WP-Safety

VikRestaurants Table Reservations and Take-Away Security & Risk Analysis

wordpress.org/plugins/vikrestaurants

The all-in-one solution to manage your restaurant reservations and take-away or delivery orders.

600 active installs v1.5.3 PHP 7.4.0+ WP 4.7+ Updated Jan 27, 2026
food-deliverymenusrestauranttable-reservationstake-away
97
A · Safe
CVEs total3
Unpatched0
Last CVESep 22, 2025
Plugin page Download
Safety Verdict

Is VikRestaurants Table Reservations and Take-Away Safe to Use in 2026?

Generally Safe

Score 97/100

VikRestaurants Table Reservations and Take-Away has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Sep 22, 2025Updated 2mo ago
Risk Assessment

The VikRestaurants plugin version 1.5.3 presents a mixed security posture. While it demonstrates good practices in handling SQL queries with prepared statements and a relatively low number of entry points, significant concerns arise from the lack of robust security checks. The presence of two unprotected AJAX handlers significantly increases the attack surface for unauthorized actions. Furthermore, the critical function `unserialize` being used without any apparent safeguards is a major red flag, potentially opening the door to object injection vulnerabilities if improperly handled input is processed. The plugin's vulnerability history, though currently showing no unpatched CVEs, indicates a past pattern of medium severity Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerabilities. This history, combined with the current code analysis findings, suggests a need for stricter input validation and output escaping mechanisms to prevent future exploits. The outdated bundled Select2 library also poses a potential risk.

Key Concerns

  • Unprotected AJAX handlers
  • Use of dangerous unserialize function
  • Low percentage of properly escaped output
  • No nonce checks on AJAX handlers
  • No capability checks
  • Bundled outdated Select2 library
Vulnerabilities
3

VikRestaurants Table Reservations and Take-Away Security Vulnerabilities

CVEs by Year

3 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
3

3 total CVEs

CVE-2025-57968medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

VikRestaurants Table Reservations and Take-Away <= 1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting

Sep 22, 2025 Patched in 1.5.1 (79d)
CVE-2025-57962medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

VikRestaurants Table Reservations and Take-Away <= 1.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

Sep 22, 2025 Patched in 1.5.2 (107d)
CVE-2025-46251medium · 6.1Cross-Site Request Forgery (CSRF)

VikRestaurants Table Reservations and Take-Away <= 1.3.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Apr 22, 2025 Patched in 1.4 (9d)
Code Analysis
Analyzed Mar 16, 2026

VikRestaurants Table Reservations and Take-Away Code Analysis

Dangerous Functions
4
Raw SQL Queries
0
0 prepared
Unescaped Output
7163
119 escaped
Nonce Checks
0
Capability Checks
0
File Operations
65
External Requests
2
Bundled Libraries
4

Dangerous Functions Found

unserialize$metadata = (array) ($item->metadata ? unserialize($item->metadata) : []);admin\models\cronjoblog.php:38
unserialize$cart = unserialize($session_cart);site\helpers\library\cart\cart.php:59
unserialize$this->__unserialize(unserialize($serialized));site\helpers\library\dishes\cart.php:39
unserializereturn unserialize($data);site\models\takeawayconfirm.php:713

Bundled Libraries

Select23.5.1TinyMCEjQueryTCPDF1.0.004

Output Escaping

2% escaped7282 total outputs
Attack Surface
2 unprotected

VikRestaurants Table Reservations and Take-Away Attack Surface

Entry Points3
Unprotected2

AJAX Handlers 2

authwp_ajax_vikrestaurantsvikrestaurants.php:238
noprivwp_ajax_vikrestaurantsvikrestaurants.php:239

Shortcodes 1

[vikrestaurants] vikrestaurants.php:271
WordPress Hooks 49
actioninitvikrestaurants.php:27
actioninitvikrestaurants.php:28
actionautomatic_updates_completevikrestaurants.php:38
filterauto_update_pluginvikrestaurants.php:50
actionin_plugin_update_message-vikrestaurants/vikrestaurants.phpvikrestaurants.php:66
actionvikrestaurants_before_display_restaurantvikrestaurants.php:74
actioninitvikrestaurants.php:83
actionplugins_loadedvikrestaurants.php:101
actionplugins_loadedvikrestaurants.php:104
actioncurrent_screenvikrestaurants.php:107
actioncurrent_screenvikrestaurants.php:109
filterset-screen-optionvikrestaurants.php:111
filterset_screen_option_vikrestaurants_list_limitvikrestaurants.php:117
actioninitvikrestaurants.php:120
actionwp_logoutvikrestaurants.php:121
actionplugins_loadedvikrestaurants.php:124
actioninitvikrestaurants.php:165
actionadmin_menuvikrestaurants.php:257
actionwidgets_initvikrestaurants.php:260
actionwidgets_initvikrestaurants.php:268
actionvikrestaurants_before_dispatchvikrestaurants.php:361
actionvikrestaurants_after_display_managemapvikrestaurants.php:419
actionvikrestaurants_before_display_restaurantvikrestaurants.php:434
filtervik_date_default_timezonevikrestaurants.php:448
actionvikrestaurants_after_dispatchvikrestaurants.php:454
actionadmin_post_vikrestaurantsvikrestaurants.php:536
actionadmin_post_nopriv_vikrestaurantsvikrestaurants.php:537
actionsave_postvikrestaurants.php:549
actiontrashed_postvikrestaurants.php:624
actionuntrashed_postvikrestaurants.php:644
actiondeleted_postvikrestaurants.php:664
filtermce_buttonsvikrestaurants.php:694
filtermce_external_pluginsvikrestaurants.php:697
actioninitvikrestaurants.php:706
actiondeleted_blogvikrestaurants.php:717
filterdoing_it_wrong_trigger_errorvikrestaurants.php:732
actionplugins_loadedvikrestaurants.php:756
filterplugin_action_linksvikrestaurants.php:771
actionvik_widget_before_dispatch_sitevikrestaurants.php:781
actionvik_widget_after_dispatch_sitevikrestaurants.php:795
actionvik_plugin_before_load_languagevikrestaurants.php:810
filtervik_plugin_load_languagevikrestaurants.php:850
actionvikrestaurants_after_display_restaurantvikrestaurants.php:873
filtervikrestaurants_display_view_config_globalvikrestaurants.php:889
actionvikrestaurants_after_save_configvikrestaurants.php:901
filtervikrestaurants_fetch_rss_channelsvikrestaurants.php:911
actionvikrestaurants_before_use_rssvikrestaurants.php:920
filterrun_wptexturizevikrestaurants.php:932
filterwp_login_errorsvikrestaurants.php:947
Maintenance & Trust

VikRestaurants Table Reservations and Take-Away Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 27, 2026
PHP min version7.4.0
Downloads14K

Community Trust

Rating96/100
Number of ratings10
Active installs600
Alternatives

VikRestaurants Table Reservations and Take-Away Alternatives

Orderable – WordPress Restaurant Online Ordering System and Food Ordering Plugin

Orderable – WordPress Restaurant Online Ordering System and Food Ordering Plugin

orderable

B
75

Take your restaurant/food business online with the online ordering system plugin for WordPress, Orderable.

6K 1 unpatched
WPCafe – Restaurant Menu, Online Food Ordering and Reservation Booking Solution

WPCafe – Restaurant Menu, Online Food Ordering and Reservation Booking Solution

wp-cafe

A
91

Complete restaurant solution for restaurant menus, online food ordering, delivery, reservations and booking

6K 9 CVEs
Food Menu – Restaurant Menu & Online Ordering for WooCommerce

Food Menu – Restaurant Menu & Online Ordering for WooCommerce

tlp-food-menu

A
99

A Simple Food & Restaurant Menu Display Plugin for Restaurant, Cafes, Fast Food, Coffee House with WooCommerce Online Ordering.

3K 1 CVE
Restaurant Menu and Food Ordering

Restaurant Menu and Food Ordering

mp-restaurant-menu

A
93

Create and maintain modern online menus for almost any kind of restaurant. Sell food and beverages online. All in one plugin.

2K 4 CVEs
Food Store – Online Food Delivery & Pickup

Food Store – Online Food Delivery & Pickup

food-store

B
78

Food Store is complete online food ordering platform with all your favourite WooCommerce functionalities.

1K 1 unpatched
Developer Profile

VikRestaurants Table Reservations and Take-Away Developer Profile

e4jvikwp

7 plugins · 16K total installs

72
trust score
Avg Security Score
90/100
Avg Patch Time
244 days
View full developer profile
Detection Fingerprints

How We Detect VikRestaurants Table Reservations and Take-Away

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/vikrestaurants/vikrestaurants.css/wp-content/plugins/vikrestaurants/vikrestaurants.js/wp-content/plugins/vikrestaurants/admin/css/vikrestaurants.css/wp-content/plugins/vikrestaurants/admin/css/vikrestaurants.min.css/wp-content/plugins/vikrestaurants/admin/js/vikrestaurants.js/wp-content/plugins/vikrestaurants/admin/js/vikrestaurants.min.js/wp-content/plugins/vikrestaurants/site/css/vikrestaurants.css/wp-content/plugins/vikrestaurants/site/css/vikrestaurants.min.css+2 more
Script Paths
/wp-content/plugins/vikrestaurants/vikrestaurants.js/wp-content/plugins/vikrestaurants/admin/js/vikrestaurants.js/wp-content/plugins/vikrestaurants/site/js/vikrestaurants.js
Version Parameters
vikrestaurants/vikrestaurants.css?ver=vikrestaurants/vikrestaurants.js?ver=vikrestaurants/admin/css/vikrestaurants.css?ver=vikrestaurants/admin/css/vikrestaurants.min.css?ver=vikrestaurants/admin/js/vikrestaurants.js?ver=vikrestaurants/admin/js/vikrestaurants.min.js?ver=vikrestaurants/site/css/vikrestaurants.css?ver=vikrestaurants/site/css/vikrestaurants.min.css?ver=vikrestaurants/site/js/vikrestaurants.js?ver=vikrestaurants/site/js/vikrestaurants.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
vikrestaurantsvikrestaurant-wrappervikrestaurant-adminvikrestaurant-site
Data Attributes
data-option="com_vikrestaurants"
JS Globals
VikRestaurantsBuilderJSessionHandlerJFactoryJUriJModel
FAQ

Frequently Asked Questions about VikRestaurants Table Reservations and Take-Away