Does YITH WooCommerce Featured Video have any unpatched vulnerabilities?

No. All known vulnerabilities in YITH WooCommerce Featured Video have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is YITH WooCommerce Featured Video compatible with WordPress 6.9.4?

According to WordPress.org data, YITH WooCommerce Featured Video 1.54.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is YITH WooCommerce Featured Video compatible with PHP 7.4+?

YITH WooCommerce Featured Video requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is YITH WooCommerce Featured Video updated?

YITH WooCommerce Featured Video was last updated on Mar 6, 2026. Frequent updates are generally a positive security signal.

What is YITH WooCommerce Featured Video's security score?

YITH WooCommerce Featured Video has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

YITH WooCommerce Featured Video Security & Risk Analysis

wordpress.org/plugins/yith-woocommerce-featured-video

YITH WooCommerce Featured Video allows you to place a video in the product detail page instead of the featured image.

3K active installs v1.54.0 PHP 7.4+ WP 6.7+ Updated Mar 6, 2026

featuredfeatured-imagefeatured-videoproductwoocommerce

A · Safe

CVEs total1

Unpatched0

Last CVENov 11, 2022

Plugin page Download

Safety Verdict

Is YITH WooCommerce Featured Video Safe to Use in 2026?

Generally Safe

Score 99/100

YITH WooCommerce Featured Video has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Nov 11, 2022Updated 28d ago

Risk Assessment

The yith-woocommerce-featured-video plugin v1.54.0 exhibits a generally good security posture with some notable strengths, including 100% of SQL queries using prepared statements and a high percentage of properly escaped output. The presence of numerous nonce and capability checks further suggests an effort towards secure coding practices. However, a significant concern arises from the discovery of one AJAX handler lacking authentication checks. This directly creates an unprotected entry point into the plugin's functionality, which could be exploited by unauthenticated users.

The vulnerability history reveals one previously disclosed high-severity vulnerability, specifically related to missing authorization. While this vulnerability is currently patched, its nature aligns with the identified unprotected AJAX handler, indicating a recurring pattern of authorization weaknesses. This suggests that while some efforts are made to secure the plugin, critical authorization checks might be overlooked in certain areas.

In conclusion, the plugin demonstrates good practices in areas like SQL sanitization and output escaping. However, the unprotected AJAX handler and past authorization vulnerabilities are serious concerns that warrant attention. The identified unprotected entry point significantly elevates the risk, despite the overall positive signals from static analysis. Addressing the unprotected AJAX handler and maintaining vigilance against authorization flaws are crucial for improving the plugin's security.

Key Concerns

Unprotected AJAX handler
Past high-severity vulnerability (Missing Authorization)

Vulnerabilities

YITH WooCommerce Featured Video Security Vulnerabilities

CVEs by Year

1 CVE in 2022

2022

Patched Has unpatched

Severity Breakdown

High

1 total CVE

WF-b948574a-0aab-4596-83e6-04be21f78bc1-yith-woocommerce-featured-videohigh · 7.1Missing Authorization

YITH plugins by YITHEMES <= (Various Versions) - Missing Authorization

Nov 11, 2022 Patched in 1.18.1 (438d)

Code Analysis

Analyzed Mar 16, 2026

YITH WooCommerce Featured Video Code Analysis

Dangerous Functions

Raw SQL Queries

5 prepared

Unescaped Output

1524 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

SQL Query Safety

100% prepared5 total queries

Output Escaping

94% escaped1621 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

14 flows1 with unsanitized paths

<class.ywcfav-admin> (includes\classes\class.ywcfav-admin.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

YITH WooCommerce Featured Video Attack Surface

Entry Points5

Unprotected1

AJAX Handlers 5

authwp_ajax_yith_plugin_fw_gutenberg_do_shortcodeplugin-fw\includes\builders\gutenberg\class-yith-gutenberg.php:63

authwp_ajax_yith_plugin_fw_save_toggle_element_metaboxplugin-fw\includes\class-yit-metabox.php:86

authwp_ajax_yith_plugin_fw_save_toggle_elementplugin-fw\includes\class-yit-plugin-panel.php:138

authwp_ajax_yith_bh_onboardingplugin-fw\includes\class-yith-bh-onboarding.php:37

authwp_ajax_yith_create_log_fileplugin-fw\includes\class-yith-system-status.php:101

WordPress Hooks 115

actionwp_enqueue_scriptsincludes\classes\class.yith-woocommerce-audio-video-content.php:33

actionbefore_woocommerce_initincludes\classes\class.yith-woocommerce-audio-video-content.php:47

filteryith_show_plugin_row_metaincludes\classes\class.ywcfav-admin.php:65

actionyith_wc_featured_audio_video_premiumincludes\classes\class.ywcfav-admin.php:67

actionadmin_menuincludes\classes\class.ywcfav-admin.php:68

actionwoocommerce_product_options_general_product_dataincludes\classes\class.ywcfav-admin.php:70

actionwoocommerce_admin_process_product_objectincludes\classes\class.ywcfav-admin.php:71

actionadmin_initincludes\classes\class.ywcfav-admin.php:73

filteryith_plugin_fw_banners_freeincludes\classes\class.ywcfav-admin.php:75

filterwoocommerce_single_product_image_thumbnail_htmlincludes\classes\class.ywcfav-frontend.php:37

actionwp_enqueue_scriptsincludes\classes\class.ywcfav-frontend.php:47

filterywcfav_get_gallery_item_classincludes\classes\class.ywcfav-zoom-magnifier.php:30

filterywcfav_get_thumbnail_gallery_itemincludes\classes\class.ywcfav-zoom-magnifier.php:31

filterwoocommerce_single_product_image_htmlincludes\classes\class.ywcfav-zoom-magnifier.php:33

filteryith_wcmg_get_post_thumbnail_idincludes\classes\class.ywcfav-zoom-magnifier.php:34

actionwp_enqueue_scriptsincludes\classes\class.ywcfav-zoom-magnifier.php:36

actionyith_wc_featured_audio_video_initinit.php:142

actionadmin_noticesinit.php:153

actionadmin_noticesinit.php:155

actionplugins_loadedinit.php:164

actionelementor/elements/categories_registeredplugin-fw\includes\builders\elementor\class-yith-elementor.php:50

actionelementor/editor/after_enqueue_stylesplugin-fw\includes\builders\elementor\class-yith-elementor.php:52

actionelementor/frontend/after_enqueue_stylesplugin-fw\includes\builders\elementor\class-yith-elementor.php:53

actioninitplugin-fw\includes\builders\gutenberg\class-yith-gutenberg.php:60

actioninitplugin-fw\includes\builders\gutenberg\class-yith-gutenberg.php:61

actioninitplugin-fw\includes\builders\gutenberg\class-yith-gutenberg.php:62

actionwc_ajax_yith_plugin_fw_gutenberg_do_shortcodeplugin-fw\includes\builders\gutenberg\class-yith-gutenberg.php:64

actioninitplugin-fw\includes\class-yit-assets.php:47

actionelementor/editor/before_enqueue_stylesplugin-fw\includes\class-yit-assets.php:48

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-assets.php:50

actioninitplugin-fw\includes\class-yit-assets.php:52

actionshould_load_block_editor_scripts_and_stylesplugin-fw\includes\class-yit-assets.php:53

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-icons.php:970

actionwp_enqueue_scriptsplugin-fw\includes\class-yit-icons.php:971

actionadd_meta_boxesplugin-fw\includes\class-yit-metabox.php:80

actionsave_postplugin-fw\includes\class-yit-metabox.php:81

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-metabox.php:82

filteryit_icons_screen_idsplugin-fw\includes\class-yit-metabox.php:84

filteradmin_body_classplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:93

actionadmin_initplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:94

actionadmin_menuplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:95

actionadmin_menuplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:96

actionadmin_bar_menuplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:97

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:98

actionadmin_initplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:99

filterwoocommerce_screen_idsplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:100

filterwoocommerce_admin_settings_sanitize_optionplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:102

actionyith_plugin_fw_get_field_afterplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:104

actionadmin_action_yith_plugin_fw_save_toggle_elementplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:105

filterwoocommerce_admin_settings_sanitize_optionplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:106

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:108

actionadmin_initplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:109

filteryith_plugin_fw_premium_landing_uriplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:112

actionwoocommerce_admin_field_boxinfoplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:126

actionwoocommerce_admin_field_yith-fieldplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:127

filterwoocommerce_admin_settings_sanitize_optionplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:129

actionadmin_menuplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:132

filteradd_menu_classesplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:134

filteradmin_body_classplugin-fw\includes\class-yit-plugin-panel.php:121

actionadmin_initplugin-fw\includes\class-yit-plugin-panel.php:122

actionadmin_menuplugin-fw\includes\class-yit-plugin-panel.php:123

actionadmin_menuplugin-fw\includes\class-yit-plugin-panel.php:124

actionadmin_bar_menuplugin-fw\includes\class-yit-plugin-panel.php:125

actionadmin_initplugin-fw\includes\class-yit-plugin-panel.php:126

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-plugin-panel.php:128

actionadmin_initplugin-fw\includes\class-yit-plugin-panel.php:129

filteryith_plugin_fw_premium_landing_uriplugin-fw\includes\class-yit-plugin-panel.php:132

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-plugin-panel.php:137

actionall_admin_noticesplugin-fw\includes\class-yit-plugin-panel.php:242

actionadmin_footerplugin-fw\includes\class-yit-plugin-panel.php:243

filterparent_fileplugin-fw\includes\class-yit-plugin-panel.php:245

filtersubmenu_fileplugin-fw\includes\class-yit-plugin-panel.php:246

actionadmin_menuplugin-fw\includes\class-yit-plugin-panel.php:259

filteradd_menu_classesplugin-fw\includes\class-yit-plugin-panel.php:260

filterremovable_query_argsplugin-fw\includes\class-yit-plugin-panel.php:261

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-plugin-panel.php:1081

actionadmin_initplugin-fw\includes\class-yit-plugin-panel.php:1082

actionadmin_footerplugin-fw\includes\class-yit-plugin-panel.php:1213

actionadmin_initplugin-fw\includes\class-yit-plugin-subpanel.php:44

actionadmin_menuplugin-fw\includes\class-yit-plugin-subpanel.php:45

actionadmin_bar_menuplugin-fw\includes\class-yit-plugin-subpanel.php:46

actionadmin_initplugin-fw\includes\class-yit-plugin-subpanel.php:47

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-plugin-subpanel.php:48

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-pointers.php:118

actionadmin_initplugin-fw\includes\class-yit-pointers.php:119

actionyith_bh_onboardingplugin-fw\includes\class-yith-bh-onboarding.php:36

actionwp_dashboard_setupplugin-fw\includes\class-yith-dashboard.php:146

actionadmin_enqueue_scriptsplugin-fw\includes\class-yith-dashboard.php:147

actionadmin_initplugin-fw\includes\class-yith-post-type-admin.php:65

actioncurrent_screenplugin-fw\includes\class-yith-post-type-admin.php:67

actionedit_form_topplugin-fw\includes\class-yith-post-type-admin.php:70

actionmanage_posts_extra_tablenavplugin-fw\includes\class-yith-post-type-admin.php:119

actionmanage_posts_extra_tablenavplugin-fw\includes\class-yith-post-type-admin.php:120

actionrestrict_manage_postsplugin-fw\includes\class-yith-post-type-admin.php:122

filterrequestplugin-fw\includes\class-yith-post-type-admin.php:123

filterlist_table_primary_columnplugin-fw\includes\class-yith-post-type-admin.php:125

filterpost_row_actionsplugin-fw\includes\class-yith-post-type-admin.php:126

filterpage_row_actionsplugin-fw\includes\class-yith-post-type-admin.php:127

filterdefault_hidden_columnsplugin-fw\includes\class-yith-post-type-admin.php:129

actiondisable_months_dropdownplugin-fw\includes\class-yith-post-type-admin.php:137

filteradmin_body_classplugin-fw\includes\class-yith-system-status.php:95

actionadmin_menuplugin-fw\includes\class-yith-system-status.php:96

actionadmin_initplugin-fw\includes\class-yith-system-status.php:97

actionadmin_noticesplugin-fw\includes\class-yith-system-status.php:98

actionadmin_enqueue_scriptsplugin-fw\includes\class-yith-system-status.php:99

actioninitplugin-fw\includes\class-yith-system-status.php:100

filteryith_plugin_fw_privacy_guide_contentplugin-fw\includes\privacy\class-yith-privacy-plugin-abstract.php:39

actionadmin_initplugin-fw\includes\privacy\class-yith-privacy.php:50

actionplugins_loadedplugin-fw\init.php:94

filterextra_theme_headersplugin-fw\yit-functions.php:602

filteryit_title_special_charactersplugin-fw\yit-functions.php:726

filterplugin_row_metaplugin-fw\yit-plugin.php:56

actionadmin_noticesplugin-fw\yit-plugin.php:298

actionplugins_loadedplugin-fw\yit-plugin.php:300

actionshutdownplugin-fw\yit-woocommerce-compatibility.php:765

Maintenance & Trust

YITH WooCommerce Featured Video Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 6, 2026

PHP min version7.4

Downloads426K

Community Trust

Rating58/100

Number of ratings33

Active installs3K

Alternatives

YITH WooCommerce Featured Video Alternatives

Product Gallery Slider, Additional Variation Images, Product Video, Product Image Zoom and Lightbox for WooCommerce – WooGallery

gallery-slider-for-woocommerce

100

🔥 All-in-One WooCommerce Product Image and Video Gallery Solution to Enhance Your Customers' Shopping Experience and Boost Sales Instantly! 🚀

20K No CVEs

Really Simple Featured Video – Featured video support for Posts, Pages & WooCommerce Products

really-simple-featured-video

100

Really Simple Featured Video enables featured video support for WordPress posts, pages, CPTs (with featured images) & WooCommerce Products.

5K No CVEs

Secondary Product Image for WooCommerce

secondary-product-image-for-woocommerce

100

Secondary Product Image for WooCommerce adds a hover effect that will reveal a secondary product thumbnail to product images on your WooCommerce produ …

2K No CVEs

Products Missing Featured Image

products-missing-featured-image

This plugin shows a list of Woocommerce products that do not have a featured image assigned.

20 No CVEs

360 Product Detait View

360-product-view

Running an eCommerce site with WooCommerce? This WordPress plugin will allow you help your customers can see your beautiful product in 360 degrees.

10 No CVEs

Developer Profile

YITH WooCommerce Featured Video Developer Profile

YITHEMES

33 plugins · 1.1M total installs

trust score

Avg Security Score

97/100

Avg Patch Time

411 days

View full developer profile

Detection Fingerprints

How We Detect YITH WooCommerce Featured Video

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/yith-woocommerce-featured-video/assets/css/ywcfav_frontend.css/wp-content/plugins/yith-woocommerce-featured-video/assets/js/lib/vimeo_player.js/wp-content/plugins/yith-woocommerce-featured-video/assets/js/lib/youtube_api.js

Script Paths

/wp-content/plugins/yith-woocommerce-featured-video/assets/js/ywcfav_video.js

Version Parameters

yith-woocommerce-featured-video/assets/css/ywcfav_frontend.css?ver=yith-woocommerce-featured-video/assets/js/lib/vimeo_player.js?ver=yith-woocommerce-featured-video/assets/js/lib/youtube_api.js?ver=yith-woocommerce-featured-video/assets/js/ywcfav_video.js?ver=

HTML / DOM Fingerprints

CSS Classes

ywcfav_video_wrapperywcfav-custom-gallery-thumbnailywcfav-product-thumbnail-video

Data Attributes

data-ywcfav-video-iddata-ywcfav-video-type

JS Globals

ywcfav_args

FAQ