Does DITS Compare have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is DITS Compare compatible with WordPress 6.8.5?

According to WordPress.org data, DITS Compare 1.1.2 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is DITS Compare compatible with PHP 7.4+?

DITS Compare requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is DITS Compare updated?

DITS Compare was last updated on Nov 26, 2025. Frequent updates are generally a positive security signal.

What is DITS Compare's security score?

DITS Compare has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

DITS Compare Security & Risk Analysis

wordpress.org/plugins/dits-compare

Add a product comparison feature to your WooCommerce store with DITS Compare.

0 active installs v1.1.2 PHP 7.4+ WP 5.3+ Updated Nov 26, 2025

compareecommerceproduct-comparisonwoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is DITS Compare Safe to Use in 2026?

Generally Safe

Score 100/100

DITS Compare has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago

Risk Assessment

The "dits-compare" plugin v1.1.2 exhibits several positive security practices, including 100% proper output escaping and the absence of dangerous functions or file operations. All SQL queries are correctly implemented using prepared statements, and there are no external HTTP requests. This indicates a developer aware of basic secure coding principles. However, the plugin has two unprotected AJAX handlers, which represent a significant attack surface. The lack of nonce checks or capability checks on these entry points exposes them to potential Cross-Site Request Forgery (CSRF) attacks or unauthorized access to plugin functionalities by unauthenticated users. The plugin also has no recorded vulnerability history, which is a positive sign, but the current lack of protection on its AJAX endpoints is a critical concern that needs immediate attention. Despite its strengths in other areas, the unprotected AJAX handlers are a substantial weakness.

Key Concerns

AJAX handlers without auth checks
AJAX handlers without nonce checks
AJAX handlers without capability checks

Vulnerabilities

None known

DITS Compare Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

DITS Compare Release Timeline

v1.1.2Current

v1.1.1

v1.1.0

v1.0.2

Code Analysis

Analyzed Apr 16, 2026

DITS Compare Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

133 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped133 total outputs

Attack Surface

2 unprotected

DITS Compare Attack Surface

Entry Points4

Unprotected2

AJAX Handlers 2

authwp_ajax_dcaw_actionsrc/Modules/AbstractModule.php:32

noprivwp_ajax_dcaw_actionsrc/Modules/AbstractModule.php:33

Shortcodes 2

[dcaw_compare_table] src/Modules/Compare.php:43

[dcaw_compare_table_without_cat] src/Modules/Compare.php:44

WordPress Hooks 16

actionplugins_loadeddits-compare.php:28

actionadmin_noticessrc/Activator.php:25

actionadmin_initsrc/Activator.php:26

actionadmin_initsrc/Admin/AdminPage.php:116

actionadmin_menusrc/Admin/AdminPage.php:117

actionadd_optionsrc/Admin/AdminPage.php:119

actionupdate_optionsrc/Admin/AdminPage.php:120

actionadmin_enqueue_scriptssrc/Assets.php:25

actionwp_enqueue_scriptssrc/Assets.php:26

actionplugins_loadedsrc/I18n.php:24

actionadmin_initsrc/Modules/AbstractModule.php:31

actioninitsrc/Modules/AbstractModule.php:34

filterwoocommerce_loop_add_to_cart_linksrc/Modules/AbstractModule.php:50

actionwp_footersrc/Modules/Compare.php:46

actionwp_footersrc/Modules/CompareModal.php:41

actionrest_api_initsrc/Rest/RestApi.php:22

Maintenance & Trust

DITS Compare Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedNov 26, 2025

PHP min version7.4

Downloads479

Community Trust

Rating100/100

Number of ratings2

Active installs0

Alternatives

DITS Compare Alternatives

YITH WooCommerce Compare

yith-woocommerce-compare

YITH WooCommerce Compare allows you to compare more products of your shop in one complete table. WooCommerce Compatible up to 10.7

100K 4 CVEs

Product Compare for WooCommerce

th-product-compare

100

Add an easy and powerful product compare feature to your WooCommerce store. Let customers do product comparison by price, features, and attributes.

3K No CVEs

Products Compare for WooCommerce

products-compare-for-woocommerce

100

Allow your users to compare products of your shop by attributes and price.

1K No CVEs

Ever Compare – Products Compare Plugin for WooCommerce

ever-compare

100

Ever Compare is a WordPress plugin for product compare, is a powerful tool that helps you to enable compare button for WooCommerce product.

700 1 CVE

COMPE – WooCommerce Compare Products

compe-woo-compare-products

Make it easy for shoppers by letting them create versatile comparison tables, easily add products and factors in a comparison popup or dedicated page

50 1 CVE

Developer Profile

DITS Compare Developer Profile

Dits.Agency

7 plugins · 20 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect DITS Compare

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/dits-compare/assets/dist/admin.css/wp-content/plugins/dits-compare/assets/dist/main.css/wp-content/plugins/dits-compare/assets/dist/admin.js/wp-content/plugins/dits-compare/assets/dist/main.js

Script Paths

/wp-content/plugins/dits-compare/assets/dist/admin.js/wp-content/plugins/dits-compare/assets/dist/main.js

Version Parameters

/wp-content/plugins/dits-compare/assets/dist/admin.css?ver=/wp-content/plugins/dits-compare/assets/dist/main.css?ver=/wp-content/plugins/dits-compare/assets/dist/admin.js?ver=/wp-content/plugins/dits-compare/assets/dist/main.js?ver=

HTML / DOM Fingerprints

CSS Classes

js-dcaw-compare-countjs-dcaw-compare-btnjs-dcaw-compare-remove-btnjs-dcaw-attribute-collapsedcaw-comparedcaw-compare-countis-emptyis-active+2 more

Data Attributes

data-dcaw-compare

JS Globals

dcawGeneraldcawCompare

REST Endpoints

/wp-json/dits-compare

Shortcode Output

[dcaw_compare_table][dcaw_compare_table_without_cat]

FAQ