Addonify – Compare Products For WooCommerce Security & Risk Analysis

The addonify-compare-products plugin version 1.1.18 exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices by utilizing prepared statements for all SQL queries, performing output escaping on a high percentage of outputs, and not employing dangerous functions or performing file operations. The absence of critical or high-severity taint flows is also reassuring. However, several areas warrant concern. The presence of two AJAX handlers without proper authorization checks represents a significant attack vector, potentially allowing unauthenticated users to trigger sensitive actions. While the plugin has a history of vulnerabilities, notably a medium severity one related to missing authorization in the past, the fact that there are no currently unpatched CVEs is a positive sign. The vulnerability history, however, suggests a recurring pattern of authorization issues which, even if addressed in the past, could indicate a need for continued vigilance in this area. The plugin also has a moderate attack surface with 10 entry points, two of which are unprotected.