WP-Safety

Food Menu – Restaurant Menu & Online Ordering for WooCommerce Security & Risk Analysis

wordpress.org/plugins/tlp-food-menu

A Simple Food & Restaurant Menu Display Plugin for Restaurant, Cafes, Fast Food, Coffee House with WooCommerce Online Ordering.

3K active installs v5.3.3 PHP 7.4+ WP 5.0+ Updated Feb 16, 2026
food-deliveryfood-menufood-orderingrestaurantrestaurant-menu
99
A · Safe
CVEs total1
Unpatched0
Last CVEJan 30, 2025
Plugin page Download
Safety Verdict

Is Food Menu – Restaurant Menu & Online Ordering for WooCommerce Safe to Use in 2026?

Generally Safe

Score 99/100

Food Menu – Restaurant Menu & Online Ordering for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jan 30, 2025Updated 1mo ago
Risk Assessment

The "tlp-food-menu" plugin v5.3.3 exhibits a mixed security posture. While it demonstrates good practices such as 100% prepared SQL statements and a high rate of output escaping (97%), there are several significant concerns. The presence of 3 AJAX handlers without authentication checks represents a substantial attack surface. Furthermore, the taint analysis reveals 2 high-severity flows with unsanitized paths, indicating potential for sensitive data leakage or unintended execution.

The vulnerability history shows a single known medium-severity CVE, which is currently patched. This suggests a past issue related to missing authorization, a pattern that aligns with the findings of unprotected AJAX handlers in the static analysis. The plugin's strengths lie in its careful handling of SQL queries and output. However, the identified unprotected entry points and high-severity taint flows are critical weaknesses that require immediate attention to mitigate potential risks.

Key Concerns

  • Unprotected AJAX handlers
  • High severity taint flows with unsanitized paths
  • Use of unserialize function
  • Bundled outdated library (Select2)
Vulnerabilities
1

Food Menu – Restaurant Menu & Online Ordering for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2024-13415medium · 4.3Missing Authorization

Food Menu – Restaurant Menu & Online Ordering for WooCommerce <= 5.1.4 - Missing Authorization to Authenticated (Subscriber+) Settings Update

Jan 30, 2025 Patched in 5.2.0 (1d)
Code Analysis
Analyzed Mar 16, 2026

Food Menu – Restaurant Menu & Online Ordering for WooCommerce Code Analysis

Dangerous Functions
14
Raw SQL Queries
0
4 prepared
Unescaped Output
35
1033 escaped
Nonce Checks
14
Capability Checks
7
File Operations
0
External Requests
0
Bundled Libraries
1

Dangerous Functions Found

unserialize$mobileItems = unserialize( $mobileItems );app\Controllers\Admin\Ajax\Preview.php:164
unserialize$cats = unserialize( $cats );app\Controllers\Admin\Ajax\Preview.php:946
unserialize$arg['items'] = unserialize( $arg['items'] );app\Controllers\Admin\Ajax\Preview.php:1082
unserialize$mobileItems = unserialize( $mobileItems[0] );app\Controllers\Frontend\Shortcode.php:98
unserialize$cats = unserialize( $cats[0] );app\Controllers\Frontend\Shortcode.php:272
unserialize$customImg = isset( $scMeta['fmp_custom_image_size'] ) && ! empty( $scMeta['fmp_custom_image_size']app\Controllers\Frontend\Shortcode.php:338
unserialize$arg['items'] = unserialize( $arg['items'][0] );app\Helpers\RenderHelpers.php:513
unserialize$title = ( ! empty( $scMeta['fmp_title_style'][0] ) ? unserialize( $scMeta['fmp_title_style'][0] ) :app\Helpers\RenderHelpers.php:627
unserialize$price = ( ! empty( $scMeta['fmp_price_style'][0] ) ? unserialize( $scMeta['fmp_price_style'][0] ) :app\Helpers\RenderHelpers.php:665
unserialize$btn_typo = ( ! empty( $scMeta['fmp_button_typo'][0] ) ? unserialize( $scMeta['fmp_button_typo'][0] app\Helpers\RenderHelpers.php:875
unserialize$categoryBanner = ( ! empty( $scMeta['fmp_category_style'][0] ) ? array_filter( unserialize( $scMetaapp\Helpers\RenderHelpers.php:930
unserialize$contentWrap = ( ! empty( $scMeta['fmp_content_wrap'][0] ) ? unserialize( $scMeta['fmp_content_wrap'app\Helpers\RenderHelpers.php:1022
unserialize$sectionWrap = ( ! empty( $scMeta['fmp_section_wrap'][0] ) ? unserialize( $scMeta['fmp_section_wrap'app\Helpers\RenderHelpers.php:1046
unserialize$cats = unserialize( $cats[0] );app\Models\QueryArgs.php:206

Bundled Libraries

Select2

SQL Query Safety

100% prepared4 total queries

Output Escaping

97% escaped1068 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

4 flows3 with unsanitized paths
fmp_minicart_quantity (app\Controllers\MiniCart\MiniCartHooks.php:263)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

Food Menu – Restaurant Menu & Online Ordering for WooCommerce Attack Surface

Entry Points15
Unprotected3

AJAX Handlers 12

authwp_ajax_fmpPreviewAjaxCallapp\Controllers\Admin\Ajax\Preview.php:34
authwp_ajax_fmpSettingsUpdateapp\Controllers\Admin\Ajax\Settings.php:32
authwp_ajax_rt_select2_object_searchapp\Controllers\Admin\Ajax\Settings.php:33
authwp_ajax_fmShortCodeListapp\Controllers\Admin\Ajax\Shortcode.php:30
authwp_ajax_fmp_sc_source_changeapp\Controllers\Admin\Ajax\ShortcodeSource.php:30
authwp_ajax_rtfm_dismiss_admin_noticeapp\Controllers\Admin\Notices\BlackFriday.php:156
noprivwp_ajax_fmp_mini_cart_templateapp\Controllers\MiniCart\MiniCartHooks.php:39
authwp_ajax_fmp_mini_cart_templateapp\Controllers\MiniCart\MiniCartHooks.php:40
authwp_ajax_fmp_apply_couponapp\Controllers\MiniCart\MiniCartHooks.php:43
noprivwp_ajax_fmp_apply_couponapp\Controllers\MiniCart\MiniCartHooks.php:44
noprivwp_ajax_fmp_clear_cart_itemsapp\Controllers\MiniCart\MiniCartHooks.php:55
authwp_ajax_fmp_clear_cart_itemsapp\Controllers\MiniCart\MiniCartHooks.php:56

Shortcodes 3

[foodmenu] app\Controllers\Frontend\Shortcode.php:47
[rt-foodmenu] app\Controllers\Frontend\Shortcode.php:48
[foodmenu-single] app\Controllers\Frontend\Shortcode.php:49
WordPress Hooks 88
actionrest_api_initapp\Abstracts\CustomApi.php:53
filtermanage_edit-fmsc_columnsapp\Controllers\Admin\AdminColumns.php:30
actionmanage_fmsc_posts_custom_columnapp\Controllers\Admin\AdminColumns.php:31
actionquick_edit_custom_boxapp\Controllers\Admin\AdminColumns.php:37
actionsave_postapp\Controllers\Admin\AdminColumns.php:38
actionadmin_print_scripts-edit.phpapp\Controllers\Admin\AdminColumns.php:39
filtermanage_edit-food-menu_columnsapp\Controllers\Admin\AdminColumns.php:40
actionmanage_food-menu_posts_custom_columnapp\Controllers\Admin\AdminColumns.php:41
actionrestrict_manage_postsapp\Controllers\Admin\AdminColumns.php:42
actionadmin_enqueue_scriptsapp\Controllers\Admin\Metabox\PostMeta.php:34
actionadd_meta_boxesapp\Controllers\Admin\Metabox\PostMeta.php:35
actionsave_postapp\Controllers\Admin\Metabox\PostMeta.php:36
actionedit_form_after_titleapp\Controllers\Admin\Metabox\PostMeta.php:37
actionadmin_enqueue_scriptsapp\Controllers\Admin\Metabox\ShortcodeMeta.php:31
actionadd_meta_boxesapp\Controllers\Admin\Metabox\ShortcodeMeta.php:32
actionsave_postapp\Controllers\Admin\Metabox\ShortcodeMeta.php:33
actionedit_form_after_titleapp\Controllers\Admin\Metabox\ShortcodeMeta.php:34
actionadmin_initapp\Controllers\Admin\Metabox\ShortcodeMeta.php:35
actionadmin_footerapp\Controllers\Admin\Metabox\ShortcodeMeta.php:36
actionadmin_initapp\Controllers\Admin\Notices\BlackFriday.php:35
actionin_admin_headerapp\Controllers\Admin\Notices\BlackFriday.php:55
actionadmin_enqueue_scriptsapp\Controllers\Admin\Notices\BlackFriday.php:100
actionadmin_noticesapp\Controllers\Admin\Notices\BlackFriday.php:107
actionadmin_footerapp\Controllers\Admin\Notices\BlackFriday.php:131
actionadmin_initapp\Controllers\Admin\Notices\Review.php:27
actionadmin_initapp\Controllers\Admin\Notices\Review.php:28
actionadmin_noticesapp\Controllers\Admin\Notices\Review.php:54
actionadmin_noticesapp\Controllers\Admin\Notices\Review.php:56
actionadmin_menuapp\Controllers\Admin\Settings.php:31
actionadmin_initapp\Controllers\Admin\Settings.php:32
filterplugin_row_metaapp\Controllers\Admin\Settings.php:34
actionadmin_headapp\Controllers\Admin\ShortcodeButton.php:38
filtermce_external_pluginsapp\Controllers\Admin\ShortcodeButton.php:54
filtermce_buttonsapp\Controllers\Admin\ShortcodeButton.php:55
actionadmin_initapp\Controllers\Admin\Upgrade.php:152
actionelementor/widgets/registerapp\Controllers\ElementorController.php:34
actionelementor/controls/registerapp\Controllers\ElementorController.php:35
actionelementor/elements/categories_registeredapp\Controllers\ElementorController.php:36
actionelementor/editor/after_enqueue_scriptsapp\Controllers\ElementorController.php:37
filterelementor/editor/localize_settingsapp\Controllers\ElementorController.php:38
actionwp_enqueue_scriptsapp\Controllers\ElementorController.php:39
filterquery_tax_filterapp\Controllers\ElementorController.php:40
actionelementor/widgets/registerapp\Controllers\Frontend\ElementorAddons.php:31
actionwp_footerapp\Controllers\Frontend\Shortcode.php:240
actionwp_enqueue_scriptsapp\Controllers\Frontend\Styles.php:29
filtertemplate_includeapp\Controllers\Frontend\Template.php:29
actionwp_enqueue_scriptsapp\Controllers\Frontend\Template.php:30
actionenqueue_block_assetsapp\Controllers\GutenbergController.php:29
actionenqueue_block_editor_assetsapp\Controllers\GutenbergController.php:30
actionfmp_single_summeryapp\Controllers\Hooks\ActionHooks.php:48
actionfmp_single_summeryapp\Controllers\Hooks\ActionHooks.php:49
actionfmp_single_summeryapp\Controllers\Hooks\ActionHooks.php:50
actionfmp_single_summeryapp\Controllers\Hooks\ActionHooks.php:51
actionfmp_single_summeryapp\Controllers\Hooks\ActionHooks.php:52
actionfmp_single_summeryapp\Controllers\Hooks\ActionHooks.php:53
actionfmp_single_summeryapp\Controllers\Hooks\ActionHooks.php:54
actionwp_footerapp\Controllers\Hooks\ActionHooks.php:58
actionwoocommerce_checkout_before_customer_detailsapp\Controllers\Hooks\ActionHooks.php:60
actionwoocommerce_checkout_create_orderapp\Controllers\Hooks\ActionHooks.php:61
actionwoocommerce_order_details_after_order_table_itemsapp\Controllers\Hooks\ActionHooks.php:62
filterfmp_image_sizeapp\Controllers\Hooks\FilterHooks.php:34
filterwp_kses_allowed_htmlapp\Controllers\Hooks\FilterHooks.php:35
filterrtfm_add_to_cart_btnapp\Controllers\Hooks\FilterHooks.php:36
filterbody_classapp\Controllers\Hooks\FilterHooks.php:37
filterrtfm_add_stock_btnapp\Controllers\Hooks\FilterHooks.php:38
filtertlp_el_end_of_columns_sectionapp\Controllers\Hooks\FilterHooks.php:41
filtertlp_el_pro_switcherapp\Controllers\Hooks\FilterHooks.php:42
filtertlp_el_pro_popupapp\Controllers\Hooks\FilterHooks.php:43
filtertlp_image_alignapp\Controllers\Hooks\FilterHooks.php:44
filtertlp_el_image_animationapp\Controllers\Hooks\FilterHooks.php:45
actionwp_enqueue_scriptsapp\Controllers\MiniCart\MiniCart.php:39
actionwp_footerapp\Controllers\MiniCart\MiniCart.php:40
filterwoocommerce_widget_cart_is_hiddenapp\Controllers\MiniCart\MiniCart.php:105
filterwoocommerce_loop_add_to_cart_argsapp\Controllers\MiniCart\MiniCartHooks.php:36
filterwoocommerce_add_to_cart_fragmentsapp\Controllers\MiniCart\MiniCartHooks.php:47
filterbody_classapp\Controllers\MiniCart\MiniCartHooks.php:49
actionfmp_minicart_quantityapp\Controllers\MiniCart\MiniCartHooks.php:51
actionfmp_minicart_extra_fieldsapp\Controllers\MiniCart\MiniCartHooks.php:52
actionadmin_headapp\Controllers\PostTypesController.php:44
filterpost_updated_messagesapp\Controllers\PostTypesController.php:67
actionadmin_enqueue_scriptsapp\Controllers\ScriptsController.php:59
actionwp_enqueue_scriptsapp\Controllers\ScriptsController.php:60
actionwidgets_initapp\Controllers\WidgetsController.php:29
actionadmin_noticesapp\Helpers\Upgrade.php:41
filterimage_resize_dimensionsapp\Models\ReSizer.php:68
actionadmin_initapp\TLPFoodMenu.php:98
actionadmin_initapp\TLPFoodMenu.php:103
actioninitapp\Widgets\Vc\VcAddon.php:27
Maintenance & Trust

Food Menu – Restaurant Menu & Online Ordering for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 16, 2026
PHP min version7.4
Downloads116K

Community Trust

Rating100/100
Number of ratings23
Active installs3K
Alternatives

Food Menu – Restaurant Menu & Online Ordering for WooCommerce Alternatives

Orderable – WordPress Restaurant Online Ordering System and Food Ordering Plugin

Orderable – WordPress Restaurant Online Ordering System and Food Ordering Plugin

orderable

B
75

Take your restaurant/food business online with the online ordering system plugin for WordPress, Orderable.

6K 1 unpatched
Single Page Restaurant Menu for WooCommerce

Single Page Restaurant Menu for WooCommerce

single-page-restaurant-menu-for-woocommerce

A
85

This plugin is developed to list all woocommerce products/menus in a single page with category and editable cart information.

10 No CVEs
BookMyOrder – Food ordering, delivery, takeaway and reservation for restaurants

BookMyOrder – Food ordering, delivery, takeaway and reservation for restaurants

food-ordering-for-restaurants

A
92

BookMyOrder WordPress Plugin

0 No CVEs
Restaurant Menu – Food Ordering System – Table Reservation

Restaurant Menu – Food Ordering System – Table Reservation

menu-ordering-reservations

A
96

Create a restaurant menu and start taking food orders online, with no commissions or costs. Table reservations are also available for free.

8K 7 CVEs
WPCafe – Restaurant Menu, Online Food Ordering and Reservation Booking Solution

WPCafe – Restaurant Menu, Online Food Ordering and Reservation Booking Solution

wp-cafe

A
91

Complete restaurant solution for restaurant menus, online food ordering, delivery, reservations and booking

6K 9 CVEs
Developer Profile

Food Menu – Restaurant Menu & Online Ordering for WooCommerce Developer Profile

RadiusTheme

16 plugins · 213K total installs

77
trust score
Avg Security Score
97/100
Avg Patch Time
104 days
View full developer profile
Detection Fingerprints

How We Detect Food Menu – Restaurant Menu & Online Ordering for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/tlp-food-menu/assets/css/frontend.css/wp-content/plugins/tlp-food-menu/assets/css/swiper.min.css/wp-content/plugins/tlp-food-menu/assets/js/frontend.js/wp-content/plugins/tlp-food-menu/assets/js/swiper.min.js/wp-content/plugins/tlp-food-menu/assets/js/isotope.pkgd.min.js/wp-content/plugins/tlp-food-menu/assets/js/imagesLoaded.min.js/wp-content/plugins/tlp-food-menu/assets/js/custom-jquery.js/wp-content/plugins/tlp-food-menu/assets/css/magnific-popup.css+2 more
Script Paths
/wp-content/plugins/tlp-food-menu/assets/js/frontend.js/wp-content/plugins/tlp-food-menu/assets/js/swiper.min.js/wp-content/plugins/tlp-food-menu/assets/js/isotope.pkgd.min.js/wp-content/plugins/tlp-food-menu/assets/js/imagesLoaded.min.js/wp-content/plugins/tlp-food-menu/assets/js/custom-jquery.js/wp-content/plugins/tlp-food-menu/assets/js/magnific-popup.min.js
Version Parameters
tlp-food-menu/assets/css/frontend.css?ver=tlp-food-menu/assets/css/swiper.min.css?ver=tlp-food-menu/assets/js/frontend.js?ver=tlp-food-menu/assets/js/swiper.min.js?ver=tlp-food-menu/assets/js/isotope.pkgd.min.js?ver=tlp-food-menu/assets/js/imagesLoaded.min.js?ver=tlp-food-menu/assets/js/custom-jquery.js?ver=tlp-food-menu/assets/css/magnific-popup.css?ver=tlp-food-menu/assets/js/magnific-popup.min.js?ver=tlp-food-menu/assets/css/elementor-frontend.css?ver=

HTML / DOM Fingerprints

CSS Classes
rtfm-food-menu-wraprtfm-food-menu-contentrtfm-food-menu-itemrtfm-food-menu-titlertfm-food-menu-pricertfm-food-menu-excerptrtfm-food-menu-buttonrtfm-single-food-menu-details+18 more
HTML Comments
<!-- Start TLP Food Menu --><!-- End TLP Food Menu --><!-- Food Menu Item Start --><!-- Food Menu Item End -->+1 more
Data Attributes
data-food-menu-iddata-food-menu-slugdata-isotope-filterdata-isotope-sort-by
JS Globals
TLPFoodMenurtfm_frontend_ajax_objectrtfm_elementor_frontend_ajax_objectrtfm_food_menu_obj
REST Endpoints
/wp-json/rt-food-menu/v1/get-menu
Shortcode Output
[tlpfoodmenu][tlp_food_menu][food_menu][rt_food_menu]
FAQ

Frequently Asked Questions about Food Menu – Restaurant Menu & Online Ordering for WooCommerce