Does Simple Restaurant Menu have any unpatched vulnerabilities?

Yes — Simple Restaurant Menu currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Simple Restaurant Menu compatible with WordPress 4.9.29?

According to WordPress.org data, Simple Restaurant Menu 1.2 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

How often is Simple Restaurant Menu updated?

Simple Restaurant Menu was last updated on Jan 19, 2018. Frequent updates are generally a positive security signal.

What is Simple Restaurant Menu's security score?

Simple Restaurant Menu has a WP-Safety security score of 63/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Simple Restaurant Menu Security & Risk Analysis

wordpress.org/plugins/simple-restaurant-menu

Create a simple restaurant menu!

70 active installs v1.2 PHP + WP 4.0+ Updated Jan 19, 2018

restaurantrestaurant-menurestaurant-menu-pluginsimple-restaurant-menusimple-restaurant-menu-plugin

C · Use Caution

CVEs total1

Unpatched1

Last CVESep 22, 2025

Plugin page Download

Safety Verdict

Is Simple Restaurant Menu Safe to Use in 2026?

Use With Caution

Score 63/100

Simple Restaurant Menu has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Sep 22, 2025Updated 8yr ago

Risk Assessment

The "simple-restaurant-menu" v1.2 plugin exhibits a mixed security posture. On the positive side, the static analysis reveals no directly exploitable entry points without authentication, no dangerous functions, and all SQL queries are prepared, indicating good practices in these areas. However, a significant concern is the extremely low rate of proper output escaping (only 3%), suggesting a high likelihood of Cross-Site Scripting (XSS) vulnerabilities, especially considering the common vulnerability type found in its history.

The plugin's vulnerability history, with one unpatched medium severity CVE related to XSS, reinforces the concerns raised by the static analysis. This pattern suggests a recurring issue with input sanitization and output escaping. While the plugin has a small attack surface and appears to implement some basic security checks like nonces and capability checks, the lack of robust output escaping is a critical weakness that could be easily exploited. The absence of taint analysis results doesn't necessarily mean it's secure, but rather that no flows were found, which could be due to limited entry points or the analysis tool's capabilities.

Key Concerns

Unpatched medium severity CVE
Very low rate of output escaping
Common vulnerability type is XSS

Vulnerabilities

Simple Restaurant Menu Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-58647medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Simple Restaurant Menu <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

Sep 22, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

Simple Restaurant Menu Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

1 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

3% escaped40 total outputs

Attack Surface

Simple Restaurant Menu Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[simple-menu] includes\srm-shortcode.php:13

WordPress Hooks 16

filtermanage_edit-srm_menu_columnsincludes\srm-cpts-columns.php:11

filtermanage_edit-srm_menu_item_columnsincludes\srm-cpts-columns.php:28

actionmanage_srm_menu_posts_custom_columnincludes\srm-cpts-columns.php:54

actionmanage_srm_menu_item_posts_custom_columnincludes\srm-cpts-columns.php:92

filtermanage_edit-srm_menu_item_sortable_columnsincludes\srm-cpts-columns.php:208

actioninitincludes\srm-cpts.php:13

actionadd_meta_boxes_srm_menu_itemincludes\srm-menu-item-meta.php:10

actionsave_post_srm_menu_itemincludes\srm-menu-item-meta.php:121

actionadd_meta_boxesincludes\srm-menu-meta.php:10

actionsave_post_srm_menuincludes\srm-menu-meta.php:90

actionwp_enqueue_scriptsincludes\srm-scripts.php:4

actionadmin_enqueue_scriptsincludes\srm-scripts.php:26

actionwp_headincludes\srm-scripts.php:38

actionadmin_menuincludes\srm-settings.php:5

actionadmin_initincludes\srm-settings.php:39

actioninitsimple-restaurant-menu.php:36

Maintenance & Trust

Simple Restaurant Menu Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedJan 19, 2018

PHP min version

Downloads4K

Community Trust

Rating100/100

Number of ratings1

Active installs70

Alternatives

Simple Restaurant Menu Alternatives

Advance Food Menu

advance-food-menu

Create a Advance Food Menu!

0 1 unpatched

Restaurant Menu – Food Ordering System – Table Reservation

menu-ordering-reservations

Create a restaurant menu and start taking food orders online, with no commissions or costs. Table reservations are also available for free.

8K 7 CVEs

Orderable – WordPress Restaurant Online Ordering System and Food Ordering Plugin

orderable

Take your restaurant/food business online with the online ordering system plugin for WordPress, Orderable.

6K 1 unpatched

Five Star Restaurant Menu and Food Ordering

food-and-drink-menu

Restaurant menu and food ordering system that is easy to set up and integrates with any theme. Includes restaurant menu blocks and patterns.

5K 5 CVEs

Stylish Price List – Price Table Builder & QR Code Restaurant Menu

stylish-price-list

Stop Losing Customers Due to Confusing Pricing - Transform confused visitors into paying customers with crystal-clear price lists that increase conver …

3K 6 CVEs

Developer Profile

Simple Restaurant Menu Developer Profile

Will.I.am

1 plugin · 70 total installs

trust score

Avg Security Score

63/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Simple Restaurant Menu

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/simple-restaurant-menu/assets/css/srm-styles.css/wp-content/plugins/simple-restaurant-menu/assets/css/lightbox.css/wp-content/plugins/simple-restaurant-menu/assets/js/public/lightbox.js/wp-content/plugins/simple-restaurant-menu/assets/js/private/prevent.js/wp-content/plugins/simple-restaurant-menu/assets/css/srm-admin.css

Script Paths

/wp-content/plugins/simple-restaurant-menu/assets/js/public/lightbox.js/wp-content/plugins/simple-restaurant-menu/assets/js/private/prevent.js

Version Parameters

simple-restaurant-menu/assets/css/srm-styles.css?ver=simple-restaurant-menu/assets/css/lightbox.css?ver=simple-restaurant-menu/assets/js/public/lightbox.js?ver=simple-restaurant-menu/assets/js/private/prevent.js?ver=simple-restaurant-menu/assets/css/srm-admin.css?ver=

HTML / DOM Fingerprints

CSS Classes

srm-menusrm-clearfixsrm-menu-titlesrm-menu-contentsrm-menu-itemssrm-menu-itemsrm-menu-item-imagesrm-menu-item-text+3 more

HTML Comments

<!--

Register Shortcode

- Query srm-menu for the post with id equal to $atts['id']
- Get the posts from srm-menu-item with a _srm_menu_item_parent_menu meta value of $atts['id']

-->

<!--

Column Titles

Custom Post Type:  srm_menu

-->

<!-- 

Column Titles

Custom Post Type:  srm_menu_item 

-->

<!-- 

Custom Post Type:   srm_menu

Create the shortcode for the srm-menu 

-->

Data Attributes

data-lightboxdata-titlesrm-gallery-

Shortcode Output

<div class="srm-menu srm-clearfix"<div class="srm-menu-title"><div class="srm-menu-content"><ul class="srm-clearfix srm-menu-items menu

FAQ