Does YITH Essential Kit for WooCommerce #1 have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is YITH Essential Kit for WooCommerce #1 compatible with WordPress 6.9.4?

According to WordPress.org data, YITH Essential Kit for WooCommerce #1 2.49.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is YITH Essential Kit for WooCommerce #1 compatible with PHP 7.4+?

YITH Essential Kit for WooCommerce #1 requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is YITH Essential Kit for WooCommerce #1 updated?

YITH Essential Kit for WooCommerce #1 was last updated on Feb 26, 2026. Frequent updates are generally a positive security signal.

What is YITH Essential Kit for WooCommerce #1's security score?

YITH Essential Kit for WooCommerce #1 has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

YITH Essential Kit for WooCommerce #1 Security & Risk Analysis

wordpress.org/plugins/yith-essential-kit-for-woocommerce-1

The YITH Essential Kit for WooCommerce #1 plugin enhance your WordPress site with this group of impressive features for WooCommerce.

5K active installs v2.49.0 PHP 7.4+ WP 6.7+ Updated Feb 26, 2026

woocommerceyith-woocommerce-ajax-product-filteryith-woocommerce-colors-and-labels-variationsyith-woocommerce-wishlistyith-woocommerce-zoom-magnifier

A · Safe

CVEs total2

Unpatched0

Last CVEJul 18, 2024

Plugin page Download

Safety Verdict

Is YITH Essential Kit for WooCommerce #1 Safe to Use in 2026?

Generally Safe

Score 98/100

YITH Essential Kit for WooCommerce #1 has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

2 known CVEsLast CVE: Jul 18, 2024Updated 2mo ago

Risk Assessment

The plugin "yith-essential-kit-for-woocommerce-1" v2.49.0 exhibits a mixed security posture. On the positive side, the code analysis reveals excellent practices regarding SQL queries, with 100% using prepared statements, and a strong emphasis on output escaping, with 94% properly escaped. The presence of 15 nonces and 20 capability checks further indicates an effort to implement security controls. Taint analysis found no critical or high severity issues, suggesting a low risk of direct code injection or command execution vulnerabilities.

However, a significant concern arises from the presence of 8 AJAX handlers, with one handler lacking any authentication checks. This unprotected entry point could potentially be exploited to perform unauthorized actions within the WordPress installation. While the plugin has a history of past vulnerabilities, notably one high and one medium severity issue related to missing authorization, there are currently no unpatched CVEs, which is a positive sign. The fact that the most recent vulnerability was in 2024 suggests ongoing, albeit sometimes addressed, security challenges.

In conclusion, while the plugin demonstrates good core coding practices, the unprotected AJAX handler represents a critical oversight that needs immediate attention. The historical vulnerability pattern, particularly around missing authorization, reinforces the importance of scrutinizing all entry points. Addressing the unprotected AJAX handler would significantly improve the plugin's security posture.

Key Concerns

Unprotected AJAX handler
Past High severity vulnerability
Past Medium severity vulnerability

Vulnerabilities

2 published

YITH Essential Kit for WooCommerce #1 Security Vulnerabilities

CVEs by Year

1 CVE in 2022

2022

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

High

Medium

2 total CVEs

CVE-2024-6799medium · 4.3Missing Authorization

YITH Essential Kit for WooCommerce #1 <= 2.34.0 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Install, Activation, and Deactivation

Jul 18, 2024 Patched in 2.35.0 (1d)

WF-b948574a-0aab-4596-83e6-04be21f78bc1-yith-essential-kit-for-woocommerce-1high · 7.1Missing Authorization

YITH plugins by YITHEMES <= (Various Versions) - Missing Authorization

Nov 11, 2022 Patched in 2.14.0 (438d)

Version History

YITH Essential Kit for WooCommerce #1 Release Timeline

v2.50.0

v2.49.0Current

v2.48.0

v2.47.0

v2.46.0

v2.45.0

v2.44.0

v2.43.0

v2.42.0

v2.41.0

v2.40.0

v2.39.0

v2.37.0

v2.36.0

v2.35.0

v2.34.01 CVE

v2.24.01 CVE

v2.23.01 CVE

v2.22.01 CVE

v2.20.01 CVE

Code Analysis

Analyzed Mar 16, 2026

YITH Essential Kit for WooCommerce #1 Code Analysis

Dangerous Functions

Raw SQL Queries

5 prepared

Unescaped Output

1486 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

SQL Query Safety

100% prepared5 total queries

Output Escaping

94% escaped1578 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

13 flows

do_shortcode (plugin-fw\includes\builders\gutenberg\class-yith-gutenberg.php:279)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

YITH Essential Kit for WooCommerce #1 Attack Surface

Entry Points8

Unprotected1

AJAX Handlers 8

authwp_ajax_activate_yith_essential_kit_moduleclass-yith-jetpack.php:126

authwp_ajax_deactivate_yith_essential_kit_moduleclass-yith-jetpack.php:133

authwp_ajax_install_yith_essential_kit_moduleclass-yith-jetpack.php:140

authwp_ajax_yith_plugin_fw_gutenberg_do_shortcodeplugin-fw\includes\builders\gutenberg\class-yith-gutenberg.php:63

authwp_ajax_yith_plugin_fw_save_toggle_element_metaboxplugin-fw\includes\class-yit-metabox.php:86

authwp_ajax_yith_plugin_fw_save_toggle_elementplugin-fw\includes\class-yit-plugin-panel.php:138

authwp_ajax_yith_bh_onboardingplugin-fw\includes\class-yith-bh-onboarding.php:37

authwp_ajax_yith_create_log_fileplugin-fw\includes\class-yith-system-status.php:101

WordPress Hooks 102

actioninitclass-yith-jetpack.php:148

actionadmin_menuclass-yith-jetpack.php:158

actionadmin_enqueue_scriptsclass-yith-jetpack.php:160

actionbefore_woocommerce_initclass-yith-jetpack.php:171

actionadmin_menumigration.php:8

actionadmin_menumigration.php:24

actionadmin_headmigration.php:84

actionelementor/elements/categories_registeredplugin-fw\includes\builders\elementor\class-yith-elementor.php:50

actionelementor/editor/after_enqueue_stylesplugin-fw\includes\builders\elementor\class-yith-elementor.php:52

actionelementor/frontend/after_enqueue_stylesplugin-fw\includes\builders\elementor\class-yith-elementor.php:53

actioninitplugin-fw\includes\builders\gutenberg\class-yith-gutenberg.php:60

actioninitplugin-fw\includes\builders\gutenberg\class-yith-gutenberg.php:61

actioninitplugin-fw\includes\builders\gutenberg\class-yith-gutenberg.php:62

actionwc_ajax_yith_plugin_fw_gutenberg_do_shortcodeplugin-fw\includes\builders\gutenberg\class-yith-gutenberg.php:64

actioninitplugin-fw\includes\class-yit-assets.php:47

actionelementor/editor/before_enqueue_stylesplugin-fw\includes\class-yit-assets.php:48

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-assets.php:50

actioninitplugin-fw\includes\class-yit-assets.php:52

actionshould_load_block_editor_scripts_and_stylesplugin-fw\includes\class-yit-assets.php:53

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-icons.php:970

actionwp_enqueue_scriptsplugin-fw\includes\class-yit-icons.php:971

actionadd_meta_boxesplugin-fw\includes\class-yit-metabox.php:80

actionsave_postplugin-fw\includes\class-yit-metabox.php:81

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-metabox.php:82

filteryit_icons_screen_idsplugin-fw\includes\class-yit-metabox.php:84

filteradmin_body_classplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:93

actionadmin_initplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:94

actionadmin_menuplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:95

actionadmin_menuplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:96

actionadmin_bar_menuplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:97

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:98

actionadmin_initplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:99

filterwoocommerce_screen_idsplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:100

filterwoocommerce_admin_settings_sanitize_optionplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:102

actionyith_plugin_fw_get_field_afterplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:104

actionadmin_action_yith_plugin_fw_save_toggle_elementplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:105

filterwoocommerce_admin_settings_sanitize_optionplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:106

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:108

actionadmin_initplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:109

filteryith_plugin_fw_premium_landing_uriplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:112

actionwoocommerce_admin_field_boxinfoplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:126

actionwoocommerce_admin_field_yith-fieldplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:127

filterwoocommerce_admin_settings_sanitize_optionplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:129

actionadmin_menuplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:132

filteradd_menu_classesplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:134

filteradmin_body_classplugin-fw\includes\class-yit-plugin-panel.php:121

actionadmin_initplugin-fw\includes\class-yit-plugin-panel.php:122

actionadmin_menuplugin-fw\includes\class-yit-plugin-panel.php:123

actionadmin_menuplugin-fw\includes\class-yit-plugin-panel.php:124

actionadmin_bar_menuplugin-fw\includes\class-yit-plugin-panel.php:125

actionadmin_initplugin-fw\includes\class-yit-plugin-panel.php:126

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-plugin-panel.php:128

actionadmin_initplugin-fw\includes\class-yit-plugin-panel.php:129

filteryith_plugin_fw_premium_landing_uriplugin-fw\includes\class-yit-plugin-panel.php:132

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-plugin-panel.php:137

actionall_admin_noticesplugin-fw\includes\class-yit-plugin-panel.php:242

actionadmin_footerplugin-fw\includes\class-yit-plugin-panel.php:243

filterparent_fileplugin-fw\includes\class-yit-plugin-panel.php:245

filtersubmenu_fileplugin-fw\includes\class-yit-plugin-panel.php:246

actionadmin_menuplugin-fw\includes\class-yit-plugin-panel.php:259

filteradd_menu_classesplugin-fw\includes\class-yit-plugin-panel.php:260

filterremovable_query_argsplugin-fw\includes\class-yit-plugin-panel.php:261

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-plugin-panel.php:1081

actionadmin_initplugin-fw\includes\class-yit-plugin-panel.php:1082

actionadmin_footerplugin-fw\includes\class-yit-plugin-panel.php:1213

actionadmin_initplugin-fw\includes\class-yit-plugin-subpanel.php:44

actionadmin_menuplugin-fw\includes\class-yit-plugin-subpanel.php:45

actionadmin_bar_menuplugin-fw\includes\class-yit-plugin-subpanel.php:46

actionadmin_initplugin-fw\includes\class-yit-plugin-subpanel.php:47

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-plugin-subpanel.php:48

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-pointers.php:118

actionadmin_initplugin-fw\includes\class-yit-pointers.php:119

actionyith_bh_onboardingplugin-fw\includes\class-yith-bh-onboarding.php:36

actionwp_dashboard_setupplugin-fw\includes\class-yith-dashboard.php:146

actionadmin_enqueue_scriptsplugin-fw\includes\class-yith-dashboard.php:147

actionadmin_initplugin-fw\includes\class-yith-post-type-admin.php:65

actioncurrent_screenplugin-fw\includes\class-yith-post-type-admin.php:67

actionedit_form_topplugin-fw\includes\class-yith-post-type-admin.php:70

actionmanage_posts_extra_tablenavplugin-fw\includes\class-yith-post-type-admin.php:119

actionmanage_posts_extra_tablenavplugin-fw\includes\class-yith-post-type-admin.php:120

actionrestrict_manage_postsplugin-fw\includes\class-yith-post-type-admin.php:122

filterrequestplugin-fw\includes\class-yith-post-type-admin.php:123

filterlist_table_primary_columnplugin-fw\includes\class-yith-post-type-admin.php:125

filterpost_row_actionsplugin-fw\includes\class-yith-post-type-admin.php:126

filterpage_row_actionsplugin-fw\includes\class-yith-post-type-admin.php:127

filterdefault_hidden_columnsplugin-fw\includes\class-yith-post-type-admin.php:129

actiondisable_months_dropdownplugin-fw\includes\class-yith-post-type-admin.php:137

filteradmin_body_classplugin-fw\includes\class-yith-system-status.php:95

actionadmin_menuplugin-fw\includes\class-yith-system-status.php:96

actionadmin_initplugin-fw\includes\class-yith-system-status.php:97

actionadmin_noticesplugin-fw\includes\class-yith-system-status.php:98

actionadmin_enqueue_scriptsplugin-fw\includes\class-yith-system-status.php:99

actioninitplugin-fw\includes\class-yith-system-status.php:100

filteryith_plugin_fw_privacy_guide_contentplugin-fw\includes\privacy\class-yith-privacy-plugin-abstract.php:39

actionadmin_initplugin-fw\includes\privacy\class-yith-privacy.php:50

actionplugins_loadedplugin-fw\init.php:94

filterextra_theme_headersplugin-fw\yit-functions.php:602

filteryit_title_special_charactersplugin-fw\yit-functions.php:726

filterplugin_row_metaplugin-fw\yit-plugin.php:56

actionadmin_noticesplugin-fw\yit-plugin.php:298

actionplugins_loadedplugin-fw\yit-plugin.php:300

actionshutdownplugin-fw\yit-woocommerce-compatibility.php:765

Maintenance & Trust

YITH Essential Kit for WooCommerce #1 Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 26, 2026

PHP min version7.4

Downloads687K

Community Trust

Rating68/100

Number of ratings14

Active installs5K

Alternatives

YITH Essential Kit for WooCommerce #1 Alternatives

YITH WooCommerce Wishlist

yith-woocommerce-wishlist

YITH WooCommerce Wishlist add all Wishlist features to your website. Needs WooCommerce to work. WooCommerce 10.7.x compatible.

500K 8 CVEs

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.

2.0M 59 CVEs

Limit Login Attempts Reloaded – Login Security, 2FA, Brute Force Protection & Firewall

limit-login-attempts-reloaded

Stop password guessing attacks, secure WooCommerce, block bad IPs, block by countries (Pro), and add email 2FA. Lightweight with better performance.

2.0M 4 CVEs

Google for WooCommerce

google-listings-and-ads

Native integration with Google that allows merchants to easily display their products across Google’s network.

900K 1 CVE

WooPayments: Integrated WooCommerce Payments

woocommerce-payments

Securely accept credit and debit cards on your WooCommerce store. Manage payments without leaving your WordPress dashboard. Only with WooPayments.

900K 7 CVEs

Developer Profile

YITH Essential Kit for WooCommerce #1 Developer Profile

YITHEMES

33 plugins · 1.1M total installs

trust score

Avg Security Score

96/100

Avg Patch Time

396 days

View full developer profile

Detection Fingerprints

How We Detect YITH Essential Kit for WooCommerce #1

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/yith-essential-kit-for-woocommerce-1/assets/css/style.css/wp-content/plugins/yith-essential-kit-for-woocommerce-1/assets/js/yith-essential-kit-for-woocommerce-1-script.js/wp-content/plugins/yith-essential-kit-for-woocommerce-1/plugin-fw/assets/css/plugin-fw.css/wp-content/plugins/yith-essential-kit-for-woocommerce-1/plugin-fw/assets/js/plugin-fw.js

Script Paths

wp-content/plugins/yith-essential-kit-for-woocommerce-1/assets/js/yith-essential-kit-for-woocommerce-1-script.jswp-content/plugins/yith-essential-kit-for-woocommerce-1/plugin-fw/assets/js/plugin-fw.js

Version Parameters

yith-essential-kit-for-woocommerce-1/assets/css/style.css?ver=yith-essential-kit-for-woocommerce-1/assets/js/yith-essential-kit-for-woocommerce-1-script.js?ver=yith-essential-kit-for-woocommerce-1/plugin-fw/assets/css/plugin-fw.css?ver=yith-essential-kit-for-woocommerce-1/plugin-fw/assets/js/plugin-fw.js?ver=

HTML / DOM Fingerprints

CSS Classes

yith-essential-kit-for-woocommerce-1-admin-pageyith-essential-kit-welcome-screen

Data Attributes

data-plugin-name="yith-essential-kit-for-woocommerce-1"

JS Globals

YITH_Essential_Kit

FAQ

YITH Essential Kit for WooCommerce #1 Security & Risk Analysis

Is YITH Essential Kit for WooCommerce #1 Safe to Use in 2026?

Generally Safe

Key Concerns

YITH Essential Kit for WooCommerce #1 Security Vulnerabilities

CVEs by Year

Severity Breakdown

YITH Essential Kit for WooCommerce #1 Release Timeline

YITH Essential Kit for WooCommerce #1 Code Analysis

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

YITH Essential Kit for WooCommerce #1 Attack Surface

AJAX Handlers 8

YITH Essential Kit for WooCommerce #1 Maintenance & Trust

Maintenance Signals

Community Trust

YITH Essential Kit for WooCommerce #1 Alternatives

YITH WooCommerce Wishlist

Essential Addons for Elementor – Popular Elementor Templates & Widgets

Limit Login Attempts Reloaded – Login Security, 2FA, Brute Force Protection & Firewall

Google for WooCommerce

WooPayments: Integrated WooCommerce Payments

YITH Essential Kit for WooCommerce #1 Developer Profile

How We Detect YITH Essential Kit for WooCommerce #1

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about YITH Essential Kit for WooCommerce #1