Does Maximum Products per User for WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in Maximum Products per User for WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Maximum Products per User for WooCommerce compatible with WordPress 6.9.4?

According to WordPress.org data, Maximum Products per User for WooCommerce 4.4.6 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Maximum Products per User for WooCommerce updated?

Maximum Products per User for WooCommerce was last updated on Mar 11, 2026. Frequent updates are generally a positive security signal.

What is Maximum Products per User for WooCommerce's security score?

Maximum Products per User for WooCommerce has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Maximum Products per User for WooCommerce Security & Risk Analysis

wordpress.org/plugins/maximum-products-per-user-for-woocommerce

Limit number of items your WooCommerce customers can buy (lifetime or in selected date range).

1K active installs v4.4.6 PHP + WP 4.4+ Updated Mar 11, 2026

limitsorder-restrictionproduct-quantityquantity-restrictionwoocommerce

A · Safe

CVEs total2

Unpatched0

Last CVEDec 31, 2025

Plugin page Download

Safety Verdict

Is Maximum Products per User for WooCommerce Safe to Use in 2026?

Generally Safe

Score 98/100

Maximum Products per User for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Dec 31, 2025Updated 23d ago

Risk Assessment

The 'maximum-products-per-user-for-woocommerce' plugin, version 4.4.6, exhibits a mixed security posture. While it demonstrates good practices such as using prepared statements for all SQL queries and implementing nonce checks on most entry points, there are areas of concern.

The static analysis reveals the presence of a dangerous `unserialize` function, which, if not handled with extreme care, can lead to arbitrary code execution if malicious data is passed to it. Furthermore, the taint analysis indicates flows with unsanitized paths, suggesting potential vulnerabilities that could be exploited if user-supplied data is not properly validated or escaped before use.

The plugin's vulnerability history shows two known medium-severity CVEs, both related to Cross-Site Scripting (XSS). While there are currently no unpatched vulnerabilities, the history of XSS issues, even at a medium severity, suggests a recurring pattern that requires ongoing vigilance. The fact that the last vulnerability was in the future (2025-12-31) is likely an error in the data provided and should be disregarded. Overall, the plugin has strengths in its basic security implementations but requires careful scrutiny regarding the `unserialize` function and the identified unsanitized taint flows. Continued monitoring for new vulnerabilities is also recommended.

Key Concerns

Presence of dangerous unserialize function
Taint flows with unsanitized paths found
2 known medium severity CVEs in history
Only 66% of outputs properly escaped
2 out of 7 nonce checks missing for AJAX

Vulnerabilities

Maximum Products per User for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2025-62096medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Maximum Products per User for WooCommerce <= 4.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 31, 2025 Patched in 4.4.4 (9d)

CVE-2024-9205medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Maximum Products per User for WooCommerce <= 4.2.8 - Reflected Cross-Site Scripting

Oct 9, 2024 Patched in 4.2.9 (1d)

Code Analysis

Analyzed Mar 16, 2026

Maximum Products per User for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

16 prepared

Unescaped Output

47 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserializereturn @unserialize( $data, $options ); // @phpcs:ignoreincludes\background-process\class-alg-wc-mppu-deliciousbrains-background-process.php:876

SQL Query Safety

100% prepared16 total queries

Output Escaping

66% escaped71 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

4 flows3 with unsanitized paths

export_orders_data (includes\class-alg-wc-mppu-users.php:302)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Maximum Products per User for WooCommerce Attack Surface

Entry Points12

Unprotected0

AJAX Handlers 3

authwp_ajax_get_mppu_product_sales_dataincludes\class-alg-wc-mppu-reports.php:28

authwp_ajax_get_mppu_term_sales_dataincludes\class-alg-wc-mppu-reports.php:31

authwp_ajax_get_mppu_user_sales_dataincludes\class-alg-wc-mppu-users.php:67

Shortcodes 9

[alg_wc_mppu_translate] includes\class-alg-wc-mppu-shortcodes.php:23

[alg_wc_mppu_current_product_limit] includes\class-alg-wc-mppu-shortcodes.php:24

[alg_wc_mppu_current_product_quantity] includes\class-alg-wc-mppu-shortcodes.php:25

[alg_wc_mppu_term_limit] includes\class-alg-wc-mppu-shortcodes.php:26

[alg_wc_mppu_placeholder] includes\class-alg-wc-mppu-shortcodes.php:27

[alg_wc_mppu_customer_msg] includes\class-alg-wc-mppu-shortcodes.php:28

[alg_wc_mppu_user_product_quantities] includes\class-alg-wc-mppu-shortcodes.php:30

[alg_wc_mppu_user_product_limits] includes\class-alg-wc-mppu-shortcodes.php:31

[alg_wc_mppu_user_terms_limits] includes\class-alg-wc-mppu-shortcodes.php:35

WordPress Hooks 83

filtercron_schedulesincludes\background-process\class-alg-wc-mppu-deliciousbrains-background-process.php:109

actionwoocommerce_checkout_processincludes\class-alg-wc-mppu-core.php:160

actionwoocommerce_before_checkout_formincludes\class-alg-wc-mppu-core.php:161

actionwoocommerce_store_api_cart_errorsincludes\class-alg-wc-mppu-core.php:162

actionwpincludes\class-alg-wc-mppu-core.php:170

filterwoocommerce_add_to_cart_validationincludes\class-alg-wc-mppu-core.php:179

actionwoocommerce_initincludes\class-alg-wc-mppu-core.php:181

filterwoocommerce_product_is_visibleincludes\class-alg-wc-mppu-core.php:185

filterthe_postsincludes\class-alg-wc-mppu-core.php:186

actionwoocommerce_before_single_productincludes\class-alg-wc-mppu-core.php:190

actionwoocommerce_single_product_summaryincludes\class-alg-wc-mppu-core.php:193

filterthe_contentincludes\class-alg-wc-mppu-core.php:196

filteralg_wc_mppu_user_already_bought_do_count_orderincludes\class-alg-wc-mppu-core.php:201

filteralg_wc_mppu_date_to_checkincludes\class-alg-wc-mppu-core.php:205

filteralg_wc_mppu_datetime_to_compareincludes\class-alg-wc-mppu-core.php:207

filteralg_wc_mppu_user_already_boughtincludes\class-alg-wc-mppu-core.php:211

filteralg_wc_mppu_user_already_bought_validationincludes\class-alg-wc-mppu-core.php:213

filterwoocommerce_is_purchasableincludes\class-alg-wc-mppu-core.php:216

filterwoocommerce_quantity_input_argsincludes\class-alg-wc-mppu-core.php:268

filterwoocommerce_available_variationincludes\class-alg-wc-mppu-core.php:269

actionwoocommerce_after_single_variationincludes\class-alg-wc-mppu-core.php:270

filterwoocommerce_store_api_product_quantity_maximumincludes\class-alg-wc-mppu-core.php:271

filteralg_wc_mppu_bkg_process_email_paramsincludes\class-alg-wc-mppu-core.php:590

filterwoocommerce_cart_redirect_after_errorincludes\class-alg-wc-mppu-core.php:1128

filterwoocommerce_cart_redirect_after_errorincludes\class-alg-wc-mppu-core.php:2037

actionwoocommerce_thankyouincludes\class-alg-wc-mppu-data.php:74

actionalg_wc_mppu_after_save_settingsincludes\class-alg-wc-mppu-data.php:83

filterwoocommerce_duplicate_product_exclude_metaincludes\class-alg-wc-mppu-data.php:87

actionwoocommerce_order_partially_refundedincludes\class-alg-wc-mppu-data.php:94

actionwoocommerce_sections_alg_wc_mppuincludes\class-alg-wc-mppu-data.php:407

filteralg_wc_mppu_get_cart_item_quantitiesincludes\class-alg-wc-mppu-modes.php:25

filteralg_wc_mppu_validate_on_add_to_cart_quantityincludes\class-alg-wc-mppu-modes.php:26

filteralg_wc_mppu_save_quantities_item_qtyincludes\class-alg-wc-mppu-modes.php:27

filteralg_wc_mppu_get_cart_item_amount_by_termincludes\class-alg-wc-mppu-modes.php:29

filteralg_wc_mppu_get_cart_item_amount_by_parentincludes\class-alg-wc-mppu-modes.php:30

filteralg_wc_mppu_cart_item_amountincludes\class-alg-wc-mppu-modes.php:31

filteralg_wc_mppu_validate_on_add_to_cart_quantity_do_addincludes\class-alg-wc-mppu-modes.php:32

filteralg_wc_mppu_orders_data_increase_qtyincludes\class-alg-wc-mppu-modes.php:33

filteralg_wc_mppu_totals_dataincludes\class-alg-wc-mppu-modes.php:34

filteralg_wc_mppu_data_product_or_term_idincludes\class-alg-wc-mppu-multi-language.php:40

actioninitincludes\class-alg-wc-mppu-my-account.php:33

actioninitincludes\class-alg-wc-mppu-my-account.php:34

actionalg_wc_mppu_on_activationincludes\class-alg-wc-mppu-my-account.php:35

filterthe_titleincludes\class-alg-wc-mppu-my-account.php:70

actionalg_wc_mppu_after_save_settingsincludes\class-alg-wc-mppu-my-account.php:71

filterquery_varsincludes\class-alg-wc-mppu-my-account.php:72

filterwoocommerce_account_menu_itemsincludes\class-alg-wc-mppu-my-account.php:73

actionwp_headincludes\class-alg-wc-mppu-my-account.php:75

actionadd_meta_boxesincludes\class-alg-wc-mppu-reports.php:23

actionproduct_tag_edit_formincludes\class-alg-wc-mppu-reports.php:24

actionproduct_cat_edit_formincludes\class-alg-wc-mppu-reports.php:25

filteralg_wc_mppu_user_product_limits_item_validationincludes\class-alg-wc-mppu-shortcodes.php:32

filteralg_wc_mppu_user_product_limits_query_argsincludes\class-alg-wc-mppu-shortcodes.php:33

filteralg_wc_mppu_user_terms_limits_item_validationincludes\class-alg-wc-mppu-shortcodes.php:36

actionshow_user_profileincludes\class-alg-wc-mppu-users.php:61

actionedit_user_profileincludes\class-alg-wc-mppu-users.php:62

actionpersonal_options_updateincludes\class-alg-wc-mppu-users.php:63

actionedit_user_profile_updateincludes\class-alg-wc-mppu-users.php:64

actionadmin_footer-profile.phpincludes\class-alg-wc-mppu-users.php:65

actionadmin_footer-user-edit.phpincludes\class-alg-wc-mppu-users.php:66

actionadmin_noticesincludes\class-alg-wc-mppu-users.php:68

actionadmin_initincludes\class-alg-wc-mppu-users.php:71

actionadmin_initincludes\class-alg-wc-mppu-users.php:74

filteralg_wc_mppu_profile_page_table_rowincludes\class-alg-wc-mppu-users.php:80

filteradmin_initincludes\class-alg-wc-mppu-users.php:81

actionadmin_noticesincludes\class-alg-wc-mppu-users.php:82

actioninitincludes\class-alg-wc-mppu.php:95

actioninitincludes\class-alg-wc-mppu.php:101

actionbefore_woocommerce_initincludes\class-alg-wc-mppu.php:104

filterwoocommerce_get_settings_pagesincludes\class-alg-wc-mppu.php:229

actionadmin_initincludes\class-alg-wc-mppu.php:232

actionadd_meta_boxesincludes\settings\class-alg-wc-mppu-settings-per-product.php:24

actionsave_post_productincludes\settings\class-alg-wc-mppu-settings-per-product.php:25

actionproduct_tag_edit_form_fieldsincludes\settings\class-alg-wc-mppu-settings-per-term.php:24

actionedit_product_tagincludes\settings\class-alg-wc-mppu-settings-per-term.php:25

actionproduct_cat_edit_form_fieldsincludes\settings\class-alg-wc-mppu-settings-per-term.php:28

actionedit_product_catincludes\settings\class-alg-wc-mppu-settings-per-term.php:29

filterwoocommerce_get_sections_alg_wc_mppuincludes\settings\class-alg-wc-mppu-settings-section.php:41

filterwoocommerce_admin_settings_sanitize_optionincludes\settings\class-alg-wc-mppu-settings.php:26

actionadmin_initincludes\settings\class-alg-wc-mppu-settings.php:39

actionadmin_noticesincludes\settings\class-alg-wc-mppu-settings.php:171

actionplugins_loadedmaximum-products-per-user-for-woocommerce.php:71

actionadmin_initmaximum-products-per-user-for-woocommerce.php:86

Maintenance & Trust

Maximum Products per User for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 11, 2026

PHP min version

Downloads114K

Community Trust

Rating92/100

Number of ratings42

Active installs1K

Alternatives

Maximum Products per User for WooCommerce Alternatives

Min and Max Quantity for WooCommerce

minmax-quantity-for-woocommerce

100

Min and Max Quantity for WooCommerce - set limits for cost of products in orders and in groups and limits for quantity of products, product variations …

20K No CVEs

Min Max Quantities – Set Minimum/Maximum Quantity & Price Limits with Step Control for WooCommerce

wc-min-max-quantities

100

Set minimum and maximum order quantities or amounts for individual products, categories, or globally, with quantity-step control for WooCommerce store …

10K No CVEs

Minimum Purchase Amount For Woo Cart – For WooCommerce

minimum-purchase-amount-for-woo-cart

100

Want to increase your WooCommerce average order value? This plugin allows you to set minimum order value for your entire store, specific user roles, and for the free shipping. Start optimizing your sales today!

4K No CVEs

Order Limit for WooCommerce – Set Order Restrictions, Min and Max Amount/Quantity, Cart Control, and Checkout Restrictions

wc-order-limit-lite

Set WooCommerce order limits with ease. Control min/max quantities, cart totals, category rules, user role restrictions, and checkout limit.

900 2 CVEs

Limit Orders for WooCommerce

limit-orders

Automatically disable WooCommerce's checkout process after reaching a maximum number of orders.

300 No CVEs

Developer Profile

Maximum Products per User for WooCommerce Developer Profile

WPFactory

63 plugins · 136K total installs

trust score

Avg Security Score

97/100

Avg Patch Time

90 days

View full developer profile

Detection Fingerprints

How We Detect Maximum Products per User for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/maximum-products-per-user-for-woocommerce/assets/css/alg-wc-mppu-frontend.css/wp-content/plugins/maximum-products-per-user-for-woocommerce/assets/js/alg-wc-mppu-frontend.js

Script Paths

/wp-content/plugins/maximum-products-per-user-for-woocommerce/vendor/phpseclib/phpseclib/phpseclib/Crypt/AES.php/wp-content/plugins/maximum-products-per-user-for-woocommerce/vendor/phpseclib/phpseclib/phpseclib/Crypt/Random.php/wp-content/plugins/maximum-products-per-user-for-woocommerce/vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger.php/wp-content/plugins/maximum-products-per-user-for-woocommerce/vendor/phpseclib/phpseclib/phpseclib/Crypt/Hash.php/wp-content/plugins/maximum-products-per-user-for-woocommerce/vendor/phpseclib/phpseclib/phpseclib/Crypt/TripleDES.php/wp-content/plugins/maximum-products-per-user-for-woocommerce/vendor/phpseclib/phpseclib/phpseclib/Crypt/Rijndael.php+59 more

Version Parameters

maximum-products-per-user-for-woocommerce/assets/css/alg-wc-mppu-frontend.css?ver=maximum-products-per-user-for-woocommerce/assets/js/alg-wc-mppu-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

alg-wc-mppu-user-product-limitsalg-wc-mppu-my-account-tab

HTML Comments

Maximum Products per User for WooCommerce - My Account.Maximum Products per User for WooCommerce - Shortcodes.

Data Attributes

data-alg-wc-mppu-product-iddata-alg-wc-mppu-limitdata-alg-wc-mppu-user-id

JS Globals

alg_wc_mppu_data

Shortcode Output

[alg_wc_mppu_user_product_limits]

FAQ