WP-Safety

WPC Smart Compare for WooCommerce Security & Risk Analysis

wordpress.org/plugins/woo-smart-compare

It helps customers compare products with mighty AJAX, doesn't require opening a new page or iframe, and allows drag-and-drop functionality.

80K active installs v6.5.5 PHP + WP 4.0+ Updated Mar 14, 2026
comparecomparisonwoocommercewpc
98
A · Safe
CVEs total2
Unpatched0
Last CVEAug 18, 2025
Plugin page Download
Safety Verdict

Is WPC Smart Compare for WooCommerce Safe to Use in 2026?

Generally Safe

Score 98/100

WPC Smart Compare for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Aug 18, 2025Updated 20d ago
Risk Assessment

The "woo-smart-compare" plugin version 6.5.5 exhibits a mixed security posture. While it demonstrates good practices like using prepared statements for all SQL queries and a high percentage of properly escaped outputs, there are notable areas of concern. The presence of one AJAX handler without authentication checks, coupled with the use of the `unserialize` function, presents a potential attack vector. Although no critical or high severity taint flows were identified, the potential for insecure deserialization is a significant risk that should not be overlooked. The plugin's vulnerability history, showing two medium-severity Cross-Site Scripting (XSS) vulnerabilities in the past, is also a point of attention. While these are currently patched, it indicates a historical tendency for input sanitization issues that require diligent monitoring. Overall, the plugin has strengths in data handling but requires attention to its entry points and historical vulnerability patterns to improve its security.

Key Concerns

  • AJAX handler without authentication check
  • Use of dangerous function: unserialize
  • Past medium severity XSS vulnerabilities
Vulnerabilities
2

WPC Smart Compare for WooCommerce Security Vulnerabilities

CVEs by Year

2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-7496medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WPC Smart Compare for WooCommerce <= 6.4.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

Aug 18, 2025 Patched in 6.4.8 (1d)
CVE-2025-5530medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WPC Smart Compare for WooCommerce <= 6.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jul 10, 2025 Patched in 6.4.7 (1d)
Code Analysis
Analyzed Mar 16, 2026

WPC Smart Compare for WooCommerce Code Analysis

Dangerous Functions
3
Raw SQL Queries
0
2 prepared
Unescaped Output
45
348 escaped
Nonce Checks
10
Capability Checks
2
File Operations
0
External Requests
3
Bundled Libraries
1

Dangerous Functions Found

unserialize$plugins = unserialize( $response['body'] );includes\dashboard\wpc-dashboard.php:101
unserialize$plugins = unserialize( $response['body'] );includes\dashboard\wpc-dashboard.php:179
unserialize$plugins = unserialize( $response['body'] );includes\kit\wpc-kit.php:98

Bundled Libraries

jQuery

SQL Query Safety

100% prepared2 total queries

Output Escaping

89% escaped393 total outputs
Data Flows
All sanitized

Data Flow Analysis

6 flows
ajax_export (includes\dashboard\wpc-dashboard.php:215)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

WPC Smart Compare for WooCommerce Attack Surface

Entry Points11
Unprotected1

AJAX Handlers 6

authwp_ajax_wpc_get_pluginsincludes\dashboard\wpc-dashboard.php:9
authwp_ajax_wpc_get_suggestionincludes\dashboard\wpc-dashboard.php:10
authwp_ajax_wpc_exportincludes\dashboard\wpc-dashboard.php:11
authwp_ajax_wpc_importincludes\dashboard\wpc-dashboard.php:12
authwp_ajax_wpc_get_essential_kitincludes\kit\wpc-kit.php:22
authwp_ajax_woosc_add_fieldwpc-smart-compare.php:98

Shortcodes 5

[woosc] wpc-smart-compare.php:194
[woosc_btn] wpc-smart-compare.php:195
[woosc_link] wpc-smart-compare.php:196
[woosc_list] wpc-smart-compare.php:197
[woosc_quick_table] wpc-smart-compare.php:198
WordPress Hooks 40
actionadmin_enqueue_scriptsincludes\dashboard\wpc-dashboard.php:7
actionadmin_menuincludes\dashboard\wpc-dashboard.php:8
actionbefore_woocommerce_initincludes\hpos.php:7
actionadmin_enqueue_scriptsincludes\kit\wpc-kit.php:20
actionadmin_menuincludes\kit\wpc-kit.php:21
actionplugins_loadedwpc-smart-compare.php:38
actionadmin_noticeswpc-smart-compare.php:42
filterquery_varswpc-smart-compare.php:67
actioninitwpc-smart-compare.php:70
actionwp_loginwpc-smart-compare.php:71
actionwp_footerwpc-smart-compare.php:72
actionwp_enqueue_scriptswpc-smart-compare.php:73
actionadmin_enqueue_scriptswpc-smart-compare.php:74
filterwp_dropdown_catswpc-smart-compare.php:75
actionsave_postwpc-smart-compare.php:78
actionwc_ajax_woosc_searchwpc-smart-compare.php:81
actionwc_ajax_woosc_sharewpc-smart-compare.php:84
actionwc_ajax_woosc_loadwpc-smart-compare.php:87
actiontemplate_redirectwpc-smart-compare.php:90
actionadmin_initwpc-smart-compare.php:93
filterpre_update_optionwpc-smart-compare.php:94
actionadmin_menuwpc-smart-compare.php:95
filterplugin_action_linkswpc-smart-compare.php:101
filterplugin_row_metawpc-smart-compare.php:102
filterwp_nav_menu_itemswpc-smart-compare.php:105
filterwoocommerce_account_menu_itemswpc-smart-compare.php:109
actionwoocommerce_account_compare_endpointwpc-smart-compare.php:110
actionwoocommerce_after_single_product_summarywpc-smart-compare.php:119
actionwoocommerce_after_single_product_summarywpc-smart-compare.php:125
actionwoocommerce_after_single_product_summarywpc-smart-compare.php:132
filterwcml_multi_currency_ajax_actionswpc-smart-compare.php:141
filterwpcsm_locationswpc-smart-compare.php:144
filterwoosc_disable_nonce_checkwpc-smart-compare.php:147
actionwoocommerce_shop_loop_item_titlewpc-smart-compare.php:210
actionwoocommerce_shop_loop_item_titlewpc-smart-compare.php:213
actionwoocommerce_after_shop_loop_item_titlewpc-smart-compare.php:216
actionwoocommerce_after_shop_loop_item_titlewpc-smart-compare.php:219
actionwoocommerce_after_shop_loop_itemwpc-smart-compare.php:222
actionwoocommerce_after_shop_loop_itemwpc-smart-compare.php:225
actionwoocommerce_single_product_summarywpc-smart-compare.php:237
Maintenance & Trust

WPC Smart Compare for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 14, 2026
PHP min version
Downloads2.1M

Community Trust

Rating90/100
Number of ratings44
Active installs80K
Alternatives

WPC Smart Compare for WooCommerce Alternatives

YITH WooCommerce Compare

YITH WooCommerce Compare

yith-woocommerce-compare

A
96

YITH WooCommerce Compare allows you to compare more products of your shop in one complete table. WooCommerce Compatible up to 10.6

100K 3 CVEs
ThemeHunk Product Compare for WooCommerce

ThemeHunk Product Compare for WooCommerce

th-product-compare

A
100

Add an easy and powerful product compare feature to your WooCommerce store. Let customers do product comparison by price, features, and attributes.

4K No CVEs
Addonify – Compare Products For WooCommerce

Addonify – Compare Products For WooCommerce

addonify-compare-products

A
99

Addonify Compare Products is a WooCommerce extension that allows website visitors to compare multiple products on your online store.

1K 1 CVE
Products Compare for WooCommerce

Products Compare for WooCommerce

products-compare-for-woocommerce

A
100

Allow your users to compare products of your shop by attributes and price.

1K No CVEs
Ever Compare – Products Compare Plugin for WooCommerce

Ever Compare – Products Compare Plugin for WooCommerce

ever-compare

A
100

Ever Compare is a WordPress plugin for product compare, is a powerful tool that helps you to enable compare button for WooCommerce product.

700 1 CVE
Developer Profile

WPC Smart Compare for WooCommerce Developer Profile

WPClever

71 plugins · 441K total installs

87
trust score
Avg Security Score
99/100
Avg Patch Time
68 days
View full developer profile
Detection Fingerprints

How We Detect WPC Smart Compare for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/woo-smart-compare/assets/css/animate.min.css/wp-content/plugins/woo-smart-compare/assets/css/font-awesome.min.css/wp-content/plugins/woo-smart-compare/assets/css/jquery.ddslick.css/wp-content/plugins/woo-smart-compare/assets/css/magnific-popup.css/wp-content/plugins/woo-smart-compare/assets/css/owl.carousel.css/wp-content/plugins/woo-smart-compare/assets/css/style.css/wp-content/plugins/woo-smart-compare/assets/js/frontend.js/wp-content/plugins/woo-smart-compare/assets/js/jquery.ddslick.min.js+4 more
Script Paths
/wp-content/plugins/woo-smart-compare/assets/js/frontend.js/wp-content/plugins/woo-smart-compare/assets/js/jquery.ddslick.min.js/wp-content/plugins/woo-smart-compare/assets/js/magnific-popup.js/wp-content/plugins/woo-smart-compare/assets/js/owl.carousel.min.js/wp-content/plugins/woo-smart-compare/assets/js/sweetalert.min.js/wp-content/plugins/woo-smart-compare/assets/js/tippy.all.min.js
Version Parameters
woo-smart-compare/assets/css/style.css?ver=woo-smart-compare/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
woosc-compare-wrapwoosc-compare-buttonwoosc-compare-formwoosc-compare-noticewoosc-compare-removewoosc-compare-addedwoosc-compare-productswoosc-product+7 more
Data Attributes
data-woosc-iddata-woosc-addeddata-woosc-titledata-woosc-imagedata-woosc-pricedata-woosc-url+5 more
JS Globals
woosc_varsWOOSC_ADD_TEXTWOOSC_ADDED_TEXTWOOSC_REMOVE_TEXTWOOSC_MAX_COMPAREWOOSC_TOOLTIP_POSITION+1 more
REST Endpoints
/wp-json/woosc/v1/get-products
FAQ

Frequently Asked Questions about WPC Smart Compare for WooCommerce