Does YITH WooCommerce Compare have any unpatched vulnerabilities?

No. All known vulnerabilities in YITH WooCommerce Compare have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is YITH WooCommerce Compare compatible with WordPress 6.9.4?

According to WordPress.org data, YITH WooCommerce Compare 3.8.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is YITH WooCommerce Compare compatible with PHP 7.4+?

YITH WooCommerce Compare requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is YITH WooCommerce Compare updated?

YITH WooCommerce Compare was last updated on Mar 3, 2026. Frequent updates are generally a positive security signal.

What is YITH WooCommerce Compare's security score?

YITH WooCommerce Compare has a WP-Safety security score of 96/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

YITH WooCommerce Compare Security & Risk Analysis

wordpress.org/plugins/yith-woocommerce-compare

YITH WooCommerce Compare allows you to compare more products of your shop in one complete table. WooCommerce Compatible up to 10.6

100K active installs v3.8.0 PHP 7.4+ WP 6.7+ Updated Mar 3, 2026

compare-productsproduct-compareproduct-comparisonwoocommerce-compareyith

A · Safe

CVEs total3

Unpatched0

Last CVEApr 22, 2024

Plugin page Download

Safety Verdict

Is YITH WooCommerce Compare Safe to Use in 2026?

Generally Safe

Score 96/100

YITH WooCommerce Compare has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Apr 22, 2024Updated 1mo ago

Risk Assessment

The "yith-woocommerce-compare" v3.8.0 plugin exhibits a generally good security posture, with strong practices like 100% prepared SQL statements and a high percentage of properly escaped output. The absence of critical or high severity taint flows is also a positive indicator. However, the presence of one unprotected AJAX handler represents a significant concern, potentially exposing the plugin to unauthorized actions. The vulnerability history reveals a concerning pattern of past issues, particularly high and medium severity vulnerabilities, including CSRF, missing authorization, and deserialization flaws. While there are no currently unpatched CVEs, this history suggests a recurring tendency for security weaknesses to emerge in the plugin's codebase. The bundled libraries, DataTables and Select2, while common, could potentially introduce risks if not maintained or if they contain known vulnerabilities, though no specific issues are indicated here.

In conclusion, while the current version shows good coding practices in SQL and output handling, the single unprotected AJAX endpoint and the historical trend of significant vulnerabilities are clear areas requiring attention. The plugin has strengths in its prepared SQL and output escaping, but the past vulnerability landscape and the unprotected entry point indicate a need for continued vigilance and potential remediation.

Key Concerns

Unprotected AJAX handler
Past high severity vulnerabilities (2)
Past medium severity vulnerabilities (1)

Vulnerabilities

YITH WooCommerce Compare Security Vulnerabilities

CVEs by Year

1 CVE in 2016

2016

1 CVE in 2022

2022

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

High

Medium

3 total CVEs

CVE-2024-32699medium · 4.3Cross-Site Request Forgery (CSRF)

YITH WooCommerce Compare <= 2.37.0 - Cross-Site Request Forgery

Apr 22, 2024 Patched in 2.38.0 (8d)

WF-b948574a-0aab-4596-83e6-04be21f78bc1-yith-woocommerce-comparehigh · 7.1Missing Authorization

YITH plugins by YITHEMES <= (Various Versions) - Missing Authorization

Nov 11, 2022 Patched in 2.20.1 (438d)

WF-fe02377a-8d09-4d86-a049-3002516cf933-yith-woocommerce-comparehigh · 8.8Deserialization of Untrusted Data

YITH WooCommerce Compare <= 2.0.9 - Unauthenticated PHP Object Injection

Nov 8, 2016 Patched in 2.1.0 (2632d)

Code Analysis

Analyzed Mar 16, 2026

YITH WooCommerce Compare Code Analysis

Dangerous Functions

Raw SQL Queries

9 prepared

Unescaped Output

105

1670 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

DataTablesSelect2

SQL Query Safety

100% prepared9 total queries

Output Escaping

94% escaped1775 total outputs

Data Flows

All sanitized

Data Flow Analysis

13 flows

do_shortcode (plugin-fw\includes\builders\gutenberg\class-yith-gutenberg.php:279)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

YITH WooCommerce Compare Attack Surface

Entry Points5

Unprotected1

AJAX Handlers 5

authwp_ajax_yith_plugin_fw_gutenberg_do_shortcodeplugin-fw\includes\builders\gutenberg\class-yith-gutenberg.php:63

authwp_ajax_yith_plugin_fw_save_toggle_element_metaboxplugin-fw\includes\class-yit-metabox.php:86

authwp_ajax_yith_plugin_fw_save_toggle_elementplugin-fw\includes\class-yit-plugin-panel.php:138

authwp_ajax_yith_bh_onboardingplugin-fw\includes\class-yith-bh-onboarding.php:37

authwp_ajax_yith_create_log_fileplugin-fw\includes\class-yith-system-status.php:101

WordPress Hooks 128

actionyith_woocompare_shortcode_tabincludes\admin\class-yith-woocompare-admin-shortcodes.php:34

filtermanage_yith-plugins_page_yith_woocompare_panel_columnsincludes\admin\class-yith-woocompare-admin-shortcodes.php:35

actionadmin_action_save_comparison_tableincludes\admin\class-yith-woocompare-admin-shortcodes.php:38

actionadmin_action_clone_comparison_tableincludes\admin\class-yith-woocompare-admin-shortcodes.php:39

actionadmin_action_delete_comparison_tableincludes\admin\class-yith-woocompare-admin-shortcodes.php:40

actionadmin_menuincludes\admin\class-yith-woocompare-admin.php:68

filteryith_show_plugin_row_metaincludes\admin\class-yith-woocompare-admin.php:72

actionyith_woocompare_premiumincludes\admin\class-yith-woocompare-admin.php:75

actionadmin_enqueue_scriptsincludes\admin\class-yith-woocompare-admin.php:78

filteryith_plugin_fw_get_field_template_pathincludes\admin\class-yith-woocompare-admin.php:81

filterwoocommerce_admin_settings_sanitize_option_yith_woocompare_fields_attrsincludes\admin\class-yith-woocompare-admin.php:82

filterwoocommerce_admin_settings_sanitize_optionincludes\admin\class-yith-woocompare-admin.php:83

actionwp_loadedincludes\class-yith-woocompare-form-handler.php:34

actioninitincludes\class-yith-woocompare-frontend.php:45

actiontemplate_redirectincludes\class-yith-woocompare-frontend.php:48

actionwp_enqueue_scriptsincludes\class-yith-woocompare-frontend.php:51

filterrender_block_woocommerce/add-to-cart-formincludes\class-yith-woocompare-frontend.php:194

actionwoocommerce_single_product_summaryincludes\class-yith-woocompare-frontend.php:197

filterrender_block_woocommerce/product-buttonincludes\class-yith-woocompare-frontend.php:202

filterwoocommerce_blocks_product_grid_item_htmlincludes\class-yith-woocompare-frontend.php:203

actionwoocommerce_after_shop_loop_itemincludes\class-yith-woocompare-frontend.php:206

actionwp_footerincludes\class-yith-woocompare-frontend.php:367

actioninitincludes\class-yith-woocompare-install.php:40

actioninitincludes\class-yith-woocompare-install.php:41

actioninitincludes\class-yith-woocompare-install.php:42

filterwoocommerce_get_image_size_yith-woocompare-imageincludes\class-yith-woocompare-install.php:60

actiontemplate_redirectincludes\class-yith-woocompare-products-list.php:58

actionwidgets_initincludes\class-yith-woocompare-widgets.php:33

actioninitincludes\class-yith-woocompare.php:29

actionbefore_woocommerce_initincludes\class-yith-woocompare.php:32

actionadmin_noticesinit.php:112

actionadmin_noticesinit.php:115

actionplugins_loadedinit.php:132

actionelementor/elements/categories_registeredplugin-fw\includes\builders\elementor\class-yith-elementor.php:50

actionelementor/editor/after_enqueue_stylesplugin-fw\includes\builders\elementor\class-yith-elementor.php:52

actionelementor/frontend/after_enqueue_stylesplugin-fw\includes\builders\elementor\class-yith-elementor.php:53

actioninitplugin-fw\includes\builders\gutenberg\class-yith-gutenberg.php:60

actioninitplugin-fw\includes\builders\gutenberg\class-yith-gutenberg.php:61

actioninitplugin-fw\includes\builders\gutenberg\class-yith-gutenberg.php:62

actionwc_ajax_yith_plugin_fw_gutenberg_do_shortcodeplugin-fw\includes\builders\gutenberg\class-yith-gutenberg.php:64

actioninitplugin-fw\includes\class-yit-assets.php:47

actionelementor/editor/before_enqueue_stylesplugin-fw\includes\class-yit-assets.php:48

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-assets.php:50

actioninitplugin-fw\includes\class-yit-assets.php:52

actionshould_load_block_editor_scripts_and_stylesplugin-fw\includes\class-yit-assets.php:53

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-icons.php:970

actionwp_enqueue_scriptsplugin-fw\includes\class-yit-icons.php:971

actionadd_meta_boxesplugin-fw\includes\class-yit-metabox.php:80

actionsave_postplugin-fw\includes\class-yit-metabox.php:81

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-metabox.php:82

filteryit_icons_screen_idsplugin-fw\includes\class-yit-metabox.php:84

filteradmin_body_classplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:93

actionadmin_initplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:94

actionadmin_menuplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:95

actionadmin_menuplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:96

actionadmin_bar_menuplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:97

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:98

actionadmin_initplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:99

filterwoocommerce_screen_idsplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:100

filterwoocommerce_admin_settings_sanitize_optionplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:102

actionyith_plugin_fw_get_field_afterplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:104

actionadmin_action_yith_plugin_fw_save_toggle_elementplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:105

filterwoocommerce_admin_settings_sanitize_optionplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:106

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:108

actionadmin_initplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:109

filteryith_plugin_fw_premium_landing_uriplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:112

actionwoocommerce_admin_field_boxinfoplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:126

actionwoocommerce_admin_field_yith-fieldplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:127

filterwoocommerce_admin_settings_sanitize_optionplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:129

actionadmin_menuplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:132

filteradd_menu_classesplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:134

filteradmin_body_classplugin-fw\includes\class-yit-plugin-panel.php:121

actionadmin_initplugin-fw\includes\class-yit-plugin-panel.php:122

actionadmin_menuplugin-fw\includes\class-yit-plugin-panel.php:123

actionadmin_menuplugin-fw\includes\class-yit-plugin-panel.php:124

actionadmin_bar_menuplugin-fw\includes\class-yit-plugin-panel.php:125

actionadmin_initplugin-fw\includes\class-yit-plugin-panel.php:126

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-plugin-panel.php:128

actionadmin_initplugin-fw\includes\class-yit-plugin-panel.php:129

filteryith_plugin_fw_premium_landing_uriplugin-fw\includes\class-yit-plugin-panel.php:132

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-plugin-panel.php:137

actionall_admin_noticesplugin-fw\includes\class-yit-plugin-panel.php:242

actionadmin_footerplugin-fw\includes\class-yit-plugin-panel.php:243

filterparent_fileplugin-fw\includes\class-yit-plugin-panel.php:245

filtersubmenu_fileplugin-fw\includes\class-yit-plugin-panel.php:246

actionadmin_menuplugin-fw\includes\class-yit-plugin-panel.php:259

filteradd_menu_classesplugin-fw\includes\class-yit-plugin-panel.php:260

filterremovable_query_argsplugin-fw\includes\class-yit-plugin-panel.php:261

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-plugin-panel.php:1081

actionadmin_initplugin-fw\includes\class-yit-plugin-panel.php:1082

actionadmin_footerplugin-fw\includes\class-yit-plugin-panel.php:1213

actionadmin_initplugin-fw\includes\class-yit-plugin-subpanel.php:44

actionadmin_menuplugin-fw\includes\class-yit-plugin-subpanel.php:45

actionadmin_bar_menuplugin-fw\includes\class-yit-plugin-subpanel.php:46

actionadmin_initplugin-fw\includes\class-yit-plugin-subpanel.php:47

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-plugin-subpanel.php:48

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-pointers.php:118

actionadmin_initplugin-fw\includes\class-yit-pointers.php:119

actionyith_bh_onboardingplugin-fw\includes\class-yith-bh-onboarding.php:36

actionwp_dashboard_setupplugin-fw\includes\class-yith-dashboard.php:146

actionadmin_enqueue_scriptsplugin-fw\includes\class-yith-dashboard.php:147

actionadmin_initplugin-fw\includes\class-yith-post-type-admin.php:65

actioncurrent_screenplugin-fw\includes\class-yith-post-type-admin.php:67

actionedit_form_topplugin-fw\includes\class-yith-post-type-admin.php:70

actionmanage_posts_extra_tablenavplugin-fw\includes\class-yith-post-type-admin.php:119

actionmanage_posts_extra_tablenavplugin-fw\includes\class-yith-post-type-admin.php:120

actionrestrict_manage_postsplugin-fw\includes\class-yith-post-type-admin.php:122

filterrequestplugin-fw\includes\class-yith-post-type-admin.php:123

filterlist_table_primary_columnplugin-fw\includes\class-yith-post-type-admin.php:125

filterpost_row_actionsplugin-fw\includes\class-yith-post-type-admin.php:126

filterpage_row_actionsplugin-fw\includes\class-yith-post-type-admin.php:127

filterdefault_hidden_columnsplugin-fw\includes\class-yith-post-type-admin.php:129

actiondisable_months_dropdownplugin-fw\includes\class-yith-post-type-admin.php:137

filteradmin_body_classplugin-fw\includes\class-yith-system-status.php:95

actionadmin_menuplugin-fw\includes\class-yith-system-status.php:96

actionadmin_initplugin-fw\includes\class-yith-system-status.php:97

actionadmin_noticesplugin-fw\includes\class-yith-system-status.php:98

actionadmin_enqueue_scriptsplugin-fw\includes\class-yith-system-status.php:99

actioninitplugin-fw\includes\class-yith-system-status.php:100

filteryith_plugin_fw_privacy_guide_contentplugin-fw\includes\privacy\class-yith-privacy-plugin-abstract.php:39

actionadmin_initplugin-fw\includes\privacy\class-yith-privacy.php:50

actionplugins_loadedplugin-fw\init.php:94

filterextra_theme_headersplugin-fw\yit-functions.php:602

filteryit_title_special_charactersplugin-fw\yit-functions.php:726

filterplugin_row_metaplugin-fw\yit-plugin.php:56

actionadmin_noticesplugin-fw\yit-plugin.php:298

actionplugins_loadedplugin-fw\yit-plugin.php:300

actionshutdownplugin-fw\yit-woocommerce-compatibility.php:765

Maintenance & Trust

YITH WooCommerce Compare Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 3, 2026

PHP min version7.4

Downloads11.8M

Community Trust

Rating82/100

Number of ratings38

Active installs100K

Alternatives

YITH WooCommerce Compare Alternatives

Ever Compare – Products Compare Plugin for WooCommerce

ever-compare

100

Ever Compare is a WordPress plugin for product compare, is a powerful tool that helps you to enable compare button for WooCommerce product.

700 1 CVE

Products Compare

products-compare

100

Effortlessly compare products in your WooCommerce store to find the best fit for your customers' needs.

200 No CVEs

Advanced Custom Fields YITH WooCommerce Compare support

acf-yith-woocommerce-compare-support

Advanced Custom Fields YITH WooCommerce Compare support

100 No CVEs

WCBoost – Products Compare

wcboost-products-compare

100

Enhance your WooCommerce store with WCBoost - Products Compare, enabling customers to easily compare products and make informed decisions.

30K No CVEs

ThemeHunk Product Compare for WooCommerce

th-product-compare

100

Add an easy and powerful product compare feature to your WooCommerce store. Let customers do product comparison by price, features, and attributes.

4K No CVEs

Developer Profile

YITH WooCommerce Compare Developer Profile

YITHEMES

33 plugins · 1.1M total installs

trust score

Avg Security Score

97/100

Avg Patch Time

411 days

View full developer profile

Detection Fingerprints

How We Detect YITH WooCommerce Compare

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/yith-woocommerce-compare/assets/css/style.css/wp-content/plugins/yith-woocommerce-compare/assets/js/script.js/wp-content/plugins/yith-woocommerce-compare/assets/js/yith-woocompare-frontend.js/wp-content/plugins/yith-woocommerce-compare/includes/fields/image-uploader/assets/css/yith-image-uploader.css/wp-content/plugins/yith-woocommerce-compare/includes/fields/image-uploader/assets/js/yith-image-uploader.js/wp-content/plugins/yith-woocommerce-compare/plugin-fw/assets/css/plugin-fw.css/wp-content/plugins/yith-woocommerce-compare/plugin-fw/assets/js/plugin-fw.js/wp-content/plugins/yith-woocommerce-compare/plugin-fw/assets/js/plugin-fw-init.js

Script Paths

/wp-content/plugins/yith-woocommerce-compare/assets/js/script.js/wp-content/plugins/yith-woocommerce-compare/assets/js/yith-woocompare-frontend.js/wp-content/plugins/yith-woocommerce-compare/includes/fields/image-uploader/assets/js/yith-image-uploader.js/wp-content/plugins/yith-woocommerce-compare/plugin-fw/assets/js/plugin-fw.js/wp-content/plugins/yith-woocommerce-compare/plugin-fw/assets/js/plugin-fw-init.js

Version Parameters

yith-woocommerce-compare/assets/css/style.css?ver=yith-woocommerce-compare/assets/js/script.js?ver=yith-woocommerce-compare/assets/js/yith-woocompare-frontend.js?ver=yith-woocommerce-compare/includes/fields/image-uploader/assets/css/yith-image-uploader.css?ver=yith-woocommerce-compare/includes/fields/image-uploader/assets/js/yith-image-uploader.js?ver=yith-woocommerce-compare/plugin-fw/assets/css/plugin-fw.css?ver=yith-woocommerce-compare/plugin-fw/assets/js/plugin-fw.js?ver=yith-woocommerce-compare/plugin-fw/assets/js/plugin-fw-init.js?ver=

HTML / DOM Fingerprints

CSS Classes

yith-woocompare-add-to-compareyith-woocompare-compare-listyith-woocompare-remove-from-compareyith-compare-tableyith-woocompare-add-buttonyith-woocompare-remove-buttonyith-woocompare-product-imageyith-woocompare-product-title+4 more

HTML Comments

YITH WooCompare LoadedAdd a panel under YITH Plugins tab

Data Attributes

data-rel="yith-woocompare-add-to-compare"data-product_iddata-noncedata-yith-woocompare-productdata-yith-woocompare-add-to-comparedata-yith-woocompare-remove-from-compare

JS Globals

yith_woocompare_frontendyith_woocompare_data

FAQ

YITH WooCommerce Compare Security & Risk Analysis

Is YITH WooCommerce Compare Safe to Use in 2026?

Generally Safe

Key Concerns

YITH WooCommerce Compare Security Vulnerabilities

CVEs by Year

Severity Breakdown

YITH WooCommerce Compare Code Analysis

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

YITH WooCommerce Compare Attack Surface

AJAX Handlers 5

YITH WooCommerce Compare Maintenance & Trust

Maintenance Signals

Community Trust

YITH WooCommerce Compare Alternatives

Ever Compare – Products Compare Plugin for WooCommerce

Products Compare

Advanced Custom Fields YITH WooCommerce Compare support

WCBoost – Products Compare

ThemeHunk Product Compare for WooCommerce

YITH WooCommerce Compare Developer Profile

How We Detect YITH WooCommerce Compare

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about YITH WooCommerce Compare