies.php:25
actionfood_menu_cat_add_form_fieldsincludes\admin\class-rp-admin-taxonomies.php:28
actionfood_menu_cat_edit_form_fieldsincludes\admin\class-rp-admin-taxonomies.php:29
actioncreated_termincludes\admin\class-rp-admin-taxonomies.php:30
actionedit_termincludes\admin\class-rp-admin-taxonomies.php:31
filtermanage_edit-food_menu_cat_columnsincludes\admin\class-rp-admin-taxonomies.php:34
filtermanage_food_menu_cat_custom_columnincludes\admin\class-rp-admin-taxonomies.php:35
actionfood_menu_cat_pre_add_formincludes\admin\class-rp-admin-taxonomies.php:38
filterwp_terms_checklist_argsincludes\admin\class-rp-admin-taxonomies.php:41
actionadmin_initincludes\admin\class-rp-admin-tinymce.php:25
filtertiny_mce_versionincludes\admin\class-rp-admin-tinymce.php:26
filtermce_external_languagesincludes\admin\class-rp-admin-tinymce.php:27
filtermce_buttonsincludes\admin\class-rp-admin-tinymce.php:49
filtermce_external_pluginsincludes\admin\class-rp-admin-tinymce.php:50
actioninitincludes\admin\class-rp-admin.php:25
actioncurrent_screenincludes\admin\class-rp-admin.php:26
actionadmin_initincludes\admin\class-rp-admin.php:27
actionadmin_footerincludes\admin\class-rp-admin.php:28
filteradmin_footer_textincludes\admin\class-rp-admin.php:29
actionmanage_posts_extra_tablenavincludes\admin\list-tables\abstract-class-rp-admin-list-table.php:43
filterview_mode_post_typesincludes\admin\list-tables\abstract-class-rp-admin-list-table.php:44
actionrestrict_manage_postsincludes\admin\list-tables\abstract-class-rp-admin-list-table.php:45
filterrequestincludes\admin\list-tables\abstract-class-rp-admin-list-table.php:46
filterpost_row_actionsincludes\admin\list-tables\abstract-class-rp-admin-list-table.php:47
filterdefault_hidden_columnsincludes\admin\list-tables\abstract-class-rp-admin-list-table.php:48
filterlist_table_primary_columnincludes\admin\list-tables\abstract-class-rp-admin-list-table.php:49
filterrestaurantpress_settings_tabs_arrayincludes\admin\settings\class-rp-settings-page.php:41
actionafter_setup_themeincludes\class-restaurantpress.php:117
actionafter_setup_themeincludes\class-restaurantpress.php:118
actioninitincludes\class-restaurantpress.php:119
actioninitincludes\class-restaurantpress.php:120
actioninitincludes\class-restaurantpress.php:121
actioninitincludes\class-restaurantpress.php:122
actionswitch_blogincludes\class-restaurantpress.php:123
actioninitincludes\class-rp-ajax.php:27
actiontemplate_redirectincludes\class-rp-ajax.php:28
actionadmin_noticesincludes\class-rp-cache-helper.php:25
actionwp_enqueue_scriptsincludes\class-rp-frontend-scripts.php:44
actioncustomize_preview_initincludes\class-rp-frontend-scripts.php:45
actionwp_print_scriptsincludes\class-rp-frontend-scripts.php:46
actionwp_print_footer_scriptsincludes\class-rp-frontend-scripts.php:47
actionwp_footerincludes\class-rp-frontend-scripts.php:265
actioninitincludes\class-rp-group-block.php:20
actionenqueue_block_assetsincludes\class-rp-group-block.php:21
actionenqueue_block_editor_assetsincludes\class-rp-group-block.php:22
actioninitincludes\class-rp-install.php:72
actioninitincludes\class-rp-install.php:73
actionadmin_initincludes\class-rp-install.php:74
actionin_plugin_update_message-restaurantpress/restaurantpress.phpincludes\class-rp-install.php:75
filterplugin_row_metaincludes\class-rp-install.php:77
filterwpmu_drop_tablesincludes\class-rp-install.php:78
filteroembed_response_dataincludes\class-rp-post-data.php:27
actioninitincludes\class-rp-post-types.php:25
actioninitincludes\class-rp-post-types.php:26
actioninitincludes\class-rp-post-types.php:27
filterrest_api_allowed_post_typesincludes\class-rp-post-types.php:28
actionrestaurantpress_after_register_post_typeincludes\class-rp-post-types.php:29
actionrestaurantpress_flush_rewrite_rulesincludes\class-rp-post-types.php:30
filtergutenberg_can_edit_post_typeincludes\class-rp-post-types.php:31
filteruse_block_editor_for_post_typeincludes\class-rp-post-types.php:32
actioninitincludes\class-rp-query.php:36
actionwp_loadedincludes\class-rp-query.php:38
filterquery_varsincludes\class-rp-query.php:39
actionparse_requestincludes\class-rp-query.php:40
actionpre_get_postsincludes\class-rp-query.php:41
actionwpincludes\class-rp-query.php:42
filterredirect_canonicalincludes\class-rp-query.php:156
filterintermediate_image_sizesincludes\class-rp-regenerate-images-request.php:103
filterintermediate_image_sizes_advancedincludes\class-rp-regenerate-images-request.php:106
filterwp_generate_attachment_metadataincludes\class-rp-regenerate-images.php:40
filterwp_get_attachment_image_srcincludes\class-rp-regenerate-images.php:44
actionupdate_option_restaurantpress_thumbnail_croppingincludes\class-rp-regenerate-images.php:49
actionupdate_option_restaurantpress_thumbnail_image_widthincludes\class-rp-regenerate-images.php:50
actionupdate_option_restaurantpress_single_image_widthincludes\class-rp-regenerate-images.php:51
actionafter_switch_themeincludes\class-rp-regenerate-images.php:52
filterintermediate_image_sizesincludes\class-rp-regenerate-images.php:223
actionshutdownincludes\class-rp-session-handler.php:87
actionwp_logoutincludes\class-rp-session-handler.php:88
filternonce_user_logged_outincludes\class-rp-session-handler.php:91
filtertemplate_includeincludes\class-rp-template-loader.php:20
actioncustomize_registerincludes\customizer\class-rp-customizer.php:20
actioncustomize_save_afterincludes\customizer\class-rp-customizer.php:21
actioncustomize_controls_print_stylesincludes\customizer\class-rp-customizer.php:22
actioncustomize_controls_print_scriptsincludes\customizer\class-rp-customizer.php:23
filterrestaurantpress_short_descriptionincludes\rp-core-functions.php:26
filterrestaurantpress_short_descriptionincludes\rp-core-functions.php:27
filterrestaurantpress_short_descriptionincludes\rp-core-functions.php:28
filterrestaurantpress_short_descriptionincludes\rp-core-functions.php:29
filterrestaurantpress_short_descriptionincludes\rp-core-functions.php:30
filterrestaurantpress_short_descriptionincludes\rp-core-functions.php:31
filterrestaurantpress_short_descriptionincludes\rp-core-functions.php:32
filterrestaurantpress_short_descriptionincludes\rp-core-functions.php:33
filterrestaurantpress_short_descriptionincludes\rp-core-functions.php:34
filterrestaurantpress_short_descriptionincludes\rp-core-functions.php:35
filterrewrite_rules_arrayincludes\rp-core-functions.php:726
filterplugin_localeincludes\rp-core-functions.php:871
filterextra_plugin_headersincludes\rp-core-functions.php:928
actionrestaurantpress_installedincludes\rp-core-functions.php:961
actionrestaurantpress_cleanup_sessionsincludes\rp-core-functions.php:1010
filterpost_type_linkincludes\rp-food-functions.php:106
filterrestaurantpress_admin_settings_sanitize_option_restaurantpress_price_decimal_sepincludes\rp-formatting-functions.php:380
filterrestaurantpress_admin_settings_sanitize_option_restaurantpress_price_thousand_sepincludes\rp-formatting-functions.php:381
filterrestaurantpress_admin_settings_sanitize_option_restaurantpress_price_num_decimalsincludes\rp-formatting-functions.php:395
actionrestaurantpress_before_menu_loopincludes\rp-notice-functions.php:141
actionrestaurantpress_before_single_foodincludes\rp-notice-functions.php:142
actiontemplate_redirectincludes\rp-template-functions.php:23
actionwp_headincludes\rp-template-functions.php:35
actionthe_postincludes\rp-template-functions.php:58
actionrestaurantpress_before_menu_loopincludes\rp-template-functions.php:98
actionrestaurantpress_after_menu_loopincludes\rp-template-functions.php:108
filterrestaurantpress_single_food_zoom_enabledincludes\rp-template-functions.php:261
filterbody_classincludes\rp-template-hooks.php:15
filterpost_classincludes\rp-template-hooks.php:16
filterget_the_generator_htmlincludes\rp-template-hooks.php:23
filterget_the_generator_xhtmlincludes\rp-template-hooks.php:24
actionrestaurantpress_before_main_contentincludes\rp-template-hooks.php:32
actionrestaurantpress_after_main_contentincludes\rp-template-hooks.php:33
actionrestaurantpress_before_menu_loop_item_summaryincludes\rp-template-hooks.php:41
actionrestaurantpress_before_single_food_summaryincludes\rp-template-hooks.php:42
actionrestaurantpress_sidebarincludes\rp-template-hooks.php:49
actionrestaurantpress_archive_descriptionincludes\rp-template-hooks.php:56
actionrestaurantpress_no_foods_foundincludes\rp-template-hooks.php:63
actionrestaurantpress_before_menu_loop_item_summaryincludes\rp-template-hooks.php:73
actionrestaurantpress_menu_loop_item_summaryincludes\rp-template-hooks.php:74
actionrestaurantpress_menu_loop_item_summaryincludes\rp-template-hooks.php:75
actionrestaurantpress_menu_loop_item_summaryincludes\rp-template-hooks.php:76
actionrestaurantpress_before_single_food_summaryincludes\rp-template-hooks.php:84
actionrestaurantpress_food_thumbnailsincludes\rp-template-hooks.php:85
actionrestaurantpress_after_single_food_summaryincludes\rp-template-hooks.php:92
actionrestaurantpress_single_food_summaryincludes\rp-template-hooks.php:104
actionrestaurantpress_single_food_summaryincludes\rp-template-hooks.php:105
actionrestaurantpress_single_food_summaryincludes\rp-template-hooks.php:106
actionrestaurantpress_single_food_summaryincludes\rp-template-hooks.php:107
actionrestaurantpress_single_food_summaryincludes\rp-template-hooks.php:108
actionrestaurantpress_single_food_summaryincludes\rp-template-hooks.php:109
actionrestaurantpress_after_menu_loopincludes\rp-template-hooks.php:116
filterrestaurantpress_food_tabsincludes\rp-template-hooks.php:121
filterrestaurantpress_food_tabsincludes\rp-template-hooks.php:122
actionwp_footerincludes\rp-template-hooks.php:129
actionsplit_shared_termincludes\rp-term-functions.php:45
actionwp_upgradeincludes\rp-term-functions.php:64
actionwidgets_initincludes\rp-widget-functions.php:28
actionrestaurantpress_before_main_contentincludes\theme-support\class-rp-twenty-eleven.php:25
actionrestaurantpress_after_main_contentincludes\theme-support\class-rp-twenty-eleven.php:26
actionrestaurantpress_before_main_contentincludes\theme-support\class-rp-twenty-fifteen.php:25
actionrestaurantpress_after_main_contentincludes\theme-support\class-rp-twenty-fifteen.php:26
actionrestaurantpress_before_main_contentincludes\theme-support\class-rp-twenty-fourteen.php:25
actionrestaurantpress_after_main_contentincludes\theme-support\class-rp-twenty-fourteen.php:26
actionrestaurantpress_before_main_contentincludes\theme-support\class-rp-twenty-seventeen.php:25
actionrestaurantpress_after_main_contentincludes\theme-support\class-rp-twenty-seventeen.php:26
filterrestaurantpress_enqueue_stylesincludes\theme-support\class-rp-twenty-seventeen.php:27
filtertwentyseventeen_custom_colors_cssincludes\theme-support\class-rp-twenty-seventeen.php:28
actionrestaurantpress_before_main_contentincludes\theme-support\class-rp-twenty-sixteen.php:25
actionrestaurantpress_after_main_contentincludes\theme-support\class-rp-twenty-sixteen.php:26
actionrestaurantpress_before_main_contentincludes\theme-support\class-rp-twenty-ten.php:25
actionrestaurantpress_after_main_contentincludes\theme-support\class-rp-twenty-ten.php:26
actionrestaurantpress_before_main_contentincludes\theme-support\class-rp-twenty-thirteen.php:25
actionrestaurantpress_after_main_contentincludes\theme-support\class-rp-twenty-thirteen.php:26
actionrestaurantpress_before_main_contentincludes\theme-support\class-rp-twenty-twelve.php:25
actionrestaurantpress_after_main_contentincludes\theme-support\class-rp-twenty-twelve.php:26

Scheduled Events 1

restaurantpress_cleanup_sessions
Maintenance & Trust

RestaurantPress Maintenance & Trust

Maintenance Signals

WordPress version tested5.4.19
Last updatedMay 27, 2020
PHP min version
Downloads53K

Community Trust

Rating90/100
Number of ratings8
Active installs600
Alternatives

RestaurantPress Alternatives

Restaurant Menu and Food Ordering

Restaurant Menu and Food Ordering

mp-restaurant-menu

A
95

Create and maintain modern online menus for almost any kind of restaurant. Sell food and beverages online. All in one plugin.

2K 4 CVEs
Restaurant Menu Cart

Restaurant Menu Cart

mprm-menu-cart

A
92

Displays a shopping cart of Restaurant Menu plugin in your menu bar.

300 No CVEs
Restaurant Menu Manager

Restaurant Menu Manager

restaurant-menu-manager

A
85

Create restaurant menu in WordPress, group different menu items, display them in a list or jQuery accordion or tabs.

100 No CVEs
MenuMaster – Interactive Mobile-First Restaurant Menu Plugin for WooCommerce

MenuMaster – Interactive Mobile-First Restaurant Menu Plugin for WooCommerce

menumaster-restaurant-menu

A
100

Create mobile-friendly restaurant menus that are easy for customers to access by scanning a QR code. Custom tags and filters make navigation simple, h …

70 No CVEs
Elegance Menu

Elegance Menu

elegance-menu

A
98

Elegant Menu plugin designed to display for a variety of businesses, including restaurants, cafes, fast food outlets, coffee houses, salons, and more.

60 1 CVE
Developer Profile

RestaurantPress Developer Profile

wpeverest

5 plugins · 161K total installs

67
trust score
Avg Security Score
83/100
Avg Patch Time
134 days
View full developer profile
Detection Fingerprints

How We Detect RestaurantPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/restaurantpress/assets/css/menu.css/wp-content/plugins/restaurantpress/assets/css/admin.css/wp-content/plugins/restaurantpress/assets/css/widgets.css/wp-content/plugins/restaurantpress/assets/js/admin/admin.js/wp-content/plugins/restaurantpress/assets/js/admin/admin.min.js/wp-content/plugins/restaurantpress/assets/js/jquery-blockui/jquery.blockUI.js/wp-content/plugins/restaurantpress/assets/js/jquery-blockui/jquery.blockUI.min.js/wp-content/plugins/restaurantpress/assets/js/jquery-tiptip/jquery.tipTip.js+13 more
Version Parameters
/assets/css/menu.css?ver=/assets/css/admin.css?ver=/assets/css/widgets.css?ver=/assets/js/admin/admin.js?ver=/assets/js/jquery-blockui/jquery.blockUI.js?ver=/assets/js/jquery-tiptip/jquery.tipTip.js?ver=/assets/js/admin/meta-boxes.js?ver=/assets/js/admin/enhanced-select.js?ver=/assets/js/accounting/accounting.js?ver=/assets/js/admin/meta-boxes-food.js?ver=/assets/js/admin/meta-boxes-group.js?ver=

HTML / DOM Fingerprints

CSS Classes
restaurantpress-menu-widgetrestaurantpress-menu-item-titlerestaurantpress-menu-item-descriptionrestaurantpress-menu-item-pricerp-admin-fieldrp-admin-field-wraprp-add-to-cart-buttonrp-food-menu-grid
HTML Comments
<!-- Generated by RestaurantPress --><!-- RestaurantPress Menu Start --><!-- RestaurantPress Menu End -->
Data Attributes
data-rp-menu-iddata-rp-item-iddata-rp-pricedata-rp-currency
JS Globals
RestaurantPressrp_enhanced_select_paramsaccounting_paramsrestaurantpress_admin
REST Endpoints
/wp-json/restaurantpress/
Shortcode Output
[restaurantpress_menu][rp_menu][restaurantpress_add_to_cart][rp_add_to_cart]
FAQ

Frequently Asked Questions about RestaurantPress