WP-Safety

WOWRestro – Online Ordering System For WooCommerce Security & Risk Analysis

wordpress.org/plugins/wowrestro

WOWRestro is an online ordering system for WooCommerce that makes it easier to receive takeaway and delivery orders.

10 active installs v1.3.1 PHP 5.6+ WP 4.0+ Updated Dec 13, 2025
ecommerceonline-storeshopwoowoocommerce
99
A · Safe
CVEs total1
Unpatched0
Last CVEJul 12, 2021
Download
Safety Verdict

Is WOWRestro – Online Ordering System For WooCommerce Safe to Use in 2026?

Generally Safe

Score 99/100

WOWRestro – Online Ordering System For WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jul 12, 2021Updated 3mo ago
Risk Assessment

The 'wowrestro' plugin v1.3.1 exhibits a mixed security posture. On the positive side, it demonstrates good practices by using prepared statements for all SQL queries and a high percentage of properly escaped outputs, indicating a conscious effort to prevent common injection vulnerabilities. The absence of dangerous functions, file operations, and critical/high severity taint flows are also positive signs.

However, there are significant concerns. The plugin has a considerable attack surface with 3 AJAX handlers, 2 of which lack authentication checks. This presents a direct risk of unauthorized actions being performed by unauthenticated users. While the taint analysis did not reveal critical or high severity issues, the presence of 7 flows with unsanitized paths warrants attention, as these could potentially lead to vulnerabilities if not handled correctly downstream. The vulnerability history, while currently clear of unpatched issues, shows a past high severity vulnerability (likely CSRF based on the common type), suggesting that the plugin has had critical security flaws in the past, and vigilance is required.

In conclusion, 'wowrestro' v1.3.1 has some strengths in its handling of SQL and output escaping, but the unprotected AJAX endpoints and the history of high-severity vulnerabilities pose a notable risk. The plugin needs to address its unprotected entry points to improve its overall security. The presence of unsanitized paths in the taint analysis, while not critical, suggests potential for subtle vulnerabilities that require further investigation.

Key Concerns

  • Unprotected AJAX handlers
  • Flows with unsanitized paths detected
  • Past high severity vulnerability
  • High percentage of unescaped outputs
Vulnerabilities
1

WOWRestro – Online Ordering System For WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2021
2021
Patched Has unpatched

Severity Breakdown

High
1

1 total CVE

WF-47ccda70-8c89-4e0f-a7fa-5b80515e60dc-wowrestrohigh · 8.8Cross-Site Request Forgery (CSRF)

WOWRestro – Online Ordering System For WooCommerce < 1.1 - Cross-Site Request Forgery

Jul 12, 2021 Patched in 1.1 (925d)
Code Analysis
Analyzed Mar 17, 2026

WOWRestro – Online Ordering System For WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
105
402 escaped
Nonce Checks
8
Capability Checks
3
File Operations
0
External Requests
4
Bundled Libraries
0

Output Escaping

79% escaped507 total outputs
Data Flows
7 unsanitized

Data Flow Analysis

12 flows7 with unsanitized paths
update_service_time (includes\class-wowrestro-ajax.php:523)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

WOWRestro – Online Ordering System For WooCommerce Attack Surface

Entry Points3
Unprotected2

AJAX Handlers 3

authwp_ajax_add_food_categoryincludes\admin\class-wowrestro-admin.php:30
authwp_ajax_select_modifier_categoryincludes\admin\class-wowrestro-admin.php:31
authwp_ajax_wowrestro_check_new_ordersincludes\admin\class-wowrestro-admin.php:32
WordPress Hooks 76
filterwoocommerce_screen_idsincludes\admin\class-wowrestro-admin-assets.php:24
actionadmin_enqueue_scriptsincludes\admin\class-wowrestro-admin-assets.php:25
actionadmin_enqueue_scriptsincludes\admin\class-wowrestro-admin-assets.php:26
actionadmin_menuincludes\admin\class-wowrestro-admin-menus.php:26
actionwp_loadedincludes\admin\class-wowrestro-admin-menus.php:29
actioninitincludes\admin\class-wowrestro-admin.php:23
actionadmin_initincludes\admin\class-wowrestro-admin.php:24
actionadmin_headincludes\admin\class-wowrestro-admin.php:25
actionwoocommerce_before_order_itemmetaincludes\admin\class-wowrestro-admin.php:26
filterwoocommerce_hidden_order_itemmetaincludes\admin\class-wowrestro-admin.php:27
filtermanage_edit-shop_order_columnsincludes\admin\class-wowrestro-admin.php:28
actionmanage_shop_order_posts_custom_columnincludes\admin\class-wowrestro-admin.php:29
actioninitincludes\admin\class-wowrestro-admin.php:33
actionwowrestro_admin_field_licenses_settingincludes\admin\settings\class-wowrestro-settings-licenses.php:28
actionwowrestro_update_option_licenses_settingincludes\admin\settings\class-wowrestro-settings-licenses.php:31
filterwowrestro_settings_tabs_arrayincludes\admin\settings\class-wowrestro-settings-page.php:40
filterpre_set_site_transient_update_pluginsincludes\class-wowrestro-addon-updater.php:72
filterplugins_apiincludes\class-wowrestro-addon-updater.php:73
actionadmin_initincludes\class-wowrestro-addon-updater.php:76
filterpre_set_site_transient_update_pluginsincludes\class-wowrestro-addon-updater.php:221
actioninitincludes\class-wowrestro-ajax.php:23
actiontemplate_redirectincludes\class-wowrestro-ajax.php:24
actioninitincludes\class-wowrestro-install.php:20
actionwpincludes\class-wowrestro-install.php:22
actionadmin_initincludes\class-wowrestro-license-handler.php:83
actionfood_modifiers_edit_form_fieldsincludes\class-wowrestro-metaboxes.php:25
actionfood_modifiers_edit_form_fieldsincludes\class-wowrestro-metaboxes.php:26
actionedited_food_modifiersincludes\class-wowrestro-metaboxes.php:27
filterwoocommerce_allow_marketplace_suggestionsincludes\class-wowrestro-metaboxes.php:28
filterwoocommerce_product_data_tabsincludes\class-wowrestro-metaboxes.php:29
actionwoocommerce_product_data_panelsincludes\class-wowrestro-metaboxes.php:30
actionwoocommerce_process_product_metaincludes\class-wowrestro-metaboxes.php:31
actionproduct_type_selectorincludes\class-wowrestro-metaboxes.php:32
actionproduct_type_optionsincludes\class-wowrestro-metaboxes.php:33
filterwoocommerce_products_admin_list_table_filtersincludes\class-wowrestro-metaboxes.php:34
actionwoocommerce_product_queryincludes\class-wowrestro-metaboxes.php:35
actioninitincludes\class-wowrestro-modifiers.php:22
actionwp_enqueue_scriptsincludes\class-wowrestro-public-scripts.php:43
actionwp_headincludes\class-wowrestro-public.php:21
actiontemplate_redirectincludes\class-wowrestro-public.php:22
actionwoocommerce_before_variations_formincludes\class-wowrestro-public.php:23
filterwoocommerce_get_item_dataincludes\class-wowrestro-public.php:24
actionwoocommerce_check_cart_itemsincludes\class-wowrestro-public.php:25
actionwoocommerce_check_cart_itemsincludes\class-wowrestro-public.php:26
actionwoocommerce_checkout_create_order_line_itemincludes\class-wowrestro-public.php:27
actionwoocommerce_order_item_meta_startincludes\class-wowrestro-public.php:28
actionwoocommerce_before_calculate_totalsincludes\class-wowrestro-public.php:29
actionwp_footerincludes\class-wowrestro-public.php:30
filterwoocommerce_checkout_fieldsincludes\class-wowrestro-public.php:31
actionwp_enqueue_scriptsincludes\class-wowrestro-services.php:24
actionwoocommerce_checkout_order_reviewincludes\class-wowrestro-services.php:25
actionwoocommerce_checkout_processincludes\class-wowrestro-services.php:26
actionwoocommerce_checkout_update_order_metaincludes\class-wowrestro-services.php:27
actionwoocommerce_admin_order_data_after_shipping_addressincludes\class-wowrestro-services.php:28
actionwoocommerce_order_details_before_order_table_itemsincludes\class-wowrestro-services.php:29
actionwoocommerce_email_before_order_tableincludes\class-wowrestro-services.php:30
actionwoocommerce_checkout_update_order_reviewincludes\class-wowrestro-services.php:31
filterwoocommerce_update_order_review_fragmentsincludes\class-wowrestro-services.php:32
actionwowrestro_service_time_option_wrap_beforeincludes\class-wowrestro-services.php:33
actionwowrestro_service_time_option_wrap_afterincludes\class-wowrestro-services.php:34
actionadmin_noticesincludes\class-wowrestro.php:62
actioninitincludes\class-wowrestro.php:105
actioninitincludes\class-wowrestro.php:106
actionafter_setup_themeincludes\class-wowrestro.php:107
actionwoocommerce_initincludes\wowrestro-core-functions.php:356
actiontemplate_redirectincludes\wowrestro-core-functions.php:373
filterbody_classincludes\wowrestro-core-functions.php:408
actionwowrestro_subcategory_titleincludes\wowrestro-public-hooks.php:14
actionwowrestro_before_product_summaryincludes\wowrestro-public-hooks.php:17
actionwowrestro_product_summaryincludes\wowrestro-public-hooks.php:18
actionwowrestro_product_summaryincludes\wowrestro-public-hooks.php:19
actionwowrestro_product_summaryincludes\wowrestro-public-hooks.php:20
actionwp_footerincludes\wowrestro-public-hooks.php:23
actionwowrestro_variable_dataincludes\wowrestro-public-hooks.php:26
actionwoocommerce_order_item_meta_endincludes\wowrestro-public-hooks.php:29
actionwowrestro_food_modifiersincludes\wowrestro-public-hooks.php:32
Maintenance & Trust

WOWRestro – Online Ordering System For WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 13, 2025
PHP min version5.6
Downloads3K

Community Trust

Rating100/100
Number of ratings3
Active installs10
Alternatives

WOWRestro – Online Ordering System For WooCommerce Alternatives

TI WooCommerce Wishlist

TI WooCommerce Wishlist

ti-woocommerce-wishlist

B
77

Boost your sales with a free WooCommerce Wishlist feature. Let your customers save and share their favorite products!

100K 9 CVEs
StoreCustomizer – A plugin to Customize all WooCommerce Pages

StoreCustomizer – A plugin to Customize all WooCommerce Pages

woocustomizer

A
100

A store editor plugin for editing all WooCommerce store and product pages, cart, checkout and user account pages, all within the WordPress Customizer

20K No CVEs
Continue Shopping for WooCommerce

Continue Shopping for WooCommerce

continue-shopping-for-woocommerce

A
100

Easily change the 'Continue Shopping' link when redirected to the Cart after adding a Product.

5K No CVEs
Recently Viewed Product for WooCommerce

Recently Viewed Product for WooCommerce

recently-viewed-products-for-woocommerce

A
92

Recently Viewed Products for WooCommerce Listing page, you can easily add recently viewed product section by activate the plugin.

1K No CVEs
Social Shop for WooCommerce

Social Shop for WooCommerce

facebook-shop-by-storeyacom

A
85

This plugin will import your Woocommerce store to Facebook in a couple of minutes, with no development or design skills required.

900 No CVEs
Developer Profile

WOWRestro – Online Ordering System For WooCommerce Developer Profile

Nirmal Kumar Ram

6 plugins · 31K total installs

74
trust score
Avg Security Score
93/100
Avg Patch Time
826 days
View full developer profile
Detection Fingerprints

How We Detect WOWRestro – Online Ordering System For WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wowrestro/assets/css/menu.css/wp-content/plugins/wowrestro/assets/css/jquery.timepicker.css/wp-content/plugins/wowrestro/assets/css/admin.css/wp-content/plugins/wowrestro/assets/js/admin/jquery.timepicker.js/wp-content/plugins/wowrestro/assets/js/jquery-tiptip/jquery.tipTip.js/wp-content/plugins/wowrestro/assets/js/public/jquery.toast.js/wp-content/plugins/wowrestro/assets/js/admin/wowrestro-admin.js/wp-content/plugins/wowrestro/assets/css/wowrestro-bootstrap.css+10 more
Script Paths
/wp-content/plugins/wowrestro/assets/js/admin/jquery.timepicker.js/wp-content/plugins/wowrestro/assets/js/jquery-tiptip/jquery.tipTip.js/wp-content/plugins/wowrestro/assets/js/public/jquery.toast.js/wp-content/plugins/wowrestro/assets/js/admin/wowrestro-admin.js/wp-content/plugins/wowrestro/assets/js/public/wowrestro-bootstrap.js/wp-content/plugins/wowrestro/assets/js/public/wowrestro-modal.js+2 more
Version Parameters
wowrestro/menu.css?ver=wowrestro/jquery.timepicker.css?ver=wowrestro/admin.css?ver=wowrestro/jquery.timepicker.js?ver=wowrestro/jquery.tipTip.js?ver=wowrestro/jquery.toast.js?ver=wowrestro/wowrestro-admin.js?ver=wowrestro/wowrestro-bootstrap.css?ver=wowrestro/wowrestro-base.css?ver=wowrestro/jquery.toast.css?ver=wowrestro/wowrestro-modal.css?ver=wowrestro/wowrestro-icons.css?ver=wowrestro/wowrestro-style.css?ver=wowrestro/wowrestro-responsive.css?ver=wowrestro/wowrestro-bootstrap.js?ver=wowrestro/wowrestro-modal.js?ver=wowrestro/wowrestro-sticky.js?ver=wowrestro/wowrestro.js?ver=

HTML / DOM Fingerprints

CSS Classes
wowrestro-bootstrapwowrestro-basewowrestro-modalwowrestro-iconswowrestro-stylewowrestro-responsivewowrestro-headerwowrestro-logo+26 more
Data Attributes
data-wowrestrodata-wowrestro-iddata-wowrestro-namedata-wowrestro-pricedata-wowrestro-quantitydata-wowrestro-add-to-cart+2 more
JS Globals
WWRO_VERSIONwwro_ajax
REST Endpoints
/wp-json/wowrestro
FAQ

Frequently Asked Questions about WOWRestro – Online Ordering System For WooCommerce