Does Superstore have any unpatched vulnerabilities?

No. All known vulnerabilities in Superstore have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Superstore compatible with WordPress 6.4.8?

According to WordPress.org data, Superstore 1.0.0 has been tested up to WordPress 6.4.8. Check the plugin's changelog for the latest compatibility information.

Is Superstore compatible with PHP 7.0+?

Superstore requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Superstore updated?

Superstore was last updated on Jan 2, 2024. Frequent updates are generally a positive security signal.

What is Superstore's security score?

Superstore has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Superstore Security & Risk Analysis

wordpress.org/plugins/superstore

Superstore is the most advanced multivendor marketplace plugin for WordPress.

0 active installs v1.0.0 PHP 7.0+ WP 5.4+ Updated Jan 2, 2024

marketplacemulti-sellermulti-vendormultivendorwoocommerce-multivendor-marketplace

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Superstore Safe to Use in 2026?

Generally Safe

Score 85/100

Superstore has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The 'superstore' plugin version 1.0.0 exhibits a generally good security posture with several strengths. The static analysis reveals a complete absence of unprotected AJAX handlers, REST API routes, shortcodes, and cron events, indicating a strong emphasis on securing its entry points. The plugin also demonstrates a diligent approach to SQL injection prevention, with all queries utilizing prepared statements. Furthermore, the presence of a significant number of nonce and capability checks suggests a well-thought-out authorization mechanism. The lack of known CVEs and a clean vulnerability history further bolster its security reputation, implying diligent development and testing practices.

However, there are a few areas that warrant attention. While the majority of output is properly escaped, the 11% of unescaped outputs could potentially lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is involved in these specific instances. The taint analysis, although with a limited number of flows, did identify one flow with unsanitized paths. This is a critical finding as it signifies a potential vulnerability that could allow for directory traversal or other path-related attacks if not handled with extreme care. The presence of file operations and external HTTP requests, though not inherently insecure, increases the potential attack surface and necessitates careful implementation to prevent abuse.

In conclusion, 'superstore' v1.0.0 has a strong foundation in secure coding practices, particularly concerning authentication and SQL injection. The primary concerns revolve around the minor percentage of unescaped output and the single identified unsanitized path flow. Addressing these specific issues would significantly enhance the plugin's security, bringing it closer to an ideal state.

Key Concerns

Unescaped output identified
Taint flow with unsanitized paths

Vulnerabilities

None known

Superstore Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Superstore Code Analysis

Dangerous Functions

Raw SQL Queries

29 prepared

Unescaped Output

447 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared29 total queries

Output Escaping

89% escaped501 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

5 flows1 with unsanitized paths

save_admin_settings (includes\Ajax.php:41)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Superstore Attack Surface

Entry Points13

Unprotected0

AJAX Handlers 13

authwp_ajax_superstore_save_settingsincludes\Ajax.php:19

authwp_ajax_superstore_close_admin_wizardincludes\Ajax.php:20

authwp_ajax_superstore_dismiss_upgrade_noticeincludes\Ajax.php:21

authwp_ajax_superstore_save_seller_settingsincludes\Ajax.php:23

authwp_ajax_superstore_close_seller_wizardincludes\Ajax.php:24

authwp_ajax_superstore_upload_fileincludes\Ajax.php:25

noprivwp_ajax_superstore_store_nicename_availableincludes\Ajax.php:26

authwp_ajax_superstore_get_seller_settings_valuesincludes\Ajax.php:27

authwp_ajax_superstore_change_passwordincludes\Ajax.php:28

authwp_ajax_superstore_logout_sellerincludes\Ajax.php:29

authwp_ajax_superstore_export_order_csvincludes\Ajax.php:30

authwp_ajax_superstore_contact_sellerincludes\Ajax.php:31

noprivwp_ajax_superstore_contact_sellerincludes\Ajax.php:32

WordPress Hooks 105

actioninitincludes\Assets.php:19

actioninitincludes\Assets.php:20

actionadmin_enqueue_scriptsincludes\Assets.php:23

actionwp_enqueue_scriptsincludes\Assets.php:25

filterwoocommerce_order_item_get_formatted_meta_dataincludes\Commission.php:28

actionwoocommerce_order_status_changedincludes\Commission.php:29

actionwoocommerce_thankyou_ppec_paypalincludes\Commission.php:30

actionsuperstore_contact_sellerincludes\Email\ContactSeller.php:27

filterwoocommerce_email_classesincludes\Email\Controller.php:14

filterwoocommerce_template_directoryincludes\Email\Controller.php:15

filterwoocommerce_email_actionsincludes\Email\Controller.php:16

actionsuperstore_new_paymentincludes\Email\NewPayment.php:27

actionsuperstore_rest_insert_product_objectincludes\Email\NewProduct.php:27

actionsuperstore_new_sellerincludes\Email\NewSeller.php:27

actionsuperstore_product_publishedincludes\Email\ProductPublished.php:27

actionsuperstore_update_paymentincludes\Email\UpdatePayment.php:28

actionadmin_initincludes\Hooks\Core.php:14

filtershow_admin_barincludes\Hooks\Core.php:15

filterposts_whereincludes\Hooks\Core.php:16

filterajax_query_attachments_argsincludes\Hooks\Core.php:17

actionwoocommerce_process_shop_order_metaincludes\Hooks\Order.php:17

actionmanage_shop_order_posts_custom_columnincludes\Hooks\Order.php:18

filterwoocommerce_reports_get_order_report_queryincludes\Hooks\Order.php:19

filtermanage_edit-shop_order_columnsincludes\Hooks\Order.php:20

actionadmin_footer-edit.phpincludes\Hooks\Order.php:21

actionwp_trash_postincludes\Hooks\Order.php:22

actionuntrash_postincludes\Hooks\Order.php:23

actiondelete_postincludes\Hooks\Order.php:24

actionrestrict_manage_postsincludes\Hooks\Order.php:25

filterpost_classincludes\Hooks\Order.php:26

actionwoocommerce_order_status_changedincludes\Hooks\Order.php:29

actionwoocommerce_order_status_changedincludes\Hooks\Order.php:30

actionwoocommerce_checkout_update_order_metaincludes\Hooks\Order.php:31

filterwoocommerce_coupon_is_validincludes\Hooks\Order.php:32

actionwoocommerce_reduce_order_stockincludes\Hooks\Order.php:33

actionwoocommerce_reduce_order_stockincludes\Hooks\Order.php:34

actionwc-admin_import_ordersincludes\Hooks\Order.php:35

filterwoocommerce_analytics_orders_select_queryincludes\Hooks\Order.php:36

filtermanage_edit-shop_order_columnsincludes\Hooks\Order.php:38

filterwoocommerce_admin_order_preview_actionsincludes\Hooks\Order.php:39

filterwoocommerce_rest_prepare_shop_order_objectincludes\Hooks\Order.php:40

actionwoocommerce_order_status_changedincludes\Hooks\Order.php:41

actionwoocommerce_order_status_pending_to_on-holdincludes\Hooks\Order.php:42

actionwoocommerce_order_status_on-hold_to_processingincludes\Hooks\Order.php:43

actionwoocommerce_order_status_pending_to_processingincludes\Hooks\Order.php:44

actionwoocommerce_order_status_completedincludes\Hooks\Order.php:45

filterwoocommerce_my_account_my_orders_queryincludes\Hooks\Order.php:47

actionwoocommerce_order_item_meta_startincludes\Hooks\Order.php:48

actionwoocommerce_order_details_after_order_tableincludes\Hooks\Order.php:49

actionwoocommerce_order_status_changedincludes\Hooks\Order.php:418

actionadd_meta_boxesincludes\Hooks\Product.php:15

actionwoocommerce_process_product_metaincludes\Hooks\Product.php:16

actionmanage_product_posts_custom_columnincludes\Hooks\Product.php:17

actionwoocommerce_product_quick_edit_endincludes\Hooks\Product.php:18

actionwoocommerce_product_bulk_edit_endincludes\Hooks\Product.php:19

actionwoocommerce_product_quick_edit_saveincludes\Hooks\Product.php:20

actionwoocommerce_product_bulk_edit_saveincludes\Hooks\Product.php:21

actionpending_to_publishincludes\Hooks\Product.php:22

filtermanage_edit-product_columnsincludes\Hooks\Product.php:23

filterwoocommerce_product_tabsincludes\Hooks\Product.php:26

filterwoocommerce_get_item_dataincludes\Hooks\Product.php:27

filterwoocommerce_register_post_type_productincludes\Hooks\Product.php:28

actionwoocommerce_product_duplicateincludes\Hooks\Product.php:29

actionwoocommerce_register_formincludes\Hooks\WCGeneral.php:14

filterwoocommerce_login_redirectincludes\Hooks\WCGeneral.php:15

filterwoocommerce_email_headersincludes\Hooks\WCGeneral.php:16

filterwoocommerce_dashboard_status_widget_sales_queryincludes\Hooks\WCGeneral.php:17

filterwoocommerce_email_recipient_cancelled_orderincludes\Hooks\WCGeneral.php:18

actionphpmailer_initincludes\Hooks\WCGeneral.php:19

actionwoocommerce_before_single_productincludes\Hooks\WCGeneral.php:20

actionwoocommerce_account_dashboardincludes\Hooks\WCGeneral.php:21

filterwoocommerce_product_data_store_cpt_get_products_queryincludes\Hooks\WCGeneral.php:22

filtersuperstore_admin_localize_global_dataincludes\Localize\AdminDashboard\Controller.php:18

filtersuperstore_admin_localize_dataincludes\Localize\AdminDashboard\GetPro.php:14

filtersuperstore_admin_localize_dataincludes\Localize\AdminDashboard\Home.php:14

filtersuperstore_admin_localize_dataincludes\Localize\AdminDashboard\Payment.php:14

filtersuperstore_admin_localize_dataincludes\Localize\AdminDashboard\Seller.php:14

filtersuperstore_admin_localize_dataincludes\Localize\AdminDashboard\Settings.php:14

filtersuperstore_admin_localize_dataincludes\Localize\AdminDashboard\SetupWizard.php:14

filtersuperstore_frontend_localize_global_dataincludes\Localize\SellerDashboard\Controller.php:18

filtersuperstore_frontend_localize_dataincludes\Localize\SellerDashboard\Home.php:14

filtersuperstore_frontend_localize_dataincludes\Localize\SellerDashboard\Media.php:14

filtersuperstore_frontend_localize_dataincludes\Localize\SellerDashboard\Order.php:14

filtersuperstore_frontend_localize_dataincludes\Localize\SellerDashboard\Payment.php:14

filtersuperstore_frontend_localize_dataincludes\Localize\SellerDashboard\Product.php:14

filtersuperstore_frontend_localize_dataincludes\Localize\SellerDashboard\Settings.php:14

filtersuperstore_frontend_localize_dataincludes\Localize\SellerDashboard\SetupWizard.php:14

filtersuperstore_frontend_localize_dataincludes\Localize\SellerLogin.php:14

filtersuperstore_frontend_localize_dataincludes\Localize\Stores.php:14

actionadmin_menuincludes\Menus.php:14

actionwp_before_admin_bar_renderincludes\Menus.php:15

actionadmin_bar_menuincludes\Menus.php:16

filterposts_clausesincludes\Product.php:260

actionrest_api_initincludes\RESTAPI\Controller.php:39

filterwoocommerce_new_order_dataincludes\RESTAPI\Order.php:48

filterwoocommerce_rest_pre_insert_shop_order_objectincludes\RESTAPI\Order.php:49

actionwoocommerce_rest_insert_shop_order_objectincludes\RESTAPI\Order.php:50

filtercomments_clausesincludes\RESTAPI\Order.php:446

filterpage_templateincludes\Superstore.php:126

actionwoocommerce_loadedincludes\Superstore.php:127

actionadmin_noticesincludes\Superstore.php:128

actionwidgets_initincludes\Superstore.php:129

filterplugin_row_metaincludes\Superstore.php:197

actionin_plugin_update_message-superstore/superstore.phpincludes\Superstore.php:198

actioninitincludes\Superstore.php:199

Maintenance & Trust

Superstore Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8

Last updatedJan 2, 2024

PHP min version7.0

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Superstore Alternatives

Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy

dokan-lite

Transform your WooCommerce site into a multivendor marketplace with Dokan – an AI powered & advanced WooCommerce marketplace solution

40K 7 CVEs

WCFM Marketplace – Multivendor Marketplace for WooCommerce

wc-multivendor-marketplace

The most featured and powerful multi vendor plugin for WordPress, setup fantastic woocommerce marketplace store in minutes.

20K 1 unpatched

WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible

wc-frontend-manager

Vendor frontend store/shop manager for WC Marketplace, WC Vendors, WC Product Vendors & Dokan with Bookings, Listings & Subscriptions compatib …

20K 8 CVEs

WCFM Membership – WooCommerce Memberships for Multivendor Marketplace

wc-multivendor-membership

A simple woocommerce memberships plugin for offering free and premium subscription for your multi-vendor marketplace - WCFM Marketplace, WC Vendors &a …

10K 5 CVEs

WC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors

wc-vendors

The original WooCommerce multi-vendor plugin. Easily create a WooCommerce marketplace with multi-seller, product vendor stores & vendor commissions.

4K 4 CVEs

Developer Profile

Superstore Developer Profile

Binarithm

1 plugin · 0 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Superstore

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/superstore/assets/css/chunks//wp-content/plugins/superstore/assets/css//wp-content/plugins/superstore/assets/js/chunks//wp-content/plugins/superstore/assets/js/

Script Paths

/wp-content/plugins/superstore/assets/js/chunks//wp-content/plugins/superstore/assets/js/

Version Parameters

superstore/assets/css/superstore/assets/js/superstore/assets/css/chunks/superstore/assets/js/chunks/

HTML / DOM Fingerprints

JS Globals

window.superstorevar superstore

REST Endpoints

superstore/v1

FAQ