WP-Safety

YITH Color and Label Variations for WooCommerce Security & Risk Analysis

wordpress.org/plugins/yith-color-and-label-variations-for-woocommerce

YITH WooCommerce Color and Label Variations replaces the dropdown select of your variable products with Colors and Labels

10K active installs v2.26.0 PHP 7.4+ WP 6.7+ Updated Feb 26, 2026
color-and-label-variationsvariable-productvariationswoocommcereyith
99
A · Safe
CVEs total1
Unpatched0
Last CVENov 11, 2022
Plugin page Download
Safety Verdict

Is YITH Color and Label Variations for WooCommerce Safe to Use in 2026?

Generally Safe

Score 99/100

YITH Color and Label Variations for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Nov 11, 2022Updated 1mo ago
Risk Assessment

The plugin 'yith-color-and-label-variations-for-woocommerce' v2.26.0 exhibits a mixed security posture. On the positive side, it demonstrates strong adherence to secure coding practices by utilizing prepared statements for all SQL queries and generally performs robust output escaping. The absence of critical or high severity taint flows suggests good handling of potentially malicious input in analyzed flows. The plugin also implements a reasonable number of nonce and capability checks.

However, there are notable areas of concern. The presence of one unprotected AJAX handler represents a significant attack surface that could be exploited by unauthenticated users. While the plugin has a history of known vulnerabilities, notably a high-severity one related to missing authorization, it is currently unpatched. This historical pattern, coupled with the unprotected AJAX handler, indicates a recurring issue with authorization enforcement, which is a critical aspect of web application security. Therefore, while the code quality in many areas is commendable, the identified unprotected entry point and past vulnerabilities warrant careful consideration and prompt remediation.

In conclusion, the plugin has strengths in its SQL handling and output escaping. However, the unprotected AJAX endpoint and the history of a high-severity authorization vulnerability are significant weaknesses. The fact that the past vulnerability is currently unpatched is a critical flag. The plugin needs immediate attention to secure its unprotected entry points and address historical authorization flaws.

Key Concerns

  • Unprotected AJAX handler
  • Currently unpatched high severity vulnerability
  • History of missing authorization vulnerabilities
Vulnerabilities
1

YITH Color and Label Variations for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2022
2022
Patched Has unpatched

Severity Breakdown

High
1

1 total CVE

WF-b948574a-0aab-4596-83e6-04be21f78bc1-yith-color-and-label-variations-for-woocommercehigh · 7.1Missing Authorization

YITH plugins by YITHEMES <= (Various Versions) - Missing Authorization

Nov 11, 2022 Patched in 1.25.1 (438d)
Code Analysis
Analyzed Mar 16, 2026

YITH Color and Label Variations for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
13 prepared
Unescaped Output
96
1511 escaped
Nonce Checks
15
Capability Checks
16
File Operations
0
External Requests
7
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

100% prepared13 total queries

Output Escaping

94% escaped1607 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

15 flows2 with unsanitized paths
<class.yith-wccl-admin> (includes\class.yith-wccl-admin.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

YITH Color and Label Variations for WooCommerce Attack Surface

Entry Points5
Unprotected1

AJAX Handlers 5

authwp_ajax_yith_plugin_fw_gutenberg_do_shortcodeplugin-fw\includes\builders\gutenberg\class-yith-gutenberg.php:63
authwp_ajax_yith_plugin_fw_save_toggle_element_metaboxplugin-fw\includes\class-yit-metabox.php:86
authwp_ajax_yith_plugin_fw_save_toggle_elementplugin-fw\includes\class-yit-plugin-panel.php:138
authwp_ajax_yith_bh_onboardingplugin-fw\includes\class-yith-bh-onboarding.php:37
authwp_ajax_yith_create_log_fileplugin-fw\includes\class-yith-system-status.php:101
WordPress Hooks 112
actioninitincludes\class.yith-wccl-admin.php:61
filteryith_show_plugin_row_metaincludes\class.yith-wccl-admin.php:65
actionyith_wccl_print_attribute_fieldincludes\class.yith-wccl-admin.php:68
actioncreated_termincludes\class.yith-wccl-admin.php:71
actionedit_termincludes\class.yith-wccl-admin.php:72
actionwoocommerce_product_option_termsincludes\class.yith-wccl-admin.php:75
actionadmin_enqueue_scriptsincludes\class.yith-wccl-admin.php:78
actionadmin_menuincludes\class.yith-wccl-admin.php:81
actionyith_wccl_colorpicker_attributeincludes\class.yith-wccl-admin.php:84
actionwp_enqueue_scriptsincludes\class.yith-wccl-frontend.php:28
actiontemplate_redirectincludes\class.yith-wccl-frontend.php:30
actionwoocommerce_variable_add_to_cartincludes\class.yith-wccl-frontend.php:43
actionbefore_woocommerce_initincludes\class.yith-wccl.php:36
filterproduct_attributes_type_selectorincludes\class.yith-wccl.php:46
filteryith_wcan_attribute_filter_item_argsincludes\class.yith-wccl.php:48
actionadmin_noticesinit.php:60
actionplugins_loadedinit.php:122
actionelementor/elements/categories_registeredplugin-fw\includes\builders\elementor\class-yith-elementor.php:50
actionelementor/editor/after_enqueue_stylesplugin-fw\includes\builders\elementor\class-yith-elementor.php:52
actionelementor/frontend/after_enqueue_stylesplugin-fw\includes\builders\elementor\class-yith-elementor.php:53
actioninitplugin-fw\includes\builders\gutenberg\class-yith-gutenberg.php:60
actioninitplugin-fw\includes\builders\gutenberg\class-yith-gutenberg.php:61
actioninitplugin-fw\includes\builders\gutenberg\class-yith-gutenberg.php:62
actionwc_ajax_yith_plugin_fw_gutenberg_do_shortcodeplugin-fw\includes\builders\gutenberg\class-yith-gutenberg.php:64
actioninitplugin-fw\includes\class-yit-assets.php:47
actionelementor/editor/before_enqueue_stylesplugin-fw\includes\class-yit-assets.php:48
actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-assets.php:50
actioninitplugin-fw\includes\class-yit-assets.php:52
actionshould_load_block_editor_scripts_and_stylesplugin-fw\includes\class-yit-assets.php:53
actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-icons.php:970
actionwp_enqueue_scriptsplugin-fw\includes\class-yit-icons.php:971
actionadd_meta_boxesplugin-fw\includes\class-yit-metabox.php:80
actionsave_postplugin-fw\includes\class-yit-metabox.php:81
actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-metabox.php:82
filteryit_icons_screen_idsplugin-fw\includes\class-yit-metabox.php:84
filteradmin_body_classplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:93
actionadmin_initplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:94
actionadmin_menuplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:95
actionadmin_menuplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:96
actionadmin_bar_menuplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:97
actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:98
actionadmin_initplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:99
filterwoocommerce_screen_idsplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:100
filterwoocommerce_admin_settings_sanitize_optionplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:102
actionyith_plugin_fw_get_field_afterplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:104
actionadmin_action_yith_plugin_fw_save_toggle_elementplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:105
filterwoocommerce_admin_settings_sanitize_optionplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:106
actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:108
actionadmin_initplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:109
filteryith_plugin_fw_premium_landing_uriplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:112
actionwoocommerce_admin_field_boxinfoplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:126
actionwoocommerce_admin_field_yith-fieldplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:127
filterwoocommerce_admin_settings_sanitize_optionplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:129
actionadmin_menuplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:132
filteradd_menu_classesplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:134
filteradmin_body_classplugin-fw\includes\class-yit-plugin-panel.php:121
actionadmin_initplugin-fw\includes\class-yit-plugin-panel.php:122
actionadmin_menuplugin-fw\includes\class-yit-plugin-panel.php:123
actionadmin_menuplugin-fw\includes\class-yit-plugin-panel.php:124
actionadmin_bar_menuplugin-fw\includes\class-yit-plugin-panel.php:125
actionadmin_initplugin-fw\includes\class-yit-plugin-panel.php:126
actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-plugin-panel.php:128
actionadmin_initplugin-fw\includes\class-yit-plugin-panel.php:129
filteryith_plugin_fw_premium_landing_uriplugin-fw\includes\class-yit-plugin-panel.php:132
actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-plugin-panel.php:137
actionall_admin_noticesplugin-fw\includes\class-yit-plugin-panel.php:242
actionadmin_footerplugin-fw\includes\class-yit-plugin-panel.php:243
filterparent_fileplugin-fw\includes\class-yit-plugin-panel.php:245
filtersubmenu_fileplugin-fw\includes\class-yit-plugin-panel.php:246
actionadmin_menuplugin-fw\includes\class-yit-plugin-panel.php:259
filteradd_menu_classesplugin-fw\includes\class-yit-plugin-panel.php:260
filterremovable_query_argsplugin-fw\includes\class-yit-plugin-panel.php:261
actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-plugin-panel.php:1081
actionadmin_initplugin-fw\includes\class-yit-plugin-panel.php:1082
actionadmin_footerplugin-fw\includes\class-yit-plugin-panel.php:1213
actionadmin_initplugin-fw\includes\class-yit-plugin-subpanel.php:44
actionadmin_menuplugin-fw\includes\class-yit-plugin-subpanel.php:45
actionadmin_bar_menuplugin-fw\includes\class-yit-plugin-subpanel.php:46
actionadmin_initplugin-fw\includes\class-yit-plugin-subpanel.php:47
actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-plugin-subpanel.php:48
actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-pointers.php:118
actionadmin_initplugin-fw\includes\class-yit-pointers.php:119
actionyith_bh_onboardingplugin-fw\includes\class-yith-bh-onboarding.php:36
actionwp_dashboard_setupplugin-fw\includes\class-yith-dashboard.php:146
actionadmin_enqueue_scriptsplugin-fw\includes\class-yith-dashboard.php:147
actionadmin_initplugin-fw\includes\class-yith-post-type-admin.php:65
actioncurrent_screenplugin-fw\includes\class-yith-post-type-admin.php:67
actionedit_form_topplugin-fw\includes\class-yith-post-type-admin.php:70
actionmanage_posts_extra_tablenavplugin-fw\includes\class-yith-post-type-admin.php:119
actionmanage_posts_extra_tablenavplugin-fw\includes\class-yith-post-type-admin.php:120
actionrestrict_manage_postsplugin-fw\includes\class-yith-post-type-admin.php:122
filterrequestplugin-fw\includes\class-yith-post-type-admin.php:123
filterlist_table_primary_columnplugin-fw\includes\class-yith-post-type-admin.php:125
filterpost_row_actionsplugin-fw\includes\class-yith-post-type-admin.php:126
filterpage_row_actionsplugin-fw\includes\class-yith-post-type-admin.php:127
filterdefault_hidden_columnsplugin-fw\includes\class-yith-post-type-admin.php:129
actiondisable_months_dropdownplugin-fw\includes\class-yith-post-type-admin.php:137
filteradmin_body_classplugin-fw\includes\class-yith-system-status.php:95
actionadmin_menuplugin-fw\includes\class-yith-system-status.php:96
actionadmin_initplugin-fw\includes\class-yith-system-status.php:97
actionadmin_noticesplugin-fw\includes\class-yith-system-status.php:98
actionadmin_enqueue_scriptsplugin-fw\includes\class-yith-system-status.php:99
actioninitplugin-fw\includes\class-yith-system-status.php:100
filteryith_plugin_fw_privacy_guide_contentplugin-fw\includes\privacy\class-yith-privacy-plugin-abstract.php:39
actionadmin_initplugin-fw\includes\privacy\class-yith-privacy.php:50
actionplugins_loadedplugin-fw\init.php:94
filterextra_theme_headersplugin-fw\yit-functions.php:602
filteryit_title_special_charactersplugin-fw\yit-functions.php:726
filterplugin_row_metaplugin-fw\yit-plugin.php:56
actionadmin_noticesplugin-fw\yit-plugin.php:298
actionplugins_loadedplugin-fw\yit-plugin.php:300
actionshutdownplugin-fw\yit-woocommerce-compatibility.php:765
Maintenance & Trust

YITH Color and Label Variations for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 26, 2026
PHP min version7.4
Downloads378K

Community Trust

Rating72/100
Number of ratings22
Active installs10K
Alternatives

YITH Color and Label Variations for WooCommerce Alternatives

Show only lowest prices in variable products for WooCommerce

Show only lowest prices in variable products for WooCommerce

show-only-lowest-prices-in-woocommerce-variable-products

A
100

Clean up your variable product prices by showing only the lowest price instead of confusing price ranges. Now with customizable settings!

7K No CVEs
YITH Essential Kit for WooCommerce #1

YITH Essential Kit for WooCommerce #1

yith-essential-kit-for-woocommerce-1

A
98

The YITH Essential Kit for WooCommerce #1 plugin enhance your WordPress site with this group of impressive features for WooCommerce.

5K 2 CVEs
Show Variations as Single Products for WooCommerce

Show Variations as Single Products for WooCommerce

woo-show-single-variations-shop-category

A
99

Display WooCommerce product variations as individual products on shop, category, and tag pages — helping customers find and buy exactly what they want &hellip;

500 1 CVE
Variation Auto Expire For WooCommerce

Variation Auto Expire For WooCommerce

variation-auto-expire-for-woocommerce

A
100

Change variation stock status to out of stock or delete on specific date-time (variation availability till specific date-time only).

300 No CVEs
Setary — Bulk Edit WooCommerce Products

Setary — Bulk Edit WooCommerce Products

setary

A
100

A helper plugin to bridge the gap between WordPress and Setary.

200 No CVEs
Developer Profile

YITH Color and Label Variations for WooCommerce Developer Profile

YITHEMES

33 plugins · 1.1M total installs

77
trust score
Avg Security Score
97/100
Avg Patch Time
411 days
View full developer profile
Detection Fingerprints

How We Detect YITH Color and Label Variations for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/yith-color-and-label-variations-for-woocommerce/assets/css/admin.css/wp-content/plugins/yith-color-and-label-variations-for-woocommerce/assets/js/admin.js
Script Paths
/wp-content/plugins/yith-color-and-label-variations-for-woocommerce/plugin-fw/init.php
Version Parameters
yith-color-and-label-variations-for-woocommerce/assets/css/admin.css?ver=yith-color-and-label-variations-for-woocommerce/assets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
yith-wccl-adminyith-wccl-colorpicker
Data Attributes
data-attribute-iddata-attribute-namedata-term-iddata-term-name
JS Globals
yith_wccl_admin_params
FAQ

Frequently Asked Questions about YITH Color and Label Variations for WooCommerce