Does Datafeedr Comparison Sets have any unpatched vulnerabilities?

No. All known vulnerabilities in Datafeedr Comparison Sets have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Datafeedr Comparison Sets compatible with WordPress 6.6.5?

According to WordPress.org data, Datafeedr Comparison Sets 0.9.71 has been tested up to WordPress 6.6.5. Check the plugin's changelog for the latest compatibility information.

Is Datafeedr Comparison Sets compatible with PHP 7.4+?

Datafeedr Comparison Sets requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Datafeedr Comparison Sets updated?

Datafeedr Comparison Sets was last updated on Jul 5, 2024. Frequent updates are generally a positive security signal.

What is Datafeedr Comparison Sets's security score?

Datafeedr Comparison Sets has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Datafeedr Comparison Sets Security & Risk Analysis

wordpress.org/plugins/datafeedr-comparison-sets

Automatically create price comparison sets for your WooCommerce products or by using a shortcode.

3K active installs v0.9.71 PHP 7.4+ WP 3.8+ Updated Jul 5, 2024

comparisoncomparison-setsprice-compareprice-comparisonprice-comparison-set

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Datafeedr Comparison Sets Safe to Use in 2026?

Generally Safe

Score 92/100

Datafeedr Comparison Sets has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The 'datafeedr-comparison-sets' v0.9.71 plugin exhibits a mixed security posture. On the positive side, it has a clean vulnerability history with no known CVEs, indicating good past security practices. The presence of nonce and capability checks on its entry points is also a positive sign. However, the static analysis reveals significant areas of concern. The plugin utilizes dangerous functions like 'unserialize' which is a known attack vector if the serialized data originates from an untrusted source. Furthermore, a substantial portion of the output is not properly escaped, increasing the risk of cross-site scripting (XSS) vulnerabilities. The taint analysis shows a high number of flows with unsanitized paths, including six designated as high severity. These unsanitized flows, combined with the use of 'unserialize' and potential for XSS, represent the most immediate risks. The lack of file operations and external HTTP requests are mitigating factors, but the identified code signals and taint analysis warrant careful consideration.

Key Concerns

High severity unsanitized taint flows
Dangerous unserialize function used
Low percentage of properly escaped output
SQL queries not fully using prepared statements

Vulnerabilities

None known

Datafeedr Comparison Sets Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Datafeedr Comparison Sets Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

174

77 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$this->removed = unserialize( $this->cached['removed'] );classes\class-dfrcs.php:72

unserialize$this->added = unserialize( $this->cached['added'] );classes\class-dfrcs.php:73

unserialize$this->products = unserialize( $this->cached['products'] );classes\class-dfrcs.php:80

unserialize$this->log = unserialize( $this->cached['log'] );classes\class-dfrcs.php:82

unserialize$last_query = unserialize( $compset['last_query'] );includes\actions.php:1090

unserialize$request_source = unserialize( $request_source, [ 'allowed_classes' => false, 'max_depth' => 1 ] );includes\actions.php:1241

unserialize$source = unserialize( $source, [ 'allowed_classes' => false, 'max_depth' => 1 ] );includes\actions.php:1299

unserialize$removed = unserialize( $compset['removed'] );includes\actions.php:1389

unserialize$added = unserialize( $compset['added'] );includes\actions.php:1395

unserialize$removed = unserialize( $compset['removed'] );includes\actions.php:1469

unserialize$added = unserialize( $compset['added'] );includes\actions.php:1475

unserialize$added = unserialize( $compset['added'] );includes\actions.php:1549

unserialize$removed = ( ! empty( $compset['removed'] ) ) ? unserialize( $compset['removed'] ) : array();includes\actions.php:1666

unserialize$included = dfrcs_extract_all_product_ids_from_products_array( unserialize( $compset['products'] ) )includes\functions.php:853

unserialize$removed = unserialize( $compset['removed'] );includes\functions.php:854

unserialize$added = unserialize( $compset['added'] );includes\functions.php:855

SQL Query Safety

40% prepared5 total queries

Output Escaping

31% escaped251 total outputs

Data Flows

6 unsanitized

Data Flow Analysis

8 flows6 with unsanitized paths

dfrcs_output_compset_ajax (includes\actions.php:1233)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Datafeedr Comparison Sets Attack Surface

Entry Points9

Unprotected0

AJAX Handlers 7

authwp_ajax_dfrcs_output_compset_ajaxincludes\actions.php:1231

noprivwp_ajax_dfrcs_output_compset_ajaxincludes\actions.php:1232

authwp_ajax_dfrcs_refresh_compset_ajaxincludes\actions.php:1279

authwp_ajax_dfrcs_remove_productincludes\actions.php:1356

authwp_ajax_dfrcs_restore_productincludes\actions.php:1436

authwp_ajax_dfrcs_add_productincludes\actions.php:1518

authwp_ajax_dfrcs_ajax_get_productsincludes\actions.php:1649

Shortcodes 2

[dfrcs] includes\actions.php:1597

[dfrcs_wc] includes\actions.php:1617

WordPress Hooks 18

filterdfrapi_api_optionsclasses\class-dfrcs.php:898

filterdfrapi_api_optionsclasses\class-dfrcs.php:907

actionbefore_woocommerce_initdatafeedr-comparison-sets.php:92

actionadmin_noticesincludes\actions.php:40

actionadmin_menuincludes\actions.php:45

actionadmin_initincludes\actions.php:69

actionadmin_headincludes\actions.php:1125

actioninitincludes\actions.php:1160

actionadmin_enqueue_scriptsincludes\actions.php:1173

actionwp_enqueue_scriptsincludes\actions.php:1197

actionwp_headincludes\actions.php:1622

actionwp_loadedincludes\actions.php:1706

filterdebug_informationincludes\filters.php:16

filterplugin_row_metaincludes\filters.php:273

filterdfrcs_display_promoincludes\filters.php:287

filterdfrcs_promoincludes\filters.php:365

actionmycode_single_contentincludes\functions.php:16

actionwoocommerce_after_single_product_summaryintegrations\woocommerce.php:12

Maintenance & Trust

Datafeedr Comparison Sets Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5

Last updatedJul 5, 2024

PHP min version7.4

Downloads98K

Community Trust

Rating100/100

Number of ratings10

Active installs3K

Alternatives

Datafeedr Comparison Sets Alternatives

Content Egg – Affiliate Product Importer & Price Comparison

content-egg

Import affiliate products, compare prices, sync to WooCommerce, and auto-generate SEO content with AI — all in one toolkit.

10K 3 CVEs

Pricing Table WordPress Plugin – Easy Pricing Tables

easy-pricing-tables

Pricing Table Plugin - Easy Pricing Tables Lets You Create A Beautiful, Responsive Pricing Table In 2 Minutes. No Coding Required.

10K 6 CVEs

ShoppingFeeder

shoppingfeeder

100

Seamlessly allows you to integrate your WooCommerce store with ShoppingFeeder and send to Google Shopping and Facebook Ads.

300 No CVEs

Competitor Price Comparison

competitor-price-comparison

100

Scrapes competitor websites, maps items, compares offerings, and adjusts pricing based on rules.

20 No CVEs

Convertiser Widgets

convertiser-widgets

Simplifies Convertiser widgets integration into your website.

10 No CVEs

Developer Profile

Datafeedr Comparison Sets Developer Profile

datafeedr

6 plugins · 23K total installs

trust score

Avg Security Score

93/100

Avg Patch Time

70 days

View full developer profile

Detection Fingerprints

How We Detect Datafeedr Comparison Sets

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/datafeedr-comparison-sets/css/dfrcs-admin.css/wp-content/plugins/datafeedr-comparison-sets/css/dfrcs-public.css/wp-content/plugins/datafeedr-comparison-sets/js/dfrcs-admin.js/wp-content/plugins/datafeedr-comparison-sets/js/dfrcs-public.js

Script Paths

/wp-content/plugins/datafeedr-comparison-sets/js/dfrcs-admin.js/wp-content/plugins/datafeedr-comparison-sets/js/dfrcs-public.js

Version Parameters

datafeedr-comparison-sets/css/dfrcs-admin.css?ver=datafeedr-comparison-sets/css/dfrcs-public.css?ver=datafeedr-comparison-sets/js/dfrcs-admin.js?ver=datafeedr-comparison-sets/js/dfrcs-public.js?ver=

HTML / DOM Fingerprints

CSS Classes

dfrcs-comparison-setdfrcs-product-rowdfrcs-product-titledfrcs-product-pricedfrcs-product-button

Data Attributes

data-dfrcs-id

JS Globals

dfrcs_ajax_object

Shortcode Output

[dfrcs_comparison_set]

FAQ