WP-Safety

WPCafe Multivendor Restaurant Addon for Dokan Security & Risk Analysis

wordpress.org/plugins/wpcafe-multivendor

WPCafe - Food Ordering, Food Menu and Restaurant Multivendor Addon.

100 active installs v1.2.1 PHP 7.4+ WP 6.2+ Updated Jan 27, 2026
dokanfood-menufood-orderingfree-multi-vendormultivendor
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WPCafe Multivendor Restaurant Addon for Dokan Safe to Use in 2026?

Generally Safe

Score 100/100

WPCafe Multivendor Restaurant Addon for Dokan has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The wpcafe-multivendor plugin, in version 1.2.1, exhibits a mixed security posture. While it demonstrates good practices such as using prepared statements for all SQL queries and a high percentage of properly escaped output, there are significant areas of concern. The plugin has a single entry point through an AJAX handler that lacks any authentication checks, presenting a direct risk for unauthorized access and potential malicious actions. Furthermore, the presence of the `unserialize` function without any apparent sanitization or validation poses a critical risk for object injection vulnerabilities, especially when combined with the unprotected AJAX handler.

Key Concerns

  • AJAX handler without authentication checks
  • Use of unserialize() without apparent sanitization
  • Missing nonce checks on AJAX handler
Vulnerabilities
None known

WPCafe Multivendor Restaurant Addon for Dokan Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

WPCafe Multivendor Restaurant Addon for Dokan Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
9
84 escaped
Nonce Checks
0
Capability Checks
6
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$get_data = unserialize( $value );core\modules\food-menu\food-location.php:58

Output Escaping

90% escaped93 total outputs
Attack Surface
1 unprotected

WPCafe Multivendor Restaurant Addon for Dokan Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_wpmet-noticeshelpers\notice\notice.php:367
WordPress Hooks 57
actionadmin_headbootstrap.php:70
actionadmin_headbootstrap.php:110
actionadmin_enqueue_scriptscore\enqueue\enqueue.php:21
actionwp_enqueue_scriptscore\enqueue\enqueue.php:23
filterwpcafe_frontend_localizecore\enqueue\enqueue.php:25
filterwpcafe_pro_discount_create_permissioncore\hooks\discount-hooks.php:23
filterwpcafe_pro_discount_read_permissioncore\hooks\discount-hooks.php:24
filterwpcafe_pro_discount_query_argscore\hooks\discount-hooks.php:25
filterwpcafe_pro_discount_item_permissioncore\hooks\discount-hooks.php:26
filterwpcafe_pro_discount_update_permissioncore\hooks\discount-hooks.php:27
filterwpcafe_pro_discount_delete_permissioncore\hooks\discount-hooks.php:28
filterwpcafe_pro_discount_bulk_delete_checkcore\hooks\discount-hooks.php:29
filterwpcafe_pro_discount_prepare_datacore\hooks\discount-hooks.php:30
filterwpcafe_pro_applicable_discount_rulescore\hooks\discount-hooks.php:31
filterdokan_store_tabscore\hooks\hooks.php:31
filtertemplate_includecore\hooks\hooks.php:33
filtertemplate_includecore\hooks\hooks.php:36
actionwpc_before_minicartcore\hooks\hooks.php:39
actionwpc_after_minicartcore\hooks\hooks.php:40
actionwpc_before_admin_location_settingscore\hooks\hooks.php:42
actionwpc_after_admin_location_settingscore\hooks\hooks.php:43
actionwpc_pro_before_discount_settingscore\hooks\hooks.php:47
actionwpc_pro_after_discount_settingscore\hooks\hooks.php:48
filterwpcafe_multivendor_sellercore\hooks\hooks.php:52
filterwpcafe_product_category_read_permissioncore\hooks\product-category-hooks.php:21
filterwpcafe_product_category_query_argscore\hooks\product-category-hooks.php:22
filterwpcafe_product_category_item_permissioncore\hooks\product-category-hooks.php:23
filterwpcafe_product_read_permissioncore\hooks\product-hooks.php:21
filterwpcafe_product_query_argscore\hooks\product-hooks.php:22
filterwpcafe_product_item_permissioncore\hooks\product-hooks.php:23
filterwpcafe_pro_timed_product_create_permissioncore\hooks\timed-product-hooks.php:23
filterwpcafe_pro_timed_product_read_permissioncore\hooks\timed-product-hooks.php:24
filterwpcafe_pro_timed_product_query_argscore\hooks\timed-product-hooks.php:25
filterwpcafe_pro_timed_product_item_permissioncore\hooks\timed-product-hooks.php:26
filterwpcafe_pro_timed_product_update_permissioncore\hooks\timed-product-hooks.php:27
filterwpcafe_pro_timed_product_delete_permissioncore\hooks\timed-product-hooks.php:28
filterwpcafe_pro_timed_product_bulk_delete_checkcore\hooks\timed-product-hooks.php:29
filterwpcafe_pro_timed_product_prepare_datacore\hooks\timed-product-hooks.php:30
filterwpcafe_pro_applicable_timed_product_conditionscore\hooks\timed-product-hooks.php:31
actiondokan_store_page_query_filtercore\hooks\timed-product-hooks.php:34
filterwpcafe_multivendor_vendor_store_productscore\hooks\timed-product-hooks.php:35
actiondokan_product_edit_after_product_tagscore\modules\food-menu\food-location.php:18
actiondokan_new_product_addedcore\modules\food-menu\food-location.php:21
actiondokan_product_updatedcore\modules\food-menu\food-location.php:23
actiondokan_order_details_after_customer_infocore\modules\food-menu\food-location.php:26
actionwoocommerce_checkout_before_customer_detailscore\modules\food-menu\food-location.php:30
actionwoocommerce_checkout_processcore\modules\food-menu\food-location.php:31
actionwoocommerce_checkout_create_ordercore\modules\food-menu\food-location.php:32
filterwpcafe_pro/render/thankyou_order_locationcore\modules\food-menu\food-location.php:38
actionwp_footercore\modules\food-menu\food-location.php:42
filterdokan_get_dashboard_navcore\settings\key-options.php:18
filterdokan_query_var_filtercore\settings\key-options.php:19
actiondokan_load_custom_templatecore\settings\key-options.php:22
actionadmin_noticeshelpers\notice\notice.php:278
actionadmin_headhelpers\notice\notice.php:368
actioninitwpcafe-multivendor.php:66
actionplugins_loadedwpcafe-multivendor.php:69
Maintenance & Trust

WPCafe Multivendor Restaurant Addon for Dokan Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJan 27, 2026
PHP min version7.4
Downloads10K

Community Trust

Rating100/100
Number of ratings1
Active installs100
Alternatives

WPCafe Multivendor Restaurant Addon for Dokan Alternatives

Restaurant Menu – Food Ordering System – Table Reservation

Restaurant Menu – Food Ordering System – Table Reservation

menu-ordering-reservations

A
96

Create a restaurant menu and start taking food orders online, with no commissions or costs. Table reservations are also available for free.

8K 7 CVEs
Orderable – WordPress Restaurant Online Ordering System and Food Ordering Plugin

Orderable – WordPress Restaurant Online Ordering System and Food Ordering Plugin

orderable

B
75

Take your restaurant/food business online with the online ordering system plugin for WordPress, Orderable.

6K 1 unpatched
WPCafe – Restaurant Menu, Online Food Ordering and Reservation Booking Solution

WPCafe – Restaurant Menu, Online Food Ordering and Reservation Booking Solution

wp-cafe

A
91

Complete restaurant solution for restaurant menus, online food ordering, delivery, reservations and booking

6K 9 CVEs
Food Menu – Restaurant Menu & Online Ordering for WooCommerce

Food Menu – Restaurant Menu & Online Ordering for WooCommerce

tlp-food-menu

A
99

A Simple Food & Restaurant Menu Display Plugin for Restaurant, Cafes, Fast Food, Coffee House with WooCommerce Online Ordering.

3K 1 CVE
Dokan Menu Hider

Dokan Menu Hider

dokan-menu-hider

A
85

Dokan Menu Hider for Dokan plugin.

600 No CVEs
Developer Profile

WPCafe Multivendor Restaurant Addon for Dokan Developer Profile

Arraytics

8 plugins · 20K total installs

91
trust score
Avg Security Score
95/100
Avg Patch Time
28 days
View full developer profile
Detection Fingerprints

How We Detect WPCafe Multivendor Restaurant Addon for Dokan

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wpcafe-multivendor/assets/js/admin.js/wp-content/plugins/wpcafe-multivendor/assets/css/admin.css/wp-content/plugins/wpcafe-multivendor/assets/js/public.js/wp-content/plugins/wpcafe-multivendor/assets/build/js/dashboard.js/wp-content/plugins/wpcafe-multivendor/assets/js/location-selector-opener.js/wp-content/plugins/wpcafe-multivendor/core/modules/product-addons/assets/js/admin.js
Script Paths
/wpcafe-multivendor/assets/js/admin.js/wpcafe-multivendor/assets/css/admin.css/wpcafe-multivendor/assets/js/public.js/wpcafe-multivendor/assets/build/js/dashboard.js/wpcafe-multivendor/assets/js/location-selector-opener.js/wpcafe-multivendor/core/modules/product-addons/assets/js/admin.js
Version Parameters
wpcafe-multivendor/assets/js/admin.js?ver=wpcafe-multivendor/assets/css/admin.css?ver=wpcafe-multivendor/assets/js/public.js?ver=wpcafe-multivendor/assets/build/js/dashboard.js?ver=wpcafe-multivendor/assets/js/location-selector-opener.js?ver=wpcafe-multivendor/core/modules/product-addons/assets/js/admin.js?ver=

HTML / DOM Fingerprints

JS Globals
Wpcafe_Multivendor
FAQ

Frequently Asked Questions about WPCafe Multivendor Restaurant Addon for Dokan