WP-Safety

Custom Product Tabs for WooCommerce Security & Risk Analysis

wordpress.org/plugins/yikes-inc-easy-custom-woocommerce-product-tabs

Add custom tabs with content to products in WooCommerce.

90K active installs v1.8.6 PHP 7.4+ WP 3.8+ Updated Apr 12, 2025
customizeduplicateproduct-tabsrepeatablewoocommerce
89
A · Safe
CVEs total3
Unpatched0
Last CVEJan 6, 2025
Plugin page Download
Safety Verdict

Is Custom Product Tabs for WooCommerce Safe to Use in 2026?

Generally Safe

Score 89/100

Custom Product Tabs for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

3 known CVEsLast CVE: Jan 6, 2025Updated 1yr ago
Risk Assessment

This plugin exhibits a mixed security posture. On the positive side, all identified entry points (AJAX handlers and REST API routes) appear to have authorization checks, and there are no obvious unsanitized taint flows or file operations. The presence of nonce checks on all AJAX handlers is also a good sign. However, the analysis reveals critical areas of concern. The use of the `unserialize` function without further context is a significant risk, as it can lead to deserialization vulnerabilities if the serialized data originates from an untrusted source. Furthermore, the single SQL query found is not using prepared statements, which opens the door to SQL injection vulnerabilities. The vulnerability history is also worrying, with 3 known CVEs including one high severity vulnerability and two medium severity ones, particularly mentioning deserialization and cross-site scripting. This history, coupled with the presence of `unserialize` in the current code, suggests a recurring pattern of vulnerabilities that need careful attention.

While the plugin has addressed its past vulnerabilities and currently has no unpatched CVEs, the presence of `unserialize` and raw SQL queries in the current version indicates that foundational security practices are not consistently applied. The relatively low number of entry points and the fact that they are protected are strengths. However, the inherent risks associated with insecure functions and queries, combined with past issues, mean that this plugin requires careful monitoring and likely updates to address the identified code signals before it can be considered truly secure.

Key Concerns

  • Dangerous function: unserialize found
  • SQL query not using prepared statements
  • High severity CVE in history
  • Medium severity CVEs in history (x2)
  • Limited capability checks (1 found)
Vulnerabilities
3 published

Custom Product Tabs for WooCommerce Security Vulnerabilities

CVEs by Year

2 CVEs in 2022
2022
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

High
1
Medium
2

3 total CVEs

CVE-2024-11465high · 7.2Deserialization of Untrusted Data

Custom Product Tabs for WooCommerce <= 1.8.5 - Authenticated (Shop Manager+) PHP Object Injection

Jan 6, 2025 Patched in 1.8.6 (101d)
CVE-2022-43463medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Custom Product Tabs for WooCommerce <= 1.7.9 - Authenticated (Administrator+) Stored Cross-Site Scripting

Oct 30, 2022 Patched in 1.8.0 (450d)
CVE-2022-28666medium · 6.3Missing Authorization

Custom Product Tabs for WooCommerce <= 1.7.7 - Subscriber+ Settings Update

Jun 28, 2022 Patched in 1.7.8 (574d)
Version History

Custom Product Tabs for WooCommerce Release Timeline

v1.8.6Current
v1.8.51 CVE
CVE-2024-11465
v1.8.41 CVE
CVE-2024-11465
v1.8.31 CVE
CVE-2024-11465
v1.8.21 CVE
CVE-2024-11465
v1.8.11 CVE
CVE-2024-11465
v1.8.01 CVE
CVE-2024-11465
v1.7.92 CVEs
CVE-2022-43463 CVE-2024-11465
v1.7.82 CVEs
CVE-2022-43463 CVE-2024-11465
v1.7.73 CVEs
CVE-2022-43463 CVE-2024-11465 CVE-2022-28666
v1.7.63 CVEs
CVE-2022-43463 CVE-2024-11465 CVE-2022-28666
v1.7.53 CVEs
CVE-2022-43463 CVE-2024-11465 CVE-2022-28666
v1.7.43 CVEs
CVE-2022-43463 CVE-2024-11465 CVE-2022-28666
v1.7.33 CVEs
CVE-2022-43463 CVE-2024-11465 CVE-2022-28666
v1.7.13 CVEs
CVE-2022-43463 CVE-2024-11465 CVE-2022-28666
v1.7.03 CVEs
CVE-2022-43463 CVE-2024-11465 CVE-2022-28666
v1.6.133 CVEs
CVE-2022-43463 CVE-2024-11465 CVE-2022-28666
v1.6.123 CVEs
CVE-2022-43463 CVE-2024-11465 CVE-2022-28666
v1.6.113 CVEs
CVE-2022-43463 CVE-2024-11465 CVE-2022-28666
v1.6.103 CVEs
CVE-2022-43463 CVE-2024-11465 CVE-2022-28666
Code Analysis
Analyzed Mar 16, 2026

Custom Product Tabs for WooCommerce Code Analysis

Dangerous Functions
1
Raw SQL Queries
1
0 prepared
Unescaped Output
25
69 escaped
Nonce Checks
6
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserializereturn @unserialize( trim( $data ), array( 'allowed_classes' => false ) ); //phpcs:ignore -- allowedadmin\helper.functions.php:8

SQL Query Safety

0% prepared1 total queries

Output Escaping

73% escaped94 total outputs
Attack Surface

Custom Product Tabs for WooCommerce Attack Surface

Entry Points7
Unprotected0

AJAX Handlers 6

authwp_ajax_yikes_woo_save_tab_as_reusableadmin\class.yikes-woo-saved-tabs.php:26
authwp_ajax_yikes_woo_fetch_reusable_tabsadmin\class.yikes-woo-saved-tabs.php:27
authwp_ajax_yikes_woo_fetch_reusable_tabadmin\class.yikes-woo-saved-tabs.php:28
authwp_ajax_yikes_woo_delete_reusable_tab_handleradmin\class.yikes-woo-saved-tabs.php:29
authwp_ajax_yikes_woo_get_wp_editoradmin\class.yikes-woo-tabs.php:26
authwp_ajax_yikes_woo_save_product_tabsadmin\class.yikes-woo-tabs.php:27

REST API Routes 1

POST/wp-json/yikes/cpt/v1/settingsadmin\class.settings.php:86
WordPress Hooks 35
filterwoocommerce_product_export_meta_valueadmin\class.export.php:12
filterwoocommerce_product_importer_formatting_callbacksadmin\class.import.php:12
actionadmin_menuadmin\class.premium.php:11
actionadmin_enqueue_scriptsadmin\class.premium.php:14
actionyikes-woo-saved-tabs-list-adadmin\class.premium.php:17
actionadmin_enqueue_scriptsadmin\class.settings.php:17
actionyikes-woo-settings-areaadmin\class.settings.php:20
actionrest_api_initadmin\class.settings.php:23
actionyikes-woo-display-too-many-products-warningadmin\class.settings.php:26
filteryikes_woo_use_the_content_filteradmin\class.settings.php:29
filteryikes_woo_filter_main_tab_contentadmin\class.settings.php:30
actionadmin_menuadmin\class.support.php:11
actionadmin_enqueue_scriptsadmin\class.support.php:14
actionyikes-woo-support-page-freeadmin\class.support.php:17
actionadmin_menuadmin\class.yikes-woo-saved-tabs.php:10
actionadmin_initadmin\class.yikes-woo-saved-tabs.php:13
actionadmin_enqueue_scriptsadmin\class.yikes-woo-saved-tabs.php:23
filterwoocommerce_product_duplicateadmin\class.yikes-woo-saved-tabs.php:32
actiondelete_postadmin\class.yikes-woo-saved-tabs.php:35
actionwoocommerce_initadmin\class.yikes-woo-tabs.php:10
actionwoocommerce_product_write_panel_tabsadmin\class.yikes-woo-tabs.php:16
actionwoocommerce_product_data_panelsadmin\class.yikes-woo-tabs.php:17
actionwoocommerce_process_product_metaadmin\class.yikes-woo-tabs.php:20
actionadmin_enqueue_scriptsadmin\class.yikes-woo-tabs.php:23
actionwoocommerce_product_duplicateadmin\class.yikes-woo-tabs.php:30
actionwoocommerce_initpublic\class.yikes-woo-tabs-display.php:10
filterwoocommerce_product_tabspublic\class.yikes-woo-tabs-display.php:16
filteryikes_woocommerce_custom_repeatable_product_tabs_contentpublic\class.yikes-woo-tabs-display.php:19
actionbefore_woocommerce_inityikes-inc-easy-custom-woocommerce-product-tabs.php:34
actionadmin_noticesyikes-inc-easy-custom-woocommerce-product-tabs.php:43
actionadmin_inityikes-inc-easy-custom-woocommerce-product-tabs.php:101
actionadmin_inityikes-inc-easy-custom-woocommerce-product-tabs.php:114
filterwp_default_editoryikes-inc-easy-custom-woocommerce-product-tabs.php:295
actionplugins_loadedyikes-inc-easy-custom-woocommerce-product-tabs.php:298
filteradmin_footer_textyikes-inc-easy-custom-woocommerce-product-tabs.php:303
Maintenance & Trust

Custom Product Tabs for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedApr 12, 2025
PHP min version7.4
Downloads2.0M

Community Trust

Rating88/100
Number of ratings163
Active installs90K
Alternatives

Custom Product Tabs for WooCommerce Alternatives

Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More

Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More

themeisle-companion

A
87

Add modules like share buttons, header & footer scripts, disable comments, reading progress bar, custom fonts, custom login page & more in one plugin.

100K 20 CVEs
Checkout Field Manager (Checkout Manager) for WooCommerce

Checkout Field Manager (Checkout Manager) for WooCommerce

woocommerce-checkout-manager

A
92

Checkout Field Manager (Checkout Manager) for WooCommerce is the most advanced plugin to customize checkout fields on your WooCommerce checkout page.

90K 5 CVEs
Flexible Checkout Fields for WooCommerce – WooCommerce Checkout Manager

Flexible Checkout Fields for WooCommerce – WooCommerce Checkout Manager

flexible-checkout-fields

A
99

The best WooCommerce checkout manager. Edit, remove or add checkout fields. Customize WooCommerce checkout with this checkout field customizer.

80K 2 CVEs
EmailKit – Email Customizer for WooCommerce & WP

EmailKit – Email Customizer for WooCommerce & WP

emailkit

A
95

EmailKit is a powerful WordPress and WooCommerce email customizer tool, free for everyone! It allows users to customize and design templates that show &hellip;

70K 5 CVEs
YayMail – WooCommerce Email Customizer

YayMail – WooCommerce Email Customizer

yaymail

A
92

Customize WooCommerce email templates with an advanced drag-and-drop email builder. Works great with 80+ WooCommerce Email Customizer Addons.

50K 7 CVEs
Developer Profile

Custom Product Tabs for WooCommerce Developer Profile

Evan Herman

15 plugins · 135K total installs

68
trust score
Avg Security Score
84/100
Avg Patch Time
375 days
View full developer profile
Detection Fingerprints

How We Detect Custom Product Tabs for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/yikes-inc-easy-custom-woocommerce-product-tabs/admin/css/yikes-woo-admin.css/wp-content/plugins/yikes-inc-easy-custom-woocommerce-product-tabs/admin/js/yikes-woo-admin.js/wp-content/plugins/yikes-inc-easy-custom-woocommerce-product-tabs/public/css/yikes-woo-public.css/wp-content/plugins/yikes-inc-easy-custom-woocommerce-product-tabs/public/js/yikes-woo-public.js/wp-content/plugins/yikes-inc-easy-custom-woocommerce-product-tabs/admin/assets/css/select2.min.css/wp-content/plugins/yikes-inc-easy-custom-woocommerce-product-tabs/admin/assets/js/select2.min.js/wp-content/plugins/yikes-inc-easy-custom-woocommerce-product-tabs/admin/assets/js/yikes-woo-settings.js/wp-content/plugins/yikes-inc-easy-custom-woocommerce-product-tabs/admin/assets/js/yikes-woo-import-export.js
Script Paths
/wp-content/plugins/yikes-inc-easy-custom-woocommerce-product-tabs/admin/js/yikes-woo-admin.js/wp-content/plugins/yikes-inc-easy-custom-woocommerce-product-tabs/public/js/yikes-woo-public.js/wp-content/plugins/yikes-inc-easy-custom-woocommerce-product-tabs/admin/assets/js/select2.min.js/wp-content/plugins/yikes-inc-easy-custom-woocommerce-product-tabs/admin/assets/js/yikes-woo-settings.js/wp-content/plugins/yikes-inc-easy-custom-woocommerce-product-tabs/admin/assets/js/yikes-woo-import-export.js
Version Parameters
yikes-inc-easy-custom-woocommerce-product-tabs/admin/css/yikes-woo-admin.css?ver=yikes-inc-easy-custom-woocommerce-product-tabs/admin/js/yikes-woo-admin.js?ver=yikes-inc-easy-custom-woocommerce-product-tabs/public/css/yikes-woo-public.css?ver=yikes-inc-easy-custom-woocommerce-product-tabs/public/js/yikes-woo-public.js?ver=yikes-inc-easy-custom-woocommerce-product-tabs/admin/assets/css/select2.min.css?ver=yikes-inc-easy-custom-woocommerce-product-tabs/admin/assets/js/select2.min.js?ver=yikes-inc-easy-custom-woocommerce-product-tabs/admin/assets/js/yikes-woo-settings.js?ver=yikes-inc-easy-custom-woocommerce-product-tabs/admin/assets/js/yikes-woo-import-export.js?ver=

HTML / DOM Fingerprints

CSS Classes
yikes-woo-tab-itemyikes-woo-custom-tab-contentyikes-woo-product-tabs-wrapperyikes-woo-tab-editor-wrapperyikes-woo-reusable-tabs-tableyikes-woo-reusable-tab-rowyikes-woo-admin-notice
HTML Comments
<!-- hide the 'Plugin Activated' default message --><!-- display our error message --><!-- Begin Plugin Settings --><!-- End Plugin Settings -->+4 more
Data Attributes
data-yikes-woo-tab-iddata-yikes-woo-product-iddata-yikes-woo-tab-slug
JS Globals
YIKES_WOO_ADMIN_AJAX_OBJECTYIKES_WOO_SETTINGS_OBJECTYIKES_WOO_IMPORT_EXPORT_OBJECT
REST Endpoints
/wp-json/yikes-woo/v1/tabs/wp-json/yikes-woo/v1/tabs/(?P<id>[\d]+)/wp-json/yikes-woo/v1/settings
Shortcode Output
[yikes_woo_custom_product_tabs]
FAQ

Frequently Asked Questions about Custom Product Tabs for WooCommerce