WP-Safety

Products Compare for WooCommerce Security & Risk Analysis

wordpress.org/plugins/products-compare-for-woocommerce

Allow your users to compare products of your shop by attributes and price.

1K active installs v3.6.2.5 PHP 7.0+ WP 5.0+ Updated Apr 15, 2026
comparecomparisonproduct-comparisontablewoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Products Compare for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Products Compare for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "products-compare-for-woocommerce" plugin version 3.6.2.3 presents a mixed security posture. While it has no recorded past vulnerabilities, indicating a potentially stable history, the static analysis reveals several areas for concern. A significant number of AJAX handlers lack proper authentication checks, opening potential attack vectors. Additionally, the plugin uses a dangerous `unserialize` function, which can be a gateway to remote code execution if improperly handled. The static analysis also flags an absence of prepared statements for all SQL queries, increasing the risk of SQL injection vulnerabilities. Furthermore, a substantial portion of output escaping is not properly implemented, leading to potential cross-site scripting (XSS) vulnerabilities. The absence of bundled libraries is a positive sign, as it avoids risks associated with outdated or vulnerable third-party code. Overall, the plugin has a moderate risk profile, with the lack of authentication on AJAX handlers and the use of `unserialize` being the most pressing concerns.

Key Concerns

  • Unprotected AJAX handlers
  • Use of unserialize function
  • Raw SQL queries without prepared statements
  • Low percentage of properly escaped output
  • Unsanitized paths in taint analysis
Vulnerabilities
None known

Products Compare for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Products Compare for WooCommerce Release Timeline

v3.6.2.5Current
v3.6.2.4
v3.6.2.3
v3.6.2.2
v3.6.2.1
v3.6.2
v3.6.1
v3.6.0
v3.5.9
v3.5.8
v3.5.7.9
v3.5.7.8
v3.5.7.7
v3.5.7.6
v3.5.7.5
v3.5.7.4
v3.5.7.3
v3.5.7.2
v3.5.7.1
v3.5.7
Code Analysis
Analyzed Mar 16, 2026

Products Compare for WooCommerce Code Analysis

Dangerous Functions
1
Raw SQL Queries
2
0 prepared
Unescaped Output
344
108 escaped
Nonce Checks
14
Capability Checks
26
File Operations
4
External Requests
5
Bundled Libraries
0

Dangerous Functions Found

unserialize$error_log = unserialize(preg_replace('/R:\d+/', 's:18:"RECURSION DETECTED"', serialize(self::$errorberocket\includes\updater.php:128

SQL Query Safety

0% prepared2 total queries

Output Escaping

24% escaped452 total outputs
Data Flows · Security
3 unsanitized

Data Flow Analysis

11 flows3 with unsanitized paths
shortcode (main.php:442)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

Products Compare for WooCommerce Attack Surface

Entry Points22
Unprotected4

AJAX Handlers 19

authwp_ajax_brfr_get_export_settingsberocket\includes\admin\import_export.php:5
authwp_ajax_brfr_set_import_settingsberocket\includes\admin\import_export.php:6
authwp_ajax_brfr_get_import_backupsberocket\includes\admin\import_export.php:7
authwp_ajax_brfr_restore_import_backupsberocket\includes\admin\import_export.php:8
authwp_ajax_berocket_admin_close_noticeberocket\includes\admin_notices.php:1199
authwp_ajax_berocket_subscribe_emailberocket\includes\admin_notices.php:1200
authwp_ajax_berocket_rate_stars_closeberocket\includes\admin_notices.php:1208
authwp_ajax_berocket_feature_request_sendberocket\includes\admin_notices.php:1209
authwp_ajax_berocket_error_notices_getberocket\includes\error_notices.php:5
authwp_ajax_berocket_information_close_noticeberocket\includes\information_notices.php:198
authwp_ajax_br_test_keyberocket\includes\updater.php:46
authwp_ajax_br_test_keysberocket\includes\updater.php:47
authwp_ajax_brcompare_compare_tabledivi\includes\CompareExtension.php:12
authwp_ajax_brcompare_compare_buttondivi\includes\CompareExtension.php:13
authwp_ajax_brcompare_compare_widgetdivi\includes\CompareExtension.php:14
authwp_ajax_br_get_compare_productsmain.php:216
noprivwp_ajax_br_get_compare_productsmain.php:217
authwp_ajax_br_get_compare_listmain.php:218
noprivwp_ajax_br_get_compare_listmain.php:219

Shortcodes 3

[br_compare_table] main.php:221
[br_compare_text] main.php:222
[br_compare_button] main.php:223
WordPress Hooks 99
filterplugins_listberocket\framework.php:84
filterBeRocket_updater_add_pluginberocket\framework.php:105
filterberocket_admin_notices_rate_stars_pluginsberocket\framework.php:106
actioninitberocket\framework.php:107
actioninitberocket\framework.php:110
actionwp_headberocket\framework.php:111
actionwp_footerberocket\framework.php:112
actionadmin_initberocket\framework.php:113
actionadmin_menuberocket\framework.php:114
actionadmin_enqueue_scriptsberocket\framework.php:115
actionberocket_enqueue_mediaberocket\framework.php:116
filterplugin_row_metaberocket\framework.php:122
filteris_berocket_settings_pageberocket\framework.php:123
actionplugins_loadedberocket\framework.php:128
actionsanitize_comment_cookiesberocket\framework.php:129
actioninstall_plugins_pre_plugin-informationberocket\framework.php:130
filterberocket_admin_notices_subscribe_pluginsberocket\framework.php:132
filterBeRocket_admin_init_user_capabilitiesberocket\framework.php:135
filterberocket_sanitize_array_predefineberocket\framework.php:136
filterberocket_sanitize_array_ksesberocket\framework.php:137
filterberocket_sanitize_array_ksesberocket\framework.php:140
actionbefore_woocommerce_initberocket\framework.php:150
filterloop_shop_per_pageberocket\framework.php:391
actionupgrader_process_completeberocket\framework.php:499
actionadmin_footerberocket\framework.php:1158
actionwp_footerberocket\framework.php:1159
actionadmin_initberocket\framework.php:1273
actionadmin_bar_menuberocket\includes\admin\admin_bar.php:8
actionwp_footerberocket\includes\admin\admin_bar.php:9
filterberocket_admin_bar_plugins_databerocket\includes\admin\admin_bar.php:149
actionBeRocket_framework_updater_account_form_afterberocket\includes\admin\import_export.php:4
filterberocket_admin_notice_is_display_noticeberocket\includes\admin_notices.php:75
filterberocket_admin_notice_is_display_notice_priorityberocket\includes\admin_notices.php:76
actionadmin_noticesberocket\includes\admin_notices.php:1198
actionadmin_noticesberocket\includes\admin_notices.php:1207
actionberocket_rate_plugin_windowberocket\includes\admin_notices.php:1210
actionberocket_related_plugins_windowberocket\includes\admin_notices.php:1211
actionberocket_above_admin_settingsberocket\includes\admin_notices.php:1212
actionberocket_feature_request_windowberocket\includes\admin_notices.php:1213
actionadmin_footerberocket\includes\admin_notices.php:1285
actionadmin_footerberocket\includes\admin_notices.php:1493
actionadmin_footerberocket\includes\admin_notices.php:1922
actionadmin_footerberocket\includes\admin_notices.php:2079
actioninitberocket\includes\custom_post\enable_disable.php:9
actionadmin_initberocket\includes\custom_post\enable_disable.php:10
actionpost_action_enableberocket\includes\custom_post\enable_disable.php:13
actionpost_action_disableberocket\includes\custom_post\enable_disable.php:14
filterpost_classberocket\includes\custom_post\enable_disable.php:16
filterpre_get_postsberocket\includes\custom_post\enable_disable.php:18
actionpre_get_postsberocket\includes\custom_post\sortable.php:22
actionin_admin_footerberocket\includes\custom_post\sortable.php:117
actioninitberocket\includes\custom_post.php:58
filterinitberocket\includes\custom_post.php:59
filteradmin_initberocket\includes\custom_post.php:60
filterwp_insert_post_databerocket\includes\custom_post.php:61
filterBeRocket_admin_init_user_capabilitiesberocket\includes\custom_post.php:71
actionadd_meta_boxesberocket\includes\custom_post.php:128
actionsave_postberocket\includes\custom_post.php:129
filterpost_row_actionsberocket\includes\custom_post.php:130
filterlist_table_primary_columnberocket\includes\custom_post.php:131
actionadmin_enqueue_scriptsberocket\includes\custom_post.php:133
filteris_berocket_settings_pageberocket\includes\custom_post.php:135
actionadmin_footerberocket\includes\custom_post.php:162
actionadmin_noticesberocket\includes\information_notices.php:197
actionadmin_initberocket\includes\updater.php:18
filterwoocommerce_addons_sectionsberocket\includes\updater.php:27
filteris_berocket_settings_pageberocket\includes\updater.php:28
actionadmin_footerberocket\includes\updater.php:30
actionadmin_headberocket\includes\updater.php:39
actionadmin_menuberocket\includes\updater.php:40
actionadmin_menuberocket\includes\updater.php:41
actionnetwork_admin_menuberocket\includes\updater.php:42
actionadmin_initberocket\includes\updater.php:43
filterpre_set_site_transient_update_pluginsberocket\includes\updater.php:44
filterplugins_api_resultberocket\includes\updater.php:45
filterhttp_request_host_is_externalberocket\includes\updater.php:48
actionadmin_footerberocket\includes\updater.php:51
actionwp_footerberocket\includes\updater.php:52
filterberocket_display_additional_noticesberocket\includes\updater.php:92
filtercustom_menu_orderberocket\includes\updater.php:98
filterberocket_admin_notice_is_display_noticeberocket\includes\updater.php:102
filterberocket_admin_notice_is_display_notice_priorityberocket\includes\updater.php:103
filterplugins_api_resultberocket\includes\updater.php:109
actioninitberocket\includes\updater.php:1413
actionadmin_enqueue_scriptsberocket\sale\sale.php:4
filterbr_product_preview_positions_elementsincludes\compatibility\product_preview.php:4
actionbr_build_preview_berocket_compareincludes\compatibility\product_preview.php:5
actionberocket_add_compare_actionsmain.php:211
actionberocket_remove_compare_actionsmain.php:212
actionwidgets_initmain.php:213
filterberocket_compare_acf_product_fieldmain.php:214
filterberocket_compare_acf_product_field_heightmain.php:215
actionbr_compare_button_optionsmain.php:220
filterthe_contentmain.php:225
filterBeRocket_popup_open_page_elementsmain.php:230
actiondivi_extensions_initmain.php:237
filterberocket_display_additional_noticesmain.php:240
actionwp_enqueue_scriptsmain.php:338
filterthe_contentmain.php:536
Maintenance & Trust

Products Compare for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 15, 2026
PHP min version7.0
Downloads53K

Community Trust

Rating86/100
Number of ratings18
Active installs1K
Alternatives

Products Compare for WooCommerce Alternatives

Products Comparison for WooCommerce

Products Comparison for WooCommerce

pb-products-comparison-for-woocommerce

A
100

A simple, lightweight plugin to let your customers compare multiple WooCommerce products side by side with a modern, responsive design.

0 No CVEs
YITH WooCommerce Compare

YITH WooCommerce Compare

yith-woocommerce-compare

A
93

YITH WooCommerce Compare allows you to compare more products of your shop in one complete table. WooCommerce Compatible up to 10.7

100K 4 CVEs
Product Compare for WooCommerce

Product Compare for WooCommerce

th-product-compare

A
100

Add an easy and powerful product compare feature to your WooCommerce store. Let customers do product comparison by price, features, and attributes.

3K No CVEs
Ever Compare – Products Compare Plugin for WooCommerce

Ever Compare – Products Compare Plugin for WooCommerce

ever-compare

A
100

Ever Compare is a WordPress plugin for product compare, is a powerful tool that helps you to enable compare button for WooCommerce product.

700 1 CVE
Products Compare

Products Compare

products-compare

A
92

Effortlessly compare products in your WooCommerce store to find the best fit for your customers' needs.

10 No CVEs
Developer Profile

Products Compare for WooCommerce Developer Profile

BeRocket

23 plugins · 139K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
384 days
View full developer profile
Detection Fingerprints

How We Detect Products Compare for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/products-compare-for-woocommerce/css/products-compare-style.css/wp-content/plugins/products-compare-for-woocommerce/js/products-compare-script.js
Script Paths
/wp-content/plugins/products-compare-for-woocommerce/js/products-compare-script.js
Version Parameters
products-compare-for-woocommerce/css/products-compare-style.css?ver=products-compare-for-woocommerce/js/products-compare-script.js?ver=

HTML / DOM Fingerprints

CSS Classes
berocket_compare_add_to_compareberocket-compare-products-tableberocket-compare-products-wrapbr_compare_id_
Data Attributes
data-br-compare-iddata-br-compare-add
JS Globals
products_compare_data
REST Endpoints
/wp-json/products-compare-for-woocommerce/v1/add/wp-json/products-compare-for-woocommerce/v1/remove/wp-json/products-compare-for-woocommerce/v1/update
Shortcode Output
[products_compare]
FAQ

Frequently Asked Questions about Products Compare for WooCommerce