Does Pepperi Open Catalog have any unpatched vulnerabilities?

No. All known vulnerabilities in Pepperi Open Catalog have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Pepperi Open Catalog compatible with WordPress 6.3.8?

According to WordPress.org data, Pepperi Open Catalog 2.1.0 has been tested up to WordPress 6.3.8. Check the plugin's changelog for the latest compatibility information.

Is Pepperi Open Catalog compatible with PHP 7.0+?

Pepperi Open Catalog requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Pepperi Open Catalog updated?

Pepperi Open Catalog was last updated on Apr 4, 2024. Frequent updates are generally a positive security signal.

What is Pepperi Open Catalog's security score?

Pepperi Open Catalog has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Pepperi Open Catalog Security & Risk Analysis

wordpress.org/plugins/pepperi-open-catalog

Allows distributors and wholesalers using the Pepperi B2B eCommerce module to share their product catalog with potential customers as an open catalog …

10 active installs v2.1.0 PHP 7.0+ WP 4.7+ Updated Apr 4, 2024

catalogecommerceproducts

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Pepperi Open Catalog Safe to Use in 2026?

Generally Safe

Score 92/100

Pepperi Open Catalog has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The 'pepperi-open-catalog' plugin v2.1.0 exhibits a mixed security posture. On the positive side, there are no known vulnerabilities (CVEs) associated with this plugin, and the code demonstrates good practices such as using prepared statements for all SQL queries and a high percentage of properly escaped output. The absence of file operations and dangerous functions is also encouraging.

However, significant concerns arise from the static analysis. The plugin exposes two AJAX handlers without any authentication or capability checks, creating a direct attack vector. Furthermore, the taint analysis revealed two flows with unsanitized paths. While these were not flagged as critical or high severity, the presence of unsanitized paths is a serious indicator of potential injection vulnerabilities. The lack of nonce checks on the unprotected AJAX handlers exacerbates this risk, making them susceptible to Cross-Site Request Forgery (CSRF) attacks.

Overall, while the plugin benefits from a clean vulnerability history and robust SQL handling, the unprotected entry points and unsanitized paths represent tangible security risks that require immediate attention. The absence of capability checks on AJAX handlers is a critical oversight. The plugin has a moderate risk profile due to these specific weaknesses.

Key Concerns

AJAX handlers without auth checks
Flows with unsanitized paths
Missing nonce checks on AJAX
Output escaping is not 100%

Vulnerabilities

None known

Pepperi Open Catalog Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Pepperi Open Catalog Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

12 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

75% escaped16 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

getPepToken (ajax\Ajax.php:14)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Pepperi Open Catalog Attack Surface

Entry Points8

Unprotected2

AJAX Handlers 2

noprivwp_ajax_getPepTokenajax\Ajax.php:10

authwp_ajax_getPepTokenajax\Ajax.php:11

Shortcodes 6

[pepperi_oc_top_bar] wp-pepOpenCatalog.php:43

[pepperi_oc_products_filter] wp-pepOpenCatalog.php:44

[pepperi_oc_products] wp-pepOpenCatalog.php:45

[pepperi_oc_products_carousel] wp-pepOpenCatalog.php:46

[pepperi_oc_product_details] wp-pepOpenCatalog.php:47

[pepperi_oc_breadcrumbs] wp-pepOpenCatalog.php:48

WordPress Hooks 12

actionadmin_enqueue_scriptsinc\settings.php:32

actionwp_enqueue_scriptsinc\settings.php:37

actionadmin_enqueue_scriptsinc\settings.php:38

filterplugin_action_links_PepperiOpenCatalog/wp-pepOpenCatalog.phpinc\settings.php:40

actionadmin_menuinc\settings.php:41

actionadmin_initinc\settings.php:49

actionadmin_initinc\settings.php:50

actionadmin_initinc\settings.php:51

filterbody_classwp-pepOpenCatalog.php:39

actionwp_enqueue_scriptswp-pepOpenCatalog.php:40

actionwp_enqueue_scriptswp-pepOpenCatalog.php:41

actionwp_headwp-pepOpenCatalog.php:42

Maintenance & Trust

Pepperi Open Catalog Maintenance & Trust

Maintenance Signals

WordPress version tested6.3.8

Last updatedApr 4, 2024

PHP min version7.0

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Pepperi Open Catalog Alternatives

External Store for Shopify

wp-shopify

Display products from your Shopify store on your WordPress blog using shortcodes.

3K 2 CVEs

YITH WooCommerce Catalog Mode

yith-woocommerce-catalog-mode

YITH WooCommerce Catalog Mode, a plugin for disabling sales in your e-commerce and turn it into an e-commerce into an online catalogue.

60K 1 CVE

Bulky – Bulk Edit Products for WooCommerce

bulky-bulk-edit-products-for-woo

100

A helpful tool that allows you to bulk edit available attributes of products such as ID, Title, Content,...

10K No CVEs

WooCommerce Grid / List toggle

woocommerce-grid-list-toggle

Adds a grid/list view toggle to product archives

10K No CVEs

eCommerce Product Catalog Plugin for WordPress

ecommerce-product-catalog

eCommerce Product Catalog is a powerful and free plugin to sell with a beautiful eCommerce or request for a quote WordPress website.

8K 16 CVEs

Developer Profile

Pepperi Open Catalog Developer Profile

Pepperi

1 plugin · 10 total installs

trust score

Avg Security Score

92/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Pepperi Open Catalog

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/pepperi-open-catalog/styles/plugin.css/wp-content/plugins/pepperi-open-catalog/styles/styles.css/wp-content/plugins/pepperi-open-catalog/scripts/webcomponent.js/wp-content/plugins/pepperi-open-catalog/scripts/pepUtils.js/wp-content/plugins/pepperi-open-catalog/scripts/pepperiComponents.js/wp-content/plugins/pepperi-open-catalog/scripts/openCatalog_main.js/wp-content/plugins/pepperi-open-catalog/scripts/topItems_main.js/wp-content/plugins/pepperi-open-catalog/scripts/itemDetails_main.js+1 more

Script Paths

/wp-content/plugins/pepperi-open-catalog/scripts/webcomponent.js/wp-content/plugins/pepperi-open-catalog/scripts/pepUtils.js/wp-content/plugins/pepperi-open-catalog/scripts/pepperiComponents.js/wp-content/plugins/pepperi-open-catalog/scripts/openCatalog_main.js/wp-content/plugins/pepperi-open-catalog/scripts/topItems_main.js/wp-content/plugins/pepperi-open-catalog/scripts/itemDetails_main.js+1 more

Version Parameters

pepperi-open-catalog/styles/plugin.css?ver=pepperi-open-catalog/styles/styles.css?ver=pepperi-open-catalog/scripts/webcomponent.js?ver=pepperi-open-catalog/scripts/pepUtils.js?ver=pepperi-open-catalog/scripts/pepperiComponents.js?ver=pepperi-open-catalog/scripts/openCatalog_main.js?ver=pepperi-open-catalog/scripts/topItems_main.js?ver=pepperi-open-catalog/scripts/itemDetails_main.js?ver=pepperi-open-catalog/scripts/pep_oc_carousel_main.js?ver=

HTML / DOM Fingerprints

CSS Classes

pepperi-theme

Data Attributes

data-pep-id

JS Globals

plugin_Settings

Shortcode Output

<div class='pep-header'><div class='pep-smart-search'><div class='pep-list-wrapper'><div class='pep-carousel-wrapper'>

FAQ