WP-Safety

TP Products Compare for Woocommerce Security & Risk Analysis

wordpress.org/plugins/tp-products-compare-for-woocommerce

Add an option for your customers to make product comparisons.

0 active installs v1.0.0 PHP + WP 4.5+ Updated Mar 27, 2021
compareproduct-comparewoocommerce-comparewoocommerce-product-compare
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is TP Products Compare for Woocommerce Safe to Use in 2026?

Generally Safe

Score 85/100

TP Products Compare for Woocommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago
Risk Assessment

The "tp-products-compare-for-woocommerce" v1.0.0 plugin presents a significant security concern due to its large proportion of unprotected entry points. While the plugin demonstrates good practices by using prepared statements for all SQL queries and having no recorded vulnerabilities, the static analysis reveals critical weaknesses. Specifically, four out of five identified entry points (AJAX handlers) lack authentication checks, creating a substantial attack surface for unauthenticated users. Furthermore, the taint analysis indicates two flows with unsanitized paths, which, even without a critical or high severity rating in the current analysis, warrants attention as these can often lead to vulnerabilities if combined with unprotected entry points. The limited proper output escaping (18%) also poses a risk for potential cross-site scripting (XSS) vulnerabilities, especially when combined with unsanitized inputs from AJAX handlers.

While the absence of known CVEs and dangerous function usage is positive, the unprotected AJAX handlers and unsanitized paths are major red flags. The lack of nonce and capability checks on these handlers makes them prime targets for various attacks, including unauthorized actions or data manipulation. The plugin's overall security posture is weakened by these oversights, outweighing the strengths of its SQL query handling and clean vulnerability history. Addressing the unprotected AJAX endpoints and thoroughly sanitizing the identified unsanitized paths are paramount to improving the security of this plugin.

Key Concerns

  • Unprotected AJAX handlers
  • Flows with unsanitized paths
  • Low percentage of properly escaped output
  • Missing nonce checks on AJAX
  • Missing capability checks on AJAX
Vulnerabilities
None known

TP Products Compare for Woocommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

TP Products Compare for Woocommerce Release Timeline

v1.0.0Current
Code Analysis
Analyzed Mar 17, 2026

TP Products Compare for Woocommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
46
10 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

18% escaped56 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths
tp_compare_load_compare_table (public\class-tp-woocommerce-compare-public.php:224)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

TP Products Compare for Woocommerce Attack Surface

Entry Points5
Unprotected4

AJAX Handlers 4

authwp_ajax_tp_compare_item_removeincludes\class-tp-woocommerce-compare.php:204
noprivwp_ajax_tp_compare_item_removeincludes\class-tp-woocommerce-compare.php:205
authwp_ajax_tp_compare_load_compare_tableincludes\class-tp-woocommerce-compare.php:216
noprivwp_ajax_tp_compare_load_compare_tableincludes\class-tp-woocommerce-compare.php:217

Shortcodes 1

[tp_woocommerce_compare] public\class-tp-woocommerce-compare-public.php:54
WordPress Hooks 16
actionadmin_menuadmin\partials\tp-woocommerce-compare-admin-display.php:16
actionadmin_initadmin\partials\tp-woocommerce-compare-admin-display.php:22
actionplugins_loadedincludes\class-tp-woocommerce-compare.php:153
actionadmin_enqueue_scriptsincludes\class-tp-woocommerce-compare.php:168
actionadmin_enqueue_scriptsincludes\class-tp-woocommerce-compare.php:169
filterplugin_row_metaincludes\class-tp-woocommerce-compare.php:172
actionwp_enqueue_scriptsincludes\class-tp-woocommerce-compare.php:188
actionwp_enqueue_scriptsincludes\class-tp-woocommerce-compare.php:189
actioninitincludes\class-tp-woocommerce-compare.php:192
filterquery_varsincludes\class-tp-woocommerce-compare.php:193
actiontemplate_redirectincludes\class-tp-woocommerce-compare.php:194
actionwoocommerce_after_shop_loop_itemincludes\class-tp-woocommerce-compare.php:199
actiontpwpc_after_addtocartincludes\class-tp-woocommerce-compare.php:201
filtertpwpc_after_addtocartincludes\class-tp-woocommerce-compare.php:202
actionwp_footerincludes\class-tp-woocommerce-compare.php:212
actiontp_compare_view_footerincludes\class-tp-woocommerce-compare.php:214
Maintenance & Trust

TP Products Compare for Woocommerce Maintenance & Trust

Maintenance Signals

WordPress version tested5.7.0
Last updatedMar 27, 2021
PHP min version
Downloads983

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

TP Products Compare for Woocommerce Alternatives

YITH WooCommerce Compare

YITH WooCommerce Compare

yith-woocommerce-compare

A
93

YITH WooCommerce Compare allows you to compare more products of your shop in one complete table. WooCommerce Compatible up to 10.7

100K 4 CVEs
WCBoost – Products Compare

WCBoost – Products Compare

wcboost-products-compare

A
100

Enhance your WooCommerce store with WCBoost - Products Compare, enabling customers to easily compare products and make informed decisions.

30K No CVEs
Ever Compare – Products Compare Plugin for WooCommerce

Ever Compare – Products Compare Plugin for WooCommerce

ever-compare

A
100

Ever Compare is a WordPress plugin for product compare, is a powerful tool that helps you to enable compare button for WooCommerce product.

700 1 CVE
Advanced Custom Fields YITH WooCommerce Compare support

Advanced Custom Fields YITH WooCommerce Compare support

acf-yith-woocommerce-compare-support

A
85

Advanced Custom Fields YITH WooCommerce Compare support

100 No CVEs
Products Compare

Products Compare

products-compare

A
92

Effortlessly compare products in your WooCommerce store to find the best fit for your customers' needs.

10 No CVEs
Developer Profile

TP Products Compare for Woocommerce Developer Profile

Payment Plugins

76 plugins · 308K total installs

85
trust score
Avg Security Score
95/100
Avg Patch Time
84 days
View full developer profile
Detection Fingerprints

How We Detect TP Products Compare for Woocommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/tp-products-compare-for-woocommerce/admin/css/jquery.minicolors.css/wp-content/plugins/tp-products-compare-for-woocommerce/admin/css/tp-woocommerce-compare-admin.css/wp-content/plugins/tp-products-compare-for-woocommerce/admin/js/jquery.minicolors.min.js/wp-content/plugins/tp-products-compare-for-woocommerce/admin/js/tp-woocommerce-compare-admin.js
Script Paths
/wp-content/plugins/tp-products-compare-for-woocommerce/admin/js/jquery.minicolors.min.js/wp-content/plugins/tp-products-compare-for-woocommerce/admin/js/tp-woocommerce-compare-admin.js
Version Parameters
tp-woocommerce-compare-admin.css?ver=tp-woocommerce-compare-admin.js?ver=jquery.minicolors.min.js?ver=jquery.minicolors.css?ver=

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about TP Products Compare for Woocommerce