Does SimpleShop have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is SimpleShop compatible with WordPress 6.8.5?

According to WordPress.org data, SimpleShop 2.16.0 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is SimpleShop compatible with PHP 7.4+?

SimpleShop requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is SimpleShop updated?

SimpleShop was last updated on Nov 7, 2025. Frequent updates are generally a positive security signal.

What is SimpleShop's security score?

SimpleShop has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

SimpleShop Security & Risk Analysis

wordpress.org/plugins/simpleshop-cz

The SimpleShop WP plugin connects your WordPress website with a SimpleShop account and allows you to restrict the access only for members.

1K active installs v2.16.0 PHP 7.4+ WP 6.6+ Updated Nov 7, 2025

access-controlmembermembershipselling-formsimpleshop

A · Safe

CVEs total2

Unpatched0

Last CVEMay 3, 2024

Plugin page Download

Safety Verdict

Is SimpleShop Safe to Use in 2026?

Generally Safe

Score 99/100

SimpleShop has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

2 known CVEsLast CVE: May 3, 2024Updated 6mo ago

Risk Assessment

The simpleshop-cz v2.16.0 plugin exhibits a mixed security posture. On the positive side, the plugin demonstrates good coding practices by exclusively using prepared statements for its SQL queries and having a high percentage of properly escaped output. The absence of dangerous functions and external HTTP requests are also strong indicators of a secure codebase. However, there are notable areas of concern. The plugin has a single unprotected AJAX handler, representing a direct entry point for potential attackers. Furthermore, its vulnerability history reveals two known medium severity vulnerabilities, both related to Missing Authorization and Improper Access Control. While currently unpatched CVEs are zero, the pattern of these vulnerabilities suggests a recurring weakness in access control implementation, which could be exploited if similar flaws exist in the current version, even if not yet publicly disclosed or patched.

Despite the absence of critical taint flows and dangerous functions, the presence of an unprotected AJAX endpoint is a significant risk. This can be exploited to perform actions without proper authentication or authorization, potentially leading to data breaches or unauthorized modifications. The historical medium severity vulnerabilities, particularly those concerning authorization and access control, further underscore the need for caution. While the plugin has made strides in secure coding practices like prepared statements and output escaping, these gains are somewhat undermined by the identified attack surface and past security incidents. Therefore, while the plugin shows potential for security, vigilant monitoring and a proactive approach to patching any future vulnerabilities are recommended.

Key Concerns

Unprotected AJAX handler
Past medium severity vulnerabilities (2)

Vulnerabilities

2 published

SimpleShop Security Vulnerabilities

CVEs by Year

2 CVEs in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2024-1229medium · 5.3Missing Authorization

SimpleShop <= 2.10.2 - Missing Authorization

May 3, 2024 Patched in 2.10.3 (7d)

CVE-2024-1230medium · 4.3Improper Access Control

SimpleShop <= 2.10.0 - Cross-Site Request Forgery

May 3, 2024 Patched in 2.10.1 (7d)

Version History

SimpleShop Release Timeline

v2.16.0Current

v2.14.1

v2.14.0

v2.13.0

v2.12.2

v2.12.1

v2.12.0

v2.11.0

v2.10.3

v2.10.21 CVE

CVE-2024-1229

v2.10.11 CVE

CVE-2024-1229

v2.10.02 CVEs

CVE-2024-1229 CVE-2024-1230

v2.9.12 CVEs

CVE-2024-1229 CVE-2024-1230

v2.9.02 CVEs

CVE-2024-1229 CVE-2024-1230

v2.8.62 CVEs

CVE-2024-1229 CVE-2024-1230

v2.8.52 CVEs

CVE-2024-1229 CVE-2024-1230

v2.8.42 CVEs

CVE-2024-1229 CVE-2024-1230

v2.8.32 CVEs

CVE-2024-1229 CVE-2024-1230

v2.8.22 CVEs

CVE-2024-1229 CVE-2024-1230

v2.8.12 CVEs

CVE-2024-1229 CVE-2024-1230

Code Analysis

Analyzed Mar 16, 2026

SimpleShop Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

35 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared2 total queries

Output Escaping

90% escaped39 total outputs

Attack Surface

1 unprotected

SimpleShop Attack Surface

Entry Points3

Unprotected1

AJAX Handlers 1

authwp_ajax_load_simple_shop_productssrc\Admin.php:40

Shortcodes 2

[SimpleShop-form] src\Shortcodes.php:26

[SimpleShop-content] src\Shortcodes.php:27

WordPress Hooks 44

actiontemplate_redirectsrc\Access.php:27

filterwp_setup_nav_menu_itemsrc\Access.php:30

actionwp_headsrc\Access.php:31

actioninitsrc\Access.php:32

filterlogin_redirectsrc\Access.php:33

filterpre_get_postssrc\Access.php:34

actionsimpleshop_send_welcome_emailsrc\Access.php:35

actionadmin_menusrc\Admin.php:32

filtermanage_edit-ssc_group_columnssrc\Admin.php:33

actionmanage_ssc_group_posts_custom_columnsrc\Admin.php:34

actioninitsrc\Admin.php:35

actioninitsrc\Admin.php:36

filterpage_row_actionssrc\Admin.php:37

actionwp_headsrc\Admin.php:38

actionadmin_headsrc\Admin.php:39

actionadmin_enqueue_scriptssrc\Admin.php:41

filtermce_external_pluginssrc\Admin.php:147

filtermce_buttonssrc\Admin.php:148

actionssc_send_user_has_access_to_post_notificationsrc\Cron.php:26

actioninitsrc\Gutenberg.php:24

actionadmin_initsrc\Gutenberg.php:25

filterrender_blocksrc\Gutenberg.php:26

actioncmb2_admin_initsrc\Metaboxes.php:21

actionshow_user_profilesrc\Metaboxes.php:22

actionedit_user_profilesrc\Metaboxes.php:23

actionpersonal_options_updatesrc\Metaboxes.php:24

actionedit_user_profile_updatesrc\Metaboxes.php:25

actionadd_meta_boxessrc\Metaboxes.php:26

filtercmb2_override_meta_valuesrc\Metaboxes.php:27

filtercmb2_override_meta_savesrc\Metaboxes.php:28

filtercmb2_save_fieldsrc\Metaboxes.php:29

actionadmin_initsrc\Plugin.php:48

actionrest_api_initsrc\Rest.php:24

actionadmin_initsrc\Settings.php:68

actionadmin_menusrc\Settings.php:69

actioncmb2_admin_initsrc\Settings.php:70

filtercmb2_render_ssc_disconnect_buttonsrc\Settings.php:71

filtercmb2_render_ssc_profile_buttonsrc\Settings.php:72

actionadmin_initsrc\Settings.php:73

actionadmin_initsrc\Settings.php:74

actionadmin_print_stylessrc\Settings.php:75

actionadmin_noticessrc\Settings.php:538

actionadmin_noticessrc\Settings.php:542

actioninitsrc\Shortcodes.php:20

Scheduled Events 2

ssc_send_user_has_access_to_post_notification

simpleshop_send_welcome_email

Maintenance & Trust

SimpleShop Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedNov 7, 2025

PHP min version7.4

Downloads30K

Community Trust

Rating0/100

Number of ratings0

Active installs1K

Alternatives

SimpleShop Alternatives

Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More

content-control

Restrict content based on login status, user roles, device type & more. Monetize your content with a paywall or members-only content.

40K 4 CVEs

Groups

groups

Groups is an efficient and powerful solution, providing group-based user membership management, group-based capabilities and content access control.

10K 2 CVEs

Restrict User Access – Ultimate Membership & Content Protection

restrict-user-access

Create Access Levels and restrict any post, page, category, etc. Supports bbPress, BuddyPress, WooCommerce, WPML, and more.

10K 2 CVEs

Groups 404 Redirect

groups-404-redirect

100

Redirect 404's when a visitor tries to access a page protected by Groups.

1K No CVEs

RoleMaster Suite – User Role Editor for Ecommerce, Membership admin panel

rolemaster-suite

100

Role Master Suite the best user role management and access control plugin. Create, modify, and assign capabilities, ideal for ecommerce and membership …

600 No CVEs

Developer Profile

SimpleShop Developer Profile

Redbit s.r.o.

1 plugin · 1K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

7 days

View full developer profile

Detection Fingerprints

How We Detect SimpleShop

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/simpleshop-cz/js/tiny-mce/tiny-mce.js

Script Paths

/wp-content/plugins/simpleshop-cz/js/tiny-mce/tiny-mce.js

HTML / DOM Fingerprints

CSS Classes

misc-pub-sectionmisc-pub-visibilitycurtime

HTML Comments

Data Attributes

data-tinymce-button

JS Globals

sscContentGroups

REST Endpoints

/wp-json/simpleshop-cz/v1/products

Shortcode Output

[simpleshop_product_list][simpleshop_member_button][simpleshop_member_access]

FAQ

SimpleShop Security & Risk Analysis

Is SimpleShop Safe to Use in 2026?

Generally Safe

Key Concerns

SimpleShop Security Vulnerabilities

CVEs by Year

Severity Breakdown

SimpleShop Release Timeline

SimpleShop Code Analysis

SQL Query Safety

Output Escaping

SimpleShop Attack Surface

AJAX Handlers 1

Shortcodes 2

Scheduled Events 2

SimpleShop Maintenance & Trust

Maintenance Signals

Community Trust

SimpleShop Alternatives

Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More

Groups

Restrict User Access – Ultimate Membership & Content Protection

Groups 404 Redirect

RoleMaster Suite – User Role Editor for Ecommerce, Membership admin panel

SimpleShop Developer Profile

How We Detect SimpleShop

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about SimpleShop