Does Ever Compare – Products Compare Plugin for WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in Ever Compare – Products Compare Plugin for WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Ever Compare – Products Compare Plugin for WooCommerce compatible with WordPress 6.9.4?

According to WordPress.org data, Ever Compare – Products Compare Plugin for WooCommerce 1.3.4 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Ever Compare – Products Compare Plugin for WooCommerce Security & Risk Analysis

wordpress.org/plugins/ever-compare

Ever Compare is a WordPress plugin for product compare, is a powerful tool that helps you to enable compare button for WooCommerce product.

700 active installs v1.3.4 PHP + WP 5.0+ Updated Dec 2, 2025

compare-buttoncompare-productsproduct-compareproduct-comparisonwoocommerce-compare

A · Safe

CVEs total1

Unpatched0

Last CVEFeb 28, 2023

Plugin page Download

Safety Verdict

Is Ever Compare – Products Compare Plugin for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Ever Compare – Products Compare Plugin for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Feb 28, 2023Updated 4mo ago

Risk Assessment

The 'ever-compare' plugin v1.3.5 exhibits a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for SQL queries, avoiding file operations and external HTTP requests, and not bundling any libraries. The absence of critical or high-severity vulnerabilities in its history, with the last reported vulnerability being a medium in February 2023, is also encouraging. However, concerns arise from the significant attack surface, particularly the presence of 8 AJAX handlers with 4 lacking authentication checks. This opens up potential avenues for unauthorized actions if these handlers are not properly secured at the application level.

The static analysis reveals a notable lack of proper authorization checks on a substantial portion of its AJAX endpoints, representing the most immediate risk. While no dangerous functions or SQL injection vulnerabilities were detected, and output escaping is generally well-implemented, the unprotected entry points are a critical weakness. The vulnerability history, while mostly clear, does indicate a past medium-severity issue, suggesting that while the developers have addressed vulnerabilities, vigilance is still required.

In conclusion, the plugin has strengths in its secure handling of database interactions and avoiding common risky behaviors. Nevertheless, the unsecured AJAX handlers present a clear and present danger that needs immediate attention. Addressing these unprotected entry points should be the priority to significantly improve the plugin's security posture.

Key Concerns

Unprotected AJAX handlers
Medium severity vulnerability in history

Vulnerabilities

Ever Compare – Products Compare Plugin for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2023-0505medium · 4.3Cross-Site Request Forgery (CSRF)

Ever Compare <= 1.2.3 - Cross-Site Request Forgery to Arbitrary Plugin Activation

Feb 28, 2023 Patched in 1.2.4 (329d)

Code Analysis

Analyzed Mar 16, 2026

Ever Compare – Products Compare Plugin for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

164 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

86% escaped190 total outputs

Attack Surface

4 unprotected

Ever Compare – Products Compare Plugin for WooCommerce Attack Surface

Entry Points11

Unprotected4

AJAX Handlers 8

authwp_ajax_ever_compare_add_to_compareincludes\classes\Ajax.php:31

noprivwp_ajax_ever_compare_add_to_compareincludes\classes\Ajax.php:32

authwp_ajax_ever_compare_remove_from_compareincludes\classes\Ajax.php:35

noprivwp_ajax_ever_compare_remove_from_compareincludes\classes\Ajax.php:36

authwp_ajax_ever_compare_get_nonceincludes\classes\Ajax.php:39

noprivwp_ajax_ever_compare_get_nonceincludes\classes\Ajax.php:40

authwp_ajax_ever_compare_get_tableincludes\classes\Ajax.php:43

noprivwp_ajax_ever_compare_get_tableincludes\classes\Ajax.php:44

Shortcodes 3

[evercompare_button] includes\classes\Frontend\Shortcode.php:29

[evercompare_table] includes\classes\Frontend\Shortcode.php:30

[evercompare_counter] includes\classes\Frontend\Shortcode.php:31

WordPress Hooks 29

actionplugins_loadedever-compare.php:53

actioninitever-compare.php:57

actionplugins_loadedever-compare.php:58

actionbefore_woocommerce_initever-compare.php:61

filterwoocommerce_get_image_size_ever-compare-imageever-compare.php:130

filterwp_speculation_rules_href_exclude_pathsever-compare.php:133

actionadmin_initincludes\classes\Admin\Admin_Fields.php:29

actionadmin_menuincludes\classes\Admin\Dashboard.php:49

actionadmin_menuincludes\classes\Admin\Dashboard.php:51

filterdisplay_post_statesincludes\classes\Admin\Dashboard.php:57

actioninitincludes\classes\Admin\Dashboard.php:63

actionadmin_enqueue_scriptsincludes\classes\Admin\Dashboard.php:143

actionadmin_noticesincludes\classes\Admin\Notices.php:24

actionadmin_menuincludes\classes\Admin\Recommended_Plugins.php:78

actionadmin_enqueue_scriptsincludes\classes\Admin\Recommended_Plugins.php:79

actionadmin_enqueue_scriptsincludes\classes\Admin\Settings_APi.php:23

actionwp_enqueue_scriptsincludes\classes\Assets.php:36

actionadmin_enqueue_scriptsincludes\classes\Assets.php:37

actioninitincludes\classes\Frontend\Manage_Compare.php:38

actionever_compare_before_tableincludes\classes\Frontend\Manage_Compare.php:39

actionever_compare_after_tableincludes\classes\Frontend\Manage_Compare.php:40

actionwoocommerce_after_shop_loop_itemincludes\classes\Frontend\Manage_Compare.php:69

actionwoocommerce_before_shop_loop_itemincludes\classes\Frontend\Manage_Compare.php:73

actionwoocommerce_after_shop_loop_itemincludes\classes\Frontend\Manage_Compare.php:85

actionwoocommerce_before_add_to_cart_buttonincludes\classes\Frontend\Manage_Compare.php:96

actionwoocommerce_product_thumbnailsincludes\classes\Frontend\Manage_Compare.php:100

actionwoocommerce_after_single_product_summaryincludes\classes\Frontend\Manage_Compare.php:104

actionwoocommerce_single_product_summaryincludes\classes\Frontend\Manage_Compare.php:116

actionwp_footerincludes\classes\Frontend\Manage_Compare.php:125

Maintenance & Trust

Ever Compare – Products Compare Plugin for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 2, 2025

PHP min version

Downloads30K

Community Trust

Rating90/100

Number of ratings4

Active installs700

Alternatives

Ever Compare – Products Compare Plugin for WooCommerce Alternatives

YITH WooCommerce Compare

yith-woocommerce-compare

YITH WooCommerce Compare allows you to compare more products of your shop in one complete table. WooCommerce Compatible up to 10.6

100K 3 CVEs

Products Compare

products-compare

100

Effortlessly compare products in your WooCommerce store to find the best fit for your customers' needs.

200 No CVEs

WCBoost – Products Compare

wcboost-products-compare

100

Enhance your WooCommerce store with WCBoost - Products Compare, enabling customers to easily compare products and make informed decisions.

30K No CVEs

ThemeHunk Product Compare for WooCommerce

th-product-compare

100

Add an easy and powerful product compare feature to your WooCommerce store. Let customers do product comparison by price, features, and attributes.

4K No CVEs

Addonify – Compare Products For WooCommerce

addonify-compare-products

Addonify Compare Products is a WooCommerce extension that allows website visitors to compare multiple products on your online store.

1K 1 CVE

Developer Profile

Ever Compare – Products Compare Plugin for WooCommerce Developer Profile

HT Plugins

23 plugins · 64K total installs

trust score

Avg Security Score

97/100

Avg Patch Time

124 days

View full developer profile

Detection Fingerprints

How We Detect Ever Compare – Products Compare Plugin for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/ever-compare/assets/css/frontend.css/wp-content/plugins/ever-compare/assets/js/frontend.js

Script Paths

/wp-content/plugins/ever-compare/assets/js/frontend.js

Version Parameters

ever-compare/assets/css/frontend.css?ver=ever-compare/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

ever-compare-wrapever-compare-buttoncompare-removehtcomparehtcompare-wraphtcompare-buttonhtcompare-compare-btnhtcompare-table

Data Attributes

data-product_iddata-compare_noncedata-add_to_compare_noncedata-remove_from_compare_noncedata-compare_idsdata-compare_page_id+2 more

JS Globals

everCompareever_compare_params

REST Endpoints

/wp-json/ever-compare/v1/add-product/wp-json/ever-compare/v1/remove-product/wp-json/ever-compare/v1/get-compare-products

Shortcode Output

[ever_compare_button][ever_compare_products][htcompare][htcompare_products]

FAQ