WP-Safety

Smart Menupad Security & Risk Analysis

wordpress.org/plugins/smart-menupad

Plugin to keep your menu at one place and sync to your own wordpress website from smart menupad platform.

0 active installs v1.1.0 PHP 7.0+ WP 5.2+ Updated Jul 25, 2022
food-orderonline-ordering-system-for-restaurantsonline-restaurant-menurestaurant-menurestaurant-ordering
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Smart Menupad Safe to Use in 2026?

Generally Safe

Score 85/100

Smart Menupad has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago
Risk Assessment

The smart-menupad plugin v1.1.0 exhibits a mixed security posture. On one hand, it demonstrates good practices by properly escaping a high percentage of its output and avoiding the use of dangerous functions. Its vulnerability history is also clean, with no recorded CVEs, which suggests a history of security consciousness or limited exposure to significant vulnerabilities.

However, significant concerns arise from its attack surface and taint analysis. The presence of three AJAX handlers without any authentication checks creates a substantial risk of unauthorized actions. Furthermore, the taint analysis reveals two high-severity flows with unsanitized paths, indicating potential vulnerabilities where malicious input could lead to unintended and harmful consequences. The low percentage of SQL queries using prepared statements also raises concerns about potential SQL injection vulnerabilities.

Overall, while the plugin has strengths in output escaping and a clean vulnerability history, the unprotected AJAX endpoints and high-severity taint flows present critical security weaknesses that require immediate attention. These issues outweigh the positive aspects and indicate a moderate to high risk.

Key Concerns

  • AJAX handlers without auth checks
  • High severity taint flows with unsanitized paths
  • Low percentage of SQL queries using prepared statements
  • No nonce checks on AJAX endpoints
Vulnerabilities
None known

Smart Menupad Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Smart Menupad Code Analysis

Dangerous Functions
0
Raw SQL Queries
5
1 prepared
Unescaped Output
12
179 escaped
Nonce Checks
0
Capability Checks
1
File Operations
8
External Requests
2
Bundled Libraries
0

SQL Query Safety

17% prepared6 total queries

Output Escaping

94% escaped191 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
SMPCreateShortcode (includes\SMPShortcode.php:27)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

Smart Menupad Attack Surface

Entry Points4
Unprotected3

AJAX Handlers 3

authwp_ajax_update_menuincludes\SMPAjax.php:16
noprivwp_ajax_update_menuincludes\SMPAjax.php:20
authwp_ajax_smp_logoutincludes\SMPLogout.php:11

Shortcodes 1

[smart_menupad] includes\SMPShortcode.php:22
WordPress Hooks 4
actionadmin_menuincludes\SMPInit.php:26
actionadmin_enqueue_scriptsincludes\SMPInit.php:31
actionwp_headincludes\SMPInit.php:35
actionplugins_loadedincludes\SMPInit.php:39
Maintenance & Trust

Smart Menupad Maintenance & Trust

Maintenance Signals

WordPress version tested6.0.11
Last updatedJul 25, 2022
PHP min version7.0
Downloads3K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Smart Menupad Alternatives

AForms Eats

AForms Eats

aforms-eats

A
91

An order form builder for restaurants. You can create comfortable order forms and sell your food online.

400 1 CVE
Restaurant Menu – Food Ordering System – Table Reservation

Restaurant Menu – Food Ordering System – Table Reservation

menu-ordering-reservations

A
96

Create a restaurant menu and start taking food orders online, with no commissions or costs. Table reservations are also available for free.

8K 7 CVEs
Orderable – WordPress Restaurant Online Ordering System and Food Ordering Plugin

Orderable – WordPress Restaurant Online Ordering System and Food Ordering Plugin

orderable

B
75

Take your restaurant/food business online with the online ordering system plugin for WordPress, Orderable.

6K 1 unpatched
Food Menu – Restaurant Menu & Online Ordering for WooCommerce

Food Menu – Restaurant Menu & Online Ordering for WooCommerce

tlp-food-menu

A
99

A Simple Food & Restaurant Menu Display Plugin for Restaurant, Cafes, Fast Food, Coffee House with WooCommerce Online Ordering.

3K 1 CVE
Food Store – Online Food Delivery & Pickup

Food Store – Online Food Delivery & Pickup

food-store

B
78

Food Store is complete online food ordering platform with all your favourite WooCommerce functionalities.

1K 1 unpatched
Developer Profile

Smart Menupad Developer Profile

tawtheme

1 plugin · 0 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Smart Menupad

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/smart-menupad/assets/css/bootstrap.min.css/wp-content/plugins/smart-menupad/assets/css/smp.css/wp-content/plugins/smart-menupad/assets/js/bootstrap.min.js/wp-content/plugins/smart-menupad/assets/js/custom.js
Script Paths
/wp-content/plugins/smart-menupad/assets/js/bootstrap.min.js/wp-content/plugins/smart-menupad/assets/js/custom.js
Version Parameters
smart-menupad/assets/css/bootstrap.min.css?ver=5.0.2smart-menupad/assets/css/smp.css?ver=1.0smart-menupad/assets/js/bootstrap.min.js?ver=5.1.3smart-menupad/assets/js/custom.js?ver=1.0

HTML / DOM Fingerprints

CSS Classes
smp-bs-stylesmp-style
Data Attributes
data-bs-toggledata-bs-target
FAQ

Frequently Asked Questions about Smart Menupad