Does YITH WooCommerce Badge Management have any unpatched vulnerabilities?

No. All known vulnerabilities in YITH WooCommerce Badge Management have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is YITH WooCommerce Badge Management compatible with WordPress 6.9.4?

According to WordPress.org data, YITH WooCommerce Badge Management 3.23.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is YITH WooCommerce Badge Management compatible with PHP 7.4+?

YITH WooCommerce Badge Management requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is YITH WooCommerce Badge Management updated?

YITH WooCommerce Badge Management was last updated on Mar 4, 2026. Frequent updates are generally a positive security signal.

What is YITH WooCommerce Badge Management's security score?

YITH WooCommerce Badge Management has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

YITH WooCommerce Badge Management Security & Risk Analysis

wordpress.org/plugins/yith-woocommerce-badges-management

YITH WooCommerce Badge Management allows you to create and manage custom badges for products.

10K active installs v3.23.0 PHP 7.4+ WP 6.7+ Updated Mar 4, 2026

badgebadgesproductswoocommerceyith

A · Safe

CVEs total1

Unpatched0

Last CVENov 11, 2022

Plugin page Download

Safety Verdict

Is YITH WooCommerce Badge Management Safe to Use in 2026?

Generally Safe

Score 99/100

YITH WooCommerce Badge Management has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Nov 11, 2022Updated 1mo ago

Risk Assessment

This plugin exhibits a mixed security posture. On the positive side, it demonstrates strong practices in SQL query handling, with 100% prepared statements, and a high percentage (94%) of properly escaped output. The absence of critical or high severity taint flows, unsanitized paths, and file operations are also encouraging signs. The plugin's vulnerability history shows one known high-severity vulnerability, which is currently patched, indicating a reasonable response to past issues.

However, there are notable areas of concern. The presence of one AJAX handler without authentication checks represents a significant potential entry point for attackers. While the static analysis shows no critical taint flows, the `unserialize` function is a dangerous function that can lead to remote code execution if used with untrusted input. The overall attack surface is relatively small, but the unprotected AJAX endpoint is a direct weakness. The history of a high-severity vulnerability, even if patched, suggests that the plugin may be a target for attackers, and diligent auditing and patching are crucial.

In conclusion, while the plugin has implemented several good security practices, the unprotected AJAX handler and the potential risks associated with `unserialize` warrant attention. The past high-severity vulnerability highlights the need for ongoing vigilance and regular security updates. Addressing the unprotected AJAX endpoint should be a priority.

Key Concerns

AJAX handler without authentication
Use of dangerous function (unserialize)
Past high severity CVE

Vulnerabilities

YITH WooCommerce Badge Management Security Vulnerabilities

CVEs by Year

1 CVE in 2022

2022

Patched Has unpatched

Severity Breakdown

High

1 total CVE

WF-b948574a-0aab-4596-83e6-04be21f78bc1-yith-woocommerce-badges-managementhigh · 7.1Missing Authorization

YITH plugins by YITHEMES <= (Various Versions) - Missing Authorization

Nov 11, 2022 Patched in 2.11.0 (438d)

Code Analysis

Analyzed Mar 16, 2026

YITH WooCommerce Badge Management Code Analysis

Dangerous Functions

Raw SQL Queries

5 prepared

Unescaped Output

101

1584 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$badge_meta = is_array( $badge_meta ) ? $badge_meta : unserialize( get_post_meta( $badge_id, '_includes\functions.yith-wcbm.php:770

Bundled Libraries

Select2

SQL Query Safety

100% prepared5 total queries

Output Escaping

94% escaped1685 total outputs

Data Flows

All sanitized

Data Flow Analysis

13 flows

do_shortcode (plugin-fw\includes\builders\gutenberg\class-yith-gutenberg.php:279)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

YITH WooCommerce Badge Management Attack Surface

Entry Points6

Unprotected1

AJAX Handlers 6

authwp_ajax_yith_wcbm_toggle_enable_badgeincludes\class-yith-wcbm-admin.php:120

authwp_ajax_yith_plugin_fw_gutenberg_do_shortcodeplugin-fw\includes\builders\gutenberg\class-yith-gutenberg.php:63

authwp_ajax_yith_plugin_fw_save_toggle_element_metaboxplugin-fw\includes\class-yit-metabox.php:86

authwp_ajax_yith_plugin_fw_save_toggle_elementplugin-fw\includes\class-yit-plugin-panel.php:138

authwp_ajax_yith_bh_onboardingplugin-fw\includes\class-yith-bh-onboarding.php:37

authwp_ajax_yith_create_log_fileplugin-fw\includes\class-yith-system-status.php:101

WordPress Hooks 147

filteryith_show_plugin_row_metaincludes\class-yith-wcbm-admin.php:112

actionadmin_enqueue_scriptsincludes\class-yith-wcbm-admin.php:114

actionadmin_initincludes\class-yith-wcbm-admin.php:116

actionadmin_menuincludes\class-yith-wcbm-admin.php:117

actionadmin_noticesincludes\class-yith-wcbm-admin.php:118

actionadmin_initincludes\class-yith-wcbm-admin.php:123

actionedit_form_topincludes\class-yith-wcbm-admin.php:125

actionyith_wcbm_print_badge_previewincludes\class-yith-wcbm-admin.php:131

actionyith_wcbm_print_badge_library_fieldincludes\class-yith-wcbm-admin.php:132

actionsave_postincludes\class-yith-wcbm-admin.php:134

filterwp_insert_post_dataincludes\class-yith-wcbm-badges.php:45

filterpost_updated_messagesincludes\class-yith-wcbm-badges.php:47

filterbulk_post_updated_messagesincludes\class-yith-wcbm-badges.php:48

filterwoocommerce_data_storesincludes\class-yith-wcbm-badges.php:51

actionadmin_action_yith_wcbm_clone_badgeincludes\class-yith-wcbm-badges.php:54

filteryith_plugin_fw_metabox_yith-wcbm-metabox_field_pre_get_valueincludes\class-yith-wcbm-badges.php:56

actionwp_insert_postincludes\class-yith-wcbm-badges.php:59

actiondelete_postincludes\class-yith-wcbm-badges.php:60

filteryith_wcbm_product_thumbnail_containerincludes\class-yith-wcbm-frontend.php:80

filterwoocommerce_sale_flashincludes\class-yith-wcbm-frontend.php:85

filterwoocommerce_blocks_product_grid_item_htmlincludes\class-yith-wcbm-frontend.php:86

filterrender_block_dataincludes\class-yith-wcbm-frontend.php:87

actiondynamic_sidebar_beforeincludes\class-yith-wcbm-frontend.php:90

actiondynamic_sidebar_afterincludes\class-yith-wcbm-frontend.php:91

actionwoocommerce_before_mini_cartincludes\class-yith-wcbm-frontend.php:94

actionwoocommerce_after_mini_cartincludes\class-yith-wcbm-frontend.php:95

actionwp_enqueue_scriptsincludes\class-yith-wcbm-frontend.php:97

actionyith_wcbm_theme_badge_container_startincludes\class-yith-wcbm-frontend.php:102

actionyith_wcbm_theme_badge_container_endincludes\class-yith-wcbm-frontend.php:103

filterwoocommerce_post_classincludes\class-yith-wcbm-frontend.php:106

actioninitincludes\class-yith-wcbm-install.php:79

actionyith_wcbm_run_update_callbackincludes\class-yith-wcbm-install.php:80

actioninitincludes\class-yith-wcbm-post-types.php:36

actioncurrent_screenincludes\class-yith-wcbm.php:53

actionplugins_loadedincludes\class-yith-wcbm.php:54

actionbefore_woocommerce_initincludes\class-yith-wcbm.php:57

filterbody_classincludes\compatibility\class-yith-wcbm-themes-compatibility.php:85

filteryith_wcbm_theme_badge_container_start_checkincludes\compatibility\themes\class-yith-wcbm-basel-theme-compatibility.php:50

filteryith_wcbm_theme_badge_container_end_checkincludes\compatibility\themes\class-yith-wcbm-basel-theme-compatibility.php:51

actioninitincludes\compatibility\themes\class-yith-wcbm-basel-theme-compatibility.php:53

actionwoocommerce_before_shop_loop_itemincludes\compatibility\themes\class-yith-wcbm-basel-theme-compatibility.php:73

actionwoocommerce_shop_loop_item_titleincludes\compatibility\themes\class-yith-wcbm-basel-theme-compatibility.php:74

actionwp_enqueue_scriptsincludes\compatibility\themes\class-yith-wcbm-electro-theme-compatibility.php:37

filterelectro_single_product_thumbnails_single_htmlincludes\compatibility\themes\class-yith-wcbm-electro-theme-compatibility.php:41

filteryith_wcbm_is_allowed_badge_showingincludes\compatibility\themes\class-yith-wcbm-twenty-twenty-theme-compatibility.php:38

filteryith_wcbm_is_allowed_badge_showingincludes\compatibility\themes\class-yith-wcbm-yith-booking-theme-compatibility.php:43

actionyith_booking_content_headerincludes\compatibility\themes\class-yith-wcbm-yith-booking-theme-compatibility.php:45

actionyith_booking_content_headerincludes\compatibility\themes\class-yith-wcbm-yith-booking-theme-compatibility.php:46

actionyith_wcbm_initinit.php:117

actionadmin_noticesinit.php:126

actionadmin_noticesinit.php:128

actionplugins_loadedinit.php:136

actionelementor/elements/categories_registeredplugin-fw\includes\builders\elementor\class-yith-elementor.php:50

actionelementor/editor/after_enqueue_stylesplugin-fw\includes\builders\elementor\class-yith-elementor.php:52

actionelementor/frontend/after_enqueue_stylesplugin-fw\includes\builders\elementor\class-yith-elementor.php:53

actioninitplugin-fw\includes\builders\gutenberg\class-yith-gutenberg.php:60

actioninitplugin-fw\includes\builders\gutenberg\class-yith-gutenberg.php:61

actioninitplugin-fw\includes\builders\gutenberg\class-yith-gutenberg.php:62

actionwc_ajax_yith_plugin_fw_gutenberg_do_shortcodeplugin-fw\includes\builders\gutenberg\class-yith-gutenberg.php:64

actioninitplugin-fw\includes\class-yit-assets.php:47

actionelementor/editor/before_enqueue_stylesplugin-fw\includes\class-yit-assets.php:48

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-assets.php:50

actioninitplugin-fw\includes\class-yit-assets.php:52

actionshould_load_block_editor_scripts_and_stylesplugin-fw\includes\class-yit-assets.php:53

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-icons.php:970

actionwp_enqueue_scriptsplugin-fw\includes\class-yit-icons.php:971

actionadd_meta_boxesplugin-fw\includes\class-yit-metabox.php:80

actionsave_postplugin-fw\includes\class-yit-metabox.php:81

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-metabox.php:82

filteryit_icons_screen_idsplugin-fw\includes\class-yit-metabox.php:84

filteradmin_body_classplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:93

actionadmin_initplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:94

actionadmin_menuplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:95

actionadmin_menuplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:96

actionadmin_bar_menuplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:97

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:98

actionadmin_initplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:99

filterwoocommerce_screen_idsplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:100

filterwoocommerce_admin_settings_sanitize_optionplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:102

actionyith_plugin_fw_get_field_afterplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:104

actionadmin_action_yith_plugin_fw_save_toggle_elementplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:105

filterwoocommerce_admin_settings_sanitize_optionplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:106

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:108

actionadmin_initplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:109

filteryith_plugin_fw_premium_landing_uriplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:112

actionwoocommerce_admin_field_boxinfoplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:126

actionwoocommerce_admin_field_yith-fieldplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:127

filterwoocommerce_admin_settings_sanitize_optionplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:129

actionadmin_menuplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:132

filteradd_menu_classesplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:134

filteradmin_body_classplugin-fw\includes\class-yit-plugin-panel.php:121

actionadmin_initplugin-fw\includes\class-yit-plugin-panel.php:122

actionadmin_menuplugin-fw\includes\class-yit-plugin-panel.php:123

actionadmin_menuplugin-fw\includes\class-yit-plugin-panel.php:124

actionadmin_bar_menuplugin-fw\includes\class-yit-plugin-panel.php:125

actionadmin_initplugin-fw\includes\class-yit-plugin-panel.php:126

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-plugin-panel.php:128

actionadmin_initplugin-fw\includes\class-yit-plugin-panel.php:129

filteryith_plugin_fw_premium_landing_uriplugin-fw\includes\class-yit-plugin-panel.php:132

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-plugin-panel.php:137

actionall_admin_noticesplugin-fw\includes\class-yit-plugin-panel.php:242

actionadmin_footerplugin-fw\includes\class-yit-plugin-panel.php:243

filterparent_fileplugin-fw\includes\class-yit-plugin-panel.php:245

filtersubmenu_fileplugin-fw\includes\class-yit-plugin-panel.php:246

actionadmin_menuplugin-fw\includes\class-yit-plugin-panel.php:259

filteradd_menu_classesplugin-fw\includes\class-yit-plugin-panel.php:260

filterremovable_query_argsplugin-fw\includes\class-yit-plugin-panel.php:261

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-plugin-panel.php:1081

actionadmin_initplugin-fw\includes\class-yit-plugin-panel.php:1082

actionadmin_footerplugin-fw\includes\class-yit-plugin-panel.php:1213

actionadmin_initplugin-fw\includes\class-yit-plugin-subpanel.php:44

actionadmin_menuplugin-fw\includes\class-yit-plugin-subpanel.php:45

actionadmin_bar_menuplugin-fw\includes\class-yit-plugin-subpanel.php:46

actionadmin_initplugin-fw\includes\class-yit-plugin-subpanel.php:47

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-plugin-subpanel.php:48

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-pointers.php:118

actionadmin_initplugin-fw\includes\class-yit-pointers.php:119

actionyith_bh_onboardingplugin-fw\includes\class-yith-bh-onboarding.php:36

actionwp_dashboard_setupplugin-fw\includes\class-yith-dashboard.php:146

actionadmin_enqueue_scriptsplugin-fw\includes\class-yith-dashboard.php:147

actionadmin_initplugin-fw\includes\class-yith-post-type-admin.php:65

actioncurrent_screenplugin-fw\includes\class-yith-post-type-admin.php:67

actionedit_form_topplugin-fw\includes\class-yith-post-type-admin.php:70

actionmanage_posts_extra_tablenavplugin-fw\includes\class-yith-post-type-admin.php:119

actionmanage_posts_extra_tablenavplugin-fw\includes\class-yith-post-type-admin.php:120

actionrestrict_manage_postsplugin-fw\includes\class-yith-post-type-admin.php:122

filterrequestplugin-fw\includes\class-yith-post-type-admin.php:123

filterlist_table_primary_columnplugin-fw\includes\class-yith-post-type-admin.php:125

filterpost_row_actionsplugin-fw\includes\class-yith-post-type-admin.php:126

filterpage_row_actionsplugin-fw\includes\class-yith-post-type-admin.php:127

filterdefault_hidden_columnsplugin-fw\includes\class-yith-post-type-admin.php:129

actiondisable_months_dropdownplugin-fw\includes\class-yith-post-type-admin.php:137

filteradmin_body_classplugin-fw\includes\class-yith-system-status.php:95

actionadmin_menuplugin-fw\includes\class-yith-system-status.php:96

actionadmin_initplugin-fw\includes\class-yith-system-status.php:97

actionadmin_noticesplugin-fw\includes\class-yith-system-status.php:98

actionadmin_enqueue_scriptsplugin-fw\includes\class-yith-system-status.php:99

actioninitplugin-fw\includes\class-yith-system-status.php:100

filteryith_plugin_fw_privacy_guide_contentplugin-fw\includes\privacy\class-yith-privacy-plugin-abstract.php:39

actionadmin_initplugin-fw\includes\privacy\class-yith-privacy.php:50

actionplugins_loadedplugin-fw\init.php:94

filterextra_theme_headersplugin-fw\yit-functions.php:602

filteryit_title_special_charactersplugin-fw\yit-functions.php:726

filterplugin_row_metaplugin-fw\yit-plugin.php:56

actionadmin_noticesplugin-fw\yit-plugin.php:298

actionplugins_loadedplugin-fw\yit-plugin.php:300

actionshutdownplugin-fw\yit-woocommerce-compatibility.php:765

Maintenance & Trust

YITH WooCommerce Badge Management Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 4, 2026

PHP min version7.4

Downloads994K

Community Trust

Rating58/100

Number of ratings93

Active installs10K

Alternatives

YITH WooCommerce Badge Management Alternatives

Badge Management for WooCommerce

badge-management-for-woocommerce

This plugin allows you to add badges to products on your ecommerce site. Badges on a product help you highlight special offers of the products.

100 No CVEs

Discount Percentage for WooCommerce

discount-percentage-for-woocommerce

Plugin will Replace "Sale" badge on every sales product with percentage of discount.

100 No CVEs

Custom Product Badges

custom-product-badges

100

Add customizable badges to your WooCommerce products.

0 No CVEs

YITH WooCommerce Compare

yith-woocommerce-compare

YITH WooCommerce Compare allows you to compare more products of your shop in one complete table. WooCommerce Compatible up to 10.6

100K 3 CVEs

Advanced Product Labels for WooCommerce

advanced-product-labels-for-woocommerce

100

Promote exclusive discounts, new products or free shipping. Create labels easily and quickly!

20K 1 CVE

Developer Profile

YITH WooCommerce Badge Management Developer Profile

YITHEMES

33 plugins · 1.1M total installs

trust score

Avg Security Score

97/100

Avg Patch Time

411 days

View full developer profile

Detection Fingerprints

How We Detect YITH WooCommerce Badge Management

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/yith-woocommerce-badges-management/assets/css/yith-wcbm-admin.css/wp-content/plugins/yith-woocommerce-badges-management/assets/js/yith-wcbm-admin.js/wp-content/plugins/yith-woocommerce-badges-management/assets/js/yith-wcbm-frontend.js

Script Paths

/wp-content/plugins/yith-woocommerce-badges-management/assets/js/yith-wcbm-admin.js/wp-content/plugins/yith-woocommerce-badges-management/assets/js/yith-wcbm-frontend.js

Version Parameters

yith-woocommerce-badges-management/assets/css/yith-wcbm-admin.css?ver=yith-woocommerce-badges-management/assets/js/yith-wcbm-admin.js?ver=yith-woocommerce-badges-management/assets/js/yith-wcbm-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

yith-wcbm-product-badge-wrapper

HTML Comments

YITH WCBM AdminYITH WooCommerce Badge Management

Data Attributes

data-yith-wcbm-product-iddata-yith-wcbm-badge-id

JS Globals

yith_wcbm_admin_options

Shortcode Output

[yith_wcbm_badge

FAQ

YITH WooCommerce Badge Management Security & Risk Analysis

Is YITH WooCommerce Badge Management Safe to Use in 2026?

Generally Safe

Key Concerns

YITH WooCommerce Badge Management Security Vulnerabilities

CVEs by Year

Severity Breakdown

YITH WooCommerce Badge Management Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

YITH WooCommerce Badge Management Attack Surface

AJAX Handlers 6

YITH WooCommerce Badge Management Maintenance & Trust

Maintenance Signals

Community Trust

YITH WooCommerce Badge Management Alternatives

Badge Management for WooCommerce

Discount Percentage for WooCommerce

Custom Product Badges

YITH WooCommerce Compare

Advanced Product Labels for WooCommerce

YITH WooCommerce Badge Management Developer Profile

How We Detect YITH WooCommerce Badge Management

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about YITH WooCommerce Badge Management