WP-Safety

Compare Products for WooCommerce Security & Risk Analysis

wordpress.org/plugins/woocommerce-compare-products

Add a World Class Compare Products Feature to your WooCommerce store today with the Compare Products for WooCommerce plugin.

30 active installs v3.2.4 PHP + WP 6.0+ Updated Dec 2, 2025
compare-productscompare-products-pluginwoocommercewoocommerce-compare-productswoocommerce-plugins
95
A · Safe
CVEs total4
Unpatched0
Last CVEJan 6, 2025
Download
Safety Verdict

Is Compare Products for WooCommerce Safe to Use in 2026?

Generally Safe

Score 95/100

Compare Products for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: Jan 6, 2025Updated 4mo ago
Risk Assessment

The WooCommerce Compare Products plugin v3.2.4 presents a mixed security posture. While it demonstrates good practices in output escaping (84% properly escaped) and has a respectable number of nonce checks (10) and capability checks (4), significant concerns arise from its extensive attack surface. A high number of AJAX handlers (26) are exposed without authentication, creating a substantial entry point for attackers. The taint analysis reveals a high-severity flow with unsanitized paths, indicating a potential vulnerability that needs immediate attention. The plugin's historical vulnerability data is troubling, with 4 known CVEs, including 3 high and 1 medium severity issues, many related to Cross-Site Scripting and Deserialization of Untrusted Data. The fact that the last vulnerability was in 2025 suggests a pattern of recurring security flaws, even though none are currently unpatched.

While the absence of dangerous functions and a low percentage of SQL queries without prepared statements are positive signs, the unauthenticated AJAX handlers and the high-severity taint flow are critical weaknesses. The historical pattern of vulnerabilities, particularly those related to input manipulation, suggests a need for more robust input validation and sanitization throughout the plugin's codebase. The presence of bundled libraries like jQuery and TinyMCE, while common, can also introduce risks if not properly managed or updated externally. Overall, the plugin's security is compromised by its exposed attack surface and past vulnerabilities, despite some good coding practices.

Key Concerns

  • Large attack surface without auth
  • High severity taint flow
  • SQL queries without prepare
  • High severity historical CVEs
  • Medium severity historical CVEs
  • Unsanitized paths in taint analysis
Vulnerabilities
4

Compare Products for WooCommerce Security Vulnerabilities

CVEs by Year

2 CVEs in 2022
2022
2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

High
3
Medium
1

4 total CVEs

CVE-2024-12435medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Compare Products for WooCommerce <= 3.2.1 - Reflected Cross-Site Scripting

Jan 6, 2025 Patched in 3.2.2 (200d)
CVE-2024-12313high · 8.1Deserialization of Untrusted Data

Compare Products for WooCommerce <= 3.2.1 - Unauthenticated PHP Object Injection

Jan 6, 2025 Patched in 3.2.2 (200d)
WF-0a5a0ca6-f355-4110-a533-04e46c741ec9-woocommerce-compare-productshigh · 8.8Cross-Site Request Forgery (CSRF)

a3 Lazy Load <= 2.6.0 - Cross-Site Request Forgery to Settings Reset

Nov 2, 2022 Patched in 2.8.3 (447d)
WF-9133fa10-036b-4f42-9d0c-8e15d2625f5e-woocommerce-compare-productshigh · 8.8Cross-Site Request Forgery (CSRF)

a3rev Multiple Plugins <= Various Versions - Cross-Site Request Forgery to Settings Changes

May 24, 2022 Patched in 2.8.1 (609d)
Code Analysis
Analyzed Mar 16, 2026

Compare Products for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
39
13 prepared
Unescaped Output
206
1073 escaped
Nonce Checks
10
Capability Checks
4
File Operations
2
External Requests
4
Bundled Libraries
2

Bundled Libraries

jQueryTinyMCE

SQL Query Safety

25% prepared52 total queries

Output Escaping

84% escaped1279 total outputs
Data Flows
8 unsanitized

Data Flow Analysis

16 flows8 with unsanitized paths
a3_admin_ui_event (admin\admin-interface.php:174)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
26 unprotected

Compare Products for WooCommerce Attack Surface

Entry Points27
Unprotected26

AJAX Handlers 26

authwp_ajax_woocp_variable_add_to_cartadmin\compare_init.php:105
noprivwp_ajax_woocp_variable_add_to_cartadmin\compare_init.php:106
authwp_ajax_woocp_add_to_compareadmin\compare_init.php:109
noprivwp_ajax_woocp_add_to_compareadmin\compare_init.php:110
authwp_ajax_woocp_remove_from_popup_compareadmin\compare_init.php:113
noprivwp_ajax_woocp_remove_from_popup_compareadmin\compare_init.php:114
authwp_ajax_woocp_update_compare_popupadmin\compare_init.php:117
noprivwp_ajax_woocp_update_compare_popupadmin\compare_init.php:118
authwp_ajax_woocp_update_compare_widgetadmin\compare_init.php:121
noprivwp_ajax_woocp_update_compare_widgetadmin\compare_init.php:122
authwp_ajax_woocp_update_total_compareadmin\compare_init.php:125
noprivwp_ajax_woocp_update_total_compareadmin\compare_init.php:126
authwp_ajax_woocp_remove_from_compareadmin\compare_init.php:129
noprivwp_ajax_woocp_remove_from_compareadmin\compare_init.php:130
authwp_ajax_woocp_clear_compareadmin\compare_init.php:133
noprivwp_ajax_woocp_clear_compareadmin\compare_init.php:134
authwp_ajax_woocp_get_variation_compareadmin\compare_init.php:137
noprivwp_ajax_woocp_get_variation_compareadmin\compare_init.php:138
authwp_ajax_woocp_variation_get_fieldsadmin\compare_init.php:141
noprivwp_ajax_woocp_variation_get_fieldsadmin\compare_init.php:142
authwp_ajax_woocp_product_get_fieldsadmin\compare_init.php:145
noprivwp_ajax_woocp_product_get_fieldsadmin\compare_init.php:146
authwp_ajax_woocp_update_ordersadmin\compare_init.php:149
noprivwp_ajax_woocp_update_ordersadmin\compare_init.php:150
authwp_ajax_woocp_update_cat_ordersadmin\compare_init.php:153
noprivwp_ajax_woocp_update_cat_ordersadmin\compare_init.php:154

Shortcodes 1

[woocommerce_compare_attributes_table] admin\compare_init.php:212
WordPress Hooks 57
actionplugins_loadedadmin\admin-init.php:39
actionplugins_loadedadmin\admin-init.php:47
actioninitadmin\admin-interface.php:49
actioninitadmin\admin-interface.php:50
actionadmin_enqueue_scriptsadmin\admin-interface.php:65
actionadmin_enqueue_scriptsadmin\admin-interface.php:66
actionadmin_print_scriptsadmin\admin-interface.php:69
actionadmin_print_footer_scriptsadmin\admin-interface.php:70
actionadmin_enqueue_scriptsadmin\admin-interface.php:81
actionadmin_footeradmin\classes\class-wc-compare-products.php:20
actioninitadmin\compare_init.php:65
actionadmin_enqueue_scriptsadmin\compare_init.php:68
actionadmin_enqueue_scriptsadmin\compare_init.php:71
actionplugins_loadedadmin\compare_init.php:74
filterplugin_row_metaadmin\compare_init.php:77
actionwidgets_initadmin\compare_init.php:82
actioninitadmin\compare_init.php:88
filtertemplate_includeadmin\compare_init.php:99
actionadmin_menuadmin\compare_init.php:102
actionwp_enqueue_scriptsadmin\compare_init.php:157
actionwoocp_comparison_page_headeradmin\compare_init.php:160
actionget_footeradmin\compare_init.php:163
filterwoocommerce_product_default_attributesadmin\compare_init.php:166
actionwoocommerce_before_template_partadmin\compare_init.php:172
actionwoocommerce_after_shop_loop_itemadmin\compare_init.php:174
actionwoocommerce_before_add_to_cart_buttonadmin\compare_init.php:181
actionwoocommerce_after_add_to_cart_buttonadmin\compare_init.php:183
filterwoocommerce_product_tabsadmin\compare_init.php:189
actioncreate_product_catadmin\compare_init.php:193
actionadmin_initadmin\compare_init.php:196
actionadmin_menuadmin\compare_init.php:199
actionadmin_footeradmin\compare_init.php:201
actionwoocommerce_product_after_variable_attributesadmin\compare_init.php:204
actionwoocommerce_save_product_variationadmin\compare_init.php:205
actionsave_postadmin\compare_init.php:208
actioninitadmin\compare_init.php:237
actionadmin_enqueue_scriptsadmin\includes\uploader\class-uploader.php:59
actionwp_enqueue_scriptsadmin\less\sass.php:23
filterfilesystem_methodadmin\less\sass.php:61
actionplugins_loadedadmin\settings\comparison-page\global-settings.php:82
actionplugins_loadedadmin\settings\global-settings.php:82
actionplugins_loadedadmin\settings\gridview-style\global-settings.php:82
actionplugins_loadedadmin\settings\product-page\global-settings.php:82
actionplugins_loadedadmin\settings\widget-style\compare-widget-settings.php:82
actionadmin_footerclasses\class-wc-compare-features.php:32
actionbefore_woocommerce_initcompare_products.php:43
actionadmin_initincludes\class-wc-compare-install.php:17
actionadmin_initincludes\class-wc-compare-install.php:18
actionadmin_initincludes\class-wc-compare-install.php:19
actionadmin_initincludes\class-wc-compare-install.php:20
actioninitsrc\blocks\compare-button\block.php:54
actioninitsrc\blocks\compare-list\block.php:50
actioninitsrc\blocks.php:21
actionenqueue_block_assetssrc\blocks.php:24
filterblock_categories_allsrc\blocks.php:29
filtermce_external_pluginstinymce3\tinymce.php:13
actioninittinymce3\tinymce.php:27
Maintenance & Trust

Compare Products for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.0
Last updatedDec 2, 2025
PHP min version
Downloads118K

Community Trust

Rating56/100
Number of ratings14
Active installs30
Alternatives

Compare Products for WooCommerce Alternatives

YITH WooCommerce Compare

YITH WooCommerce Compare

yith-woocommerce-compare

A
96

YITH WooCommerce Compare allows you to compare more products of your shop in one complete table. WooCommerce Compatible up to 10.6

100K 3 CVEs
Addonify – Compare Products For WooCommerce

Addonify – Compare Products For WooCommerce

addonify-compare-products

A
99

Addonify Compare Products is a WooCommerce extension that allows website visitors to compare multiple products on your online store.

1K 1 CVE
Product Options and Price Calculation Formulas for WooCommerce – Uni CPO

Product Options and Price Calculation Formulas for WooCommerce – Uni CPO

uni-woo-custom-product-options

A
100

Offers the ability to add extra product options and calculate the price dynamically based on the selected options using custom mathematical formulas!

1K No CVEs
Ever Compare – Products Compare Plugin for WooCommerce

Ever Compare – Products Compare Plugin for WooCommerce

ever-compare

A
100

Ever Compare is a WordPress plugin for product compare, is a powerful tool that helps you to enable compare button for WooCommerce product.

700 1 CVE
Infinite Ajax Scrolling Lite For Woocommerce

Infinite Ajax Scrolling Lite For Woocommerce

infinite-ajax-scrolling-for-woocommerce

A
85

There is a tendency to scroll down till one reaches the end of a web page. Infinite Scrolling Plugin uses this insight.

500 No CVEs
Developer Profile

Compare Products for WooCommerce Developer Profile

Steve Truman

13 plugins · 117K total installs

73
trust score
Avg Security Score
91/100
Avg Patch Time
539 days
View full developer profile
Detection Fingerprints

How We Detect Compare Products for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/woocommerce-compare-products/assets/css/admin.css/wp-content/plugins/woocommerce-compare-products/assets/css/bootstrap.min.css/wp-content/plugins/woocommerce-compare-products/assets/css/modal.css/wp-content/plugins/woocommerce-compare-products/assets/css/style.css/wp-content/plugins/woocommerce-compare-products/assets/js/admin.js/wp-content/plugins/woocommerce-compare-products/assets/js/bootstrap/modal.js/wp-content/plugins/woocommerce-compare-products/assets/js/bootstrap/util.js/wp-content/plugins/woocommerce-compare-products/assets/js/compare.js+9 more
Script Paths
/wp-content/plugins/woocommerce-compare-products/assets/js/compare.js/wp-content/plugins/woocommerce-compare-products/assets/js/frontend.js/wp-content/plugins/woocommerce-compare-products/assets/js/shortcode.js/wp-content/plugins/woocommerce-compare-products/assets/js/admin.js
Version Parameters
woocommerce-compare-products/assets/css/style.css?ver=woocommerce-compare-products/assets/css/admin.css?ver=woocommerce-compare-products/assets/js/admin.js?ver=woocommerce-compare-products/assets/js/compare.js?ver=woocommerce-compare-products/assets/js/frontend.js?ver=woocommerce-compare-products/assets/js/shortcode.js?ver=woocommerce-compare-products/assets/js/custom-select.js?ver=woocommerce-compare-products/assets/js/libs/jquery.cookie.js?ver=woocommerce-compare-products/assets/js/libs/owl.carousel.min.js?ver=woocommerce-compare-products/assets/js/libs/jquery.elevatezoom.js?ver=woocommerce-compare-products/assets/js/libs/jquery.matchHeight.js?ver=woocommerce-compare-products/assets/js/libs/jquery.isotope.min.js?ver=woocommerce-compare-products/assets/js/bootstrap/util.js?ver=woocommerce-compare-products/assets/js/bootstrap/modal.js?ver=woocommerce-compare-products/assets/css/modal.css?ver=woocommerce-compare-products/assets/css/bootstrap.min.css?ver=

HTML / DOM Fingerprints

CSS Classes
woocp-add-to-comparewoocp-compare-tablewoocp-compare-list-counta3rev-compare-products-widgeta3rev-compare-buttona3rev-compare-products-shortcodea3rev-compare-products-table-viewa3rev-compare-products-list-view+2 more
HTML Comments
<!-- A3rev Plugin Admin Interface --><!-- Start A3rev Compare Products --><!-- End A3rev Compare Products --><!-- Compare Products for WooCommerce PRO -->+1 more
Data Attributes
data-product-iddata-compare-iddata-max-comparedata-widget-iddata-compare-url
JS Globals
woocp_vars
Shortcode Output
[a3rev_compare_products][a3rev_compare_products_button][a3rev_compare_products_list]
FAQ

Frequently Asked Questions about Compare Products for WooCommerce