Does Loan Comparison have any unpatched vulnerabilities?

No. All known vulnerabilities in Loan Comparison have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Loan Comparison compatible with WordPress 6.9.4?

According to WordPress.org data, Loan Comparison 2.0.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Loan Comparison updated?

Loan Comparison was last updated on Dec 23, 2025. Frequent updates are generally a positive security signal.

What is Loan Comparison's security score?

Loan Comparison has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Loan Comparison Security & Risk Analysis

wordpress.org/plugins/loan-comparison

A simple way to compare loans from banks and other providers. Uses sliders to set the amount and term and display the number of matching banks.

400 active installs v2.0.2 PHP + WP 6.0+ Updated Dec 23, 2025

bankscomparisonloansrepayments

A · Safe

CVEs total3

Unpatched0

Last CVEDec 23, 2024

Plugin page Download

Safety Verdict

Is Loan Comparison Safe to Use in 2026?

Generally Safe

Score 98/100

Loan Comparison has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Dec 23, 2024Updated 3mo ago

Risk Assessment

The "loan-comparison" plugin v2.0.2 exhibits a generally positive security posture with several strengths. The absence of dangerous functions, 100% use of prepared statements for SQL queries, and a high percentage of properly escaped output are commendable. The presence of numerous nonce and capability checks indicates a good understanding of WordPress security best practices. The plugin's attack surface appears well-managed, with all identified entry points having checks, although the limited number of entry points analyzed might warrant further investigation if the plugin were larger or more complex.

Despite these strengths, there are areas for concern. The taint analysis reveals two flows with unsanitized paths, which, while not classified as critical or high severity, represent potential avenues for vulnerabilities if exploited. The vulnerability history is a significant red flag; the plugin has a history of three medium-severity Cross-Site Scripting (XSS) vulnerabilities, even though none are currently unpatched. This pattern suggests a recurring issue with input sanitization or output encoding related to web page generation, which could resurface if not thoroughly addressed.

In conclusion, "loan-comparison" v2.0.2 benefits from robust coding practices in areas like SQL and output handling. However, the persistent history of XSS vulnerabilities and the presence of unsanitized paths in the taint analysis indicate potential weaknesses that require careful monitoring and proactive mitigation. The plugin is not inherently insecure, but the historical context warrants a cautious approach.

Key Concerns

Flows with unsanitized paths found
History of medium severity XSS vulnerabilities

Vulnerabilities

Loan Comparison Security Vulnerabilities

CVEs by Year

2 CVEs in 2023

2023

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

3 total CVEs

CVE-2024-12814medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Loan Comparison <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 23, 2024 Patched in 2.0.1 (1d)

CVE-2023-0442medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Loan Comparison <= 1.5.1 - Reflected Cross-Site Scripting

Jan 25, 2023 Patched in 1.5.3 (363d)

CVE-2023-0366medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Loan Comparison <= 1.5.2 - Authenticated (Contributor+) Cross-Site Scripting via Shortcode

Jan 25, 2023 Patched in 1.5.3 (363d)

Version History

Loan Comparison Release Timeline

v2.0.2Current

v2.0.1

v2.01 CVE

v1.6.21 CVE

v1.6.11 CVE

v1.61 CVE

v1.5.31 CVE

v1.5.23 CVEs

CVE-2023-0442 CVE-2023-0366 CVE-2024-12814

v1.5.13 CVEs

CVE-2023-0442 CVE-2023-0366 CVE-2024-12814

v1.53 CVEs

CVE-2023-0442 CVE-2023-0366 CVE-2024-12814

v1.4.13 CVEs

CVE-2023-0442 CVE-2023-0366 CVE-2024-12814

v1.43 CVEs

CVE-2023-0442 CVE-2023-0366 CVE-2024-12814

v1.33 CVEs

CVE-2023-0442 CVE-2023-0366 CVE-2024-12814

v1.23 CVEs

CVE-2023-0442 CVE-2023-0366 CVE-2024-12814

v1.13 CVEs

CVE-2023-0442 CVE-2023-0366 CVE-2024-12814

v1.03 CVEs

CVE-2023-0442 CVE-2023-0366 CVE-2024-12814

v0.83 CVEs

CVE-2023-0442 CVE-2023-0366 CVE-2024-12814

v0.73 CVEs

CVE-2023-0442 CVE-2023-0366 CVE-2024-12814

v0.63 CVEs

CVE-2023-0442 CVE-2023-0366 CVE-2024-12814

v0.53 CVEs

CVE-2023-0442 CVE-2023-0366 CVE-2024-12814

Code Analysis

Analyzed Mar 16, 2026

Loan Comparison Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

41 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

91% escaped45 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths

loancomparison_settings (settings.php:238)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Loan Comparison Attack Surface

Entry Points2

Unprotected0

Shortcodes 2

[loancomparison] loancomparison.php:16

[loancomparisontable] loancomparison.php:17

WordPress Hooks 8

actionwp_enqueue_scriptsloancomparison.php:18

filterplugin_action_linksloancomparison.php:19

actioninitloancomparison.php:20

actionwp_headloancomparison.php:21

actioninitloancomparison.php:22

actionadmin_menusettings.php:2050

actionadmin_noticessettings.php:2051

actionadmin_enqueue_scriptssettings.php:2052

Maintenance & Trust

Loan Comparison Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 23, 2025

PHP min version

Downloads13K

Community Trust

Rating100/100

Number of ratings3

Active installs400

Alternatives

Loan Comparison Alternatives

YITH WooCommerce Compare

yith-woocommerce-compare

YITH WooCommerce Compare allows you to compare more products of your shop in one complete table. WooCommerce Compatible up to 10.7

100K 3 CVEs

WPC Smart Compare for WooCommerce

woo-smart-compare

It helps customers compare products with mighty AJAX, doesn't require opening a new page or iframe, and allows drag-and-drop functionality.

80K 2 CVEs

Twenty20 Image Before-After

twenty20

Professional before & after image comparison slider for WordPress. Create engaging visual comparisons with an intuitive drag & drop interface.

20K 1 CVE

Before After Image Comparison Slider for Elementor

before-after-image-comparison-slider-for-elementor

100

Before After Image Comparison Slider for Elementor is an image comparison slider plugin for Elementor Page Builder. This plugin allows you to create t …

10K No CVEs

Content Egg – Affiliate Product Importer & Price Comparison

content-egg

Import affiliate products, compare prices, sync to WooCommerce, and auto-generate SEO content with AI — all in one toolkit.

10K 3 CVEs

Developer Profile

Loan Comparison Developer Profile

Graham

5 plugins · 2K total installs

trust score

Avg Security Score

88/100

Avg Patch Time

154 days

View full developer profile

Detection Fingerprints

How We Detect Loan Comparison

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/loan-comparison/premium.js/wp-content/plugins/loan-comparison/free.js/wp-content/plugins/loan-comparison/loancomparison.css

Version Parameters

loan-comparison/loancomparison.css?ver=loan-comparison/premium.js?ver=loan-comparison/free.js?ver=

HTML / DOM Fingerprints

CSS Classes

loancomparison_loan_amountloancomparison_loan_periodloancomparison_loan_interestloancomparison_loan_featuresloancomparison_loan_features_listloancomparison_loan_features_itemloancomparison_loan_bank_detailsloancomparison_loan_bank_header+16 more

HTML Comments

Data Attributes

data-loancomparison-tabledata-loancomparison-sliderdata-loancomparison-filterdata-loancomparison-filtersdata-loancomparison-ratingdata-loancomparison-sorting+8 more

JS Globals

loancomparison_settingsloancomparison_styleloancomparison_keyloancomparison_interestloancomparison_upgradeloancomparison_rates+1 more

REST Endpoints

/wp-json/loancomparison/v1/settings/wp-json/loancomparison/v1/style/wp-json/loancomparison/v1/key/wp-json/loancomparison/v1/interest/wp-json/loancomparison/v1/upgrade/wp-json/loancomparison/v1/rates

Shortcode Output

[loancomparison][loancomparisontable]

FAQ

Loan Comparison Security & Risk Analysis

Is Loan Comparison Safe to Use in 2026?

Generally Safe

Key Concerns

Loan Comparison Security Vulnerabilities

CVEs by Year

Severity Breakdown

Loan Comparison Release Timeline

Loan Comparison Code Analysis

Output Escaping

Data Flow Analysis

Loan Comparison Attack Surface

Shortcodes 2

Loan Comparison Maintenance & Trust

Maintenance Signals

Community Trust

Loan Comparison Alternatives

YITH WooCommerce Compare

WPC Smart Compare for WooCommerce

Twenty20 Image Before-After

Before After Image Comparison Slider for Elementor

Content Egg – Affiliate Product Importer & Price Comparison

Loan Comparison Developer Profile

How We Detect Loan Comparison

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Loan Comparison