WP-Safety

Category Restriction WooCommerce Security & Risk Analysis

wordpress.org/plugins/restrict-purchase-with-category

This Plugin performs following functions. Developed by themelocation

10 active installs v1.0 PHP + WP 4.4+ Updated Mar 23, 2017
order-in-one-categorypurchase-in-one-categoryrestrict-woocommerce-categorywoocommerce
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Category Restriction WooCommerce Safe to Use in 2026?

Generally Safe

Score 85/100

Category Restriction WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago
Risk Assessment

The plugin "restrict-purchase-with-category" v1.0 exhibits a concerning security posture, primarily due to an unprotected AJAX handler, which presents a significant attack surface. While the plugin doesn't utilize dangerous functions, perform file operations, or make external HTTP requests, the lack of authentication on its single AJAX entry point is a critical weakness. Furthermore, all SQL queries are executed without prepared statements, increasing the risk of SQL injection vulnerabilities, and a substantial portion of output is not properly escaped, potentially leading to cross-site scripting (XSS) issues. The absence of known CVEs and vulnerability history is a positive indicator, suggesting the plugin has not historically been a target or found to be vulnerable. However, this does not negate the immediate risks identified in the static analysis. The plugin needs urgent attention to address the unprotected AJAX handler and the lack of prepared statements in its SQL queries to improve its overall security.

Key Concerns

  • AJAX handler without authentication
  • SQL queries without prepared statements
  • Low percentage of properly escaped output
  • No nonce checks on AJAX
Vulnerabilities
None known

Category Restriction WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Category Restriction WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
6
0 prepared
Unescaped Output
6
5 escaped
Nonce Checks
0
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

0% prepared6 total queries

Output Escaping

45% escaped11 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths
CRW10500AdminAction (category_restriction_woocommerce.php:88)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Category Restriction WooCommerce Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_process_responsecategory_restriction_woocommerce.php:149
WordPress Hooks 8
actionadmin_action_crw10500category_restriction_woocommerce.php:86
actionwp_print_scriptscategory_restriction_woocommerce.php:115
actionadmin_menucategory_restriction_woocommerce.php:152
actionwoocommerce_before_single_productcategory_restriction_woocommerce.php:231
actionwoocommerce_before_single_product_summarycategory_restriction_woocommerce.php:271
actionwoocommerce_after_shop_loop_itemcategory_restriction_woocommerce.php:315
actionwoocommerce_after_shop_loop_itemcategory_restriction_woocommerce.php:356
actionwoocommerce_after_shop_loop_itemcategory_restriction_woocommerce.php:361
Maintenance & Trust

Category Restriction WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested4.5.33
Last updatedMar 23, 2017
PHP min version
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Category Restriction WooCommerce Alternatives

Essential Addons for Elementor – Popular Elementor Templates & Widgets

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

B
76

Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.

2.0M 56 CVEs
Google for WooCommerce

Google for WooCommerce

google-listings-and-ads

A
99

Native integration with Google that allows merchants to easily display their products across Google’s network.

900K 1 CVE
WooPayments: Integrated WooCommerce Payments

WooPayments: Integrated WooCommerce Payments

woocommerce-payments

A
97

Securely accept credit and debit cards on your WooCommerce store. Manage payments without leaving your WordPress dashboard. Only with WooPayments.

900K 6 CVEs
WooCommerce PayPal Payments

WooCommerce PayPal Payments

woocommerce-paypal-payments

A
100

PayPal's latest payment processing solution. Accept PayPal, Pay Later, credit/debit cards, alternative digital wallets and bank accounts.

800K 1 CVE
Click to Chat – HoliThemes

Click to Chat – HoliThemes

click-to-chat-for-whatsapp

A
96

WhatsApp Chat🔥. Let's make your Web page visitors contact you through 'WhatsApp', 'WhatsApp Business'. Add matching Widget✅

700K 3 CVEs
Developer Profile

Category Restriction WooCommerce Developer Profile

themelocation

6 plugins · 10K total installs

64
trust score
Avg Security Score
78/100
Avg Patch Time
111 days
View full developer profile
Detection Fingerprints

How We Detect Category Restriction WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/restrict-purchase-with-category/process-ajax.js
Script Paths
/wp-content/plugins/restrict-purchase-with-category/process-ajax.js

HTML / DOM Fingerprints

Data Attributes
id="settingcontainer"id="catForm"id="msgNote"
JS Globals
var the_ajax_scriptvar ajaxurlvar admin_url
REST Endpoints
/wp-json/wp/v2/users
FAQ

Frequently Asked Questions about Category Restriction WooCommerce