Does YITH WooCommerce Quick View have any unpatched vulnerabilities?

No. All known vulnerabilities in YITH WooCommerce Quick View have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is YITH WooCommerce Quick View compatible with WordPress 6.9.4?

According to WordPress.org data, YITH WooCommerce Quick View 2.12.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is YITH WooCommerce Quick View compatible with PHP 7.4+?

YITH WooCommerce Quick View requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is YITH WooCommerce Quick View updated?

YITH WooCommerce Quick View was last updated on Mar 4, 2026. Frequent updates are generally a positive security signal.

What is YITH WooCommerce Quick View's security score?

YITH WooCommerce Quick View has a WP-Safety security score of 96/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

YITH WooCommerce Quick View Security & Risk Analysis

wordpress.org/plugins/yith-woocommerce-quick-view

This plugin adds the possibility to have a quick preview of the products right from product list

100K active installs v2.12.0 PHP 7.4+ WP 6.7+ Updated Mar 4, 2026

products-quick-viewquick-viewwoocommercewoocommerce-quick-view

A · Safe

CVEs total2

Unpatched0

Last CVEDec 12, 2025

Plugin page Download

Safety Verdict

Is YITH WooCommerce Quick View Safe to Use in 2026?

Generally Safe

Score 96/100

YITH WooCommerce Quick View has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Dec 12, 2025Updated 1mo ago

Risk Assessment

The plugin 'yith-woocommerce-quick-view' v2.12.0 demonstrates some good security practices, such as exclusively using prepared statements for SQL queries and a high percentage of properly escaped outputs. It also implements a reasonable number of nonce and capability checks. However, concerns arise from its attack surface, particularly the presence of 3 unprotected AJAX handlers, which represent direct entry points for potential unauthorized actions or data manipulation.

The taint analysis, while not revealing critical or high severity vulnerabilities, did identify one flow with unsanitized paths. This, combined with the historical vulnerability data indicating past Cross-site Scripting (XSS) and Missing Authorization issues, suggests a pattern of input validation and access control weaknesses. The existence of a high severity vulnerability historically, even if currently patched, warrants careful consideration.

Overall, the plugin has strengths in its database interaction and output sanitization. However, the unprotected AJAX endpoints are a significant concern, and the historical vulnerability data suggests a need for continued vigilance regarding input sanitization and authorization. The risk is moderate, leaning towards higher due to the unprotected entry points and past vulnerability types.

Key Concerns

Unprotected AJAX handlers found
Flow with unsanitized paths found
Historical high severity vulnerability (Missing Authorization)
Historical medium severity vulnerability (Cross-site Scripting)

Vulnerabilities

YITH WooCommerce Quick View Security Vulnerabilities

CVEs by Year

1 CVE in 2022

2022

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

High

Medium

2 total CVEs

CVE-2025-8617medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

YITH WooCommerce Quick View <= 2.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via yith_quick_view Shortcode

Dec 12, 2025 Patched in 2.7.1 (1d)

WF-b948574a-0aab-4596-83e6-04be21f78bc1-yith-woocommerce-quick-viewhigh · 7.1Missing Authorization

YITH plugins by YITHEMES <= (Various Versions) - Missing Authorization

Nov 11, 2022 Patched in 1.21.1 (438d)

Code Analysis

Analyzed Mar 16, 2026

YITH WooCommerce Quick View Code Analysis

Dangerous Functions

Raw SQL Queries

5 prepared

Unescaped Output

1467 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

SQL Query Safety

100% prepared5 total queries

Output Escaping

94% escaped1560 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

14 flows1 with unsanitized paths

<class.yith-wcqv-frontend> (includes\class.yith-wcqv-frontend.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3 unprotected

YITH WooCommerce Quick View Attack Surface

Entry Points8

Unprotected3

AJAX Handlers 7

authwp_ajax_yith_load_product_quick_viewincludes\class.yith-wcqv-frontend.php:68

noprivwp_ajax_yith_load_product_quick_viewincludes\class.yith-wcqv-frontend.php:69

authwp_ajax_yith_plugin_fw_gutenberg_do_shortcodeplugin-fw\includes\builders\gutenberg\class-yith-gutenberg.php:63

authwp_ajax_yith_plugin_fw_save_toggle_element_metaboxplugin-fw\includes\class-yit-metabox.php:86

authwp_ajax_yith_plugin_fw_save_toggle_elementplugin-fw\includes\class-yit-plugin-panel.php:138

authwp_ajax_yith_bh_onboardingplugin-fw\includes\class-yith-bh-onboarding.php:37

authwp_ajax_yith_create_log_fileplugin-fw\includes\class-yith-system-status.php:101

Shortcodes 1

[yith_quick_view] includes\class.yith-wcqv-frontend.php:80

WordPress Hooks 126

actionadmin_menuincludes\class.yith-wcqv-admin.php:94

filteryith_show_plugin_row_metaincludes\class.yith-wcqv-admin.php:98

actionadmin_enqueue_scriptsincludes\class.yith-wcqv-admin.php:99

actionwp_enqueue_scriptsincludes\class.yith-wcqv-frontend.php:60

actionwp_enqueue_scriptsincludes\class.yith-wcqv-frontend.php:64

actionwp_footerincludes\class.yith-wcqv-frontend.php:72

actioninitincludes\class.yith-wcqv-frontend.php:78

filterwoocommerce_add_to_cart_form_actionincludes\class.yith-wcqv-frontend.php:81

actionyith_proteo_products_loop_add_to_cart_actionsincludes\class.yith-wcqv-frontend.php:167

filterwoocommerce_loop_add_to_cart_linkincludes\class.yith-wcqv-frontend.php:169

actionwoocommerce_after_shop_loop_itemincludes\class.yith-wcqv-frontend.php:171

actionyith_wcwl_table_after_product_nameincludes\class.yith-wcqv-frontend.php:174

actionwp_footerincludes\class.yith-wcqv-frontend.php:258

actionyith_wcqv_product_imageincludes\class.yith-wcqv-frontend.php:361

actionyith_wcqv_product_imageincludes\class.yith-wcqv-frontend.php:363

actionyith_wcqv_product_summaryincludes\class.yith-wcqv-frontend.php:366

actionyith_wcqv_product_summaryincludes\class.yith-wcqv-frontend.php:367

actionyith_wcqv_product_summaryincludes\class.yith-wcqv-frontend.php:368

actionyith_wcqv_product_summaryincludes\class.yith-wcqv-frontend.php:372

actionyith_wcqv_product_summaryincludes\class.yith-wcqv-frontend.php:374

actionyith_wcqv_product_summaryincludes\class.yith-wcqv-frontend.php:377

actionyith_wcqv_product_summaryincludes\class.yith-wcqv-frontend.php:378

actionyith_wcqv_product_summaryincludes\class.yith-wcqv-frontend.php:379

actionyith_wcqv_product_summaryincludes\class.yith-wcqv-frontend.php:381

actioninitincludes\class.yith-wcqv.php:77

actioninitincludes\functions.yith-wcqv.php:14

actionyith_wcqv_initinit.php:137

actionadmin_noticesinit.php:148

actionadmin_noticesinit.php:150

actionplugins_loadedinit.php:157

actionbefore_woocommerce_initinit.php:159

actionelementor/elements/categories_registeredplugin-fw\includes\builders\elementor\class-yith-elementor.php:50

actionelementor/editor/after_enqueue_stylesplugin-fw\includes\builders\elementor\class-yith-elementor.php:52

actionelementor/frontend/after_enqueue_stylesplugin-fw\includes\builders\elementor\class-yith-elementor.php:53

actioninitplugin-fw\includes\builders\gutenberg\class-yith-gutenberg.php:60

actioninitplugin-fw\includes\builders\gutenberg\class-yith-gutenberg.php:61

actioninitplugin-fw\includes\builders\gutenberg\class-yith-gutenberg.php:62

actionwc_ajax_yith_plugin_fw_gutenberg_do_shortcodeplugin-fw\includes\builders\gutenberg\class-yith-gutenberg.php:64

actioninitplugin-fw\includes\class-yit-assets.php:47

actionelementor/editor/before_enqueue_stylesplugin-fw\includes\class-yit-assets.php:48

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-assets.php:50

actioninitplugin-fw\includes\class-yit-assets.php:52

actionshould_load_block_editor_scripts_and_stylesplugin-fw\includes\class-yit-assets.php:53

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-icons.php:970

actionwp_enqueue_scriptsplugin-fw\includes\class-yit-icons.php:971

actionadd_meta_boxesplugin-fw\includes\class-yit-metabox.php:80

actionsave_postplugin-fw\includes\class-yit-metabox.php:81

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-metabox.php:82

filteryit_icons_screen_idsplugin-fw\includes\class-yit-metabox.php:84

filteradmin_body_classplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:93

actionadmin_initplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:94

actionadmin_menuplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:95

actionadmin_menuplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:96

actionadmin_bar_menuplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:97

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:98

actionadmin_initplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:99

filterwoocommerce_screen_idsplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:100

filterwoocommerce_admin_settings_sanitize_optionplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:102

actionyith_plugin_fw_get_field_afterplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:104

actionadmin_action_yith_plugin_fw_save_toggle_elementplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:105

filterwoocommerce_admin_settings_sanitize_optionplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:106

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:108

actionadmin_initplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:109

filteryith_plugin_fw_premium_landing_uriplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:112

actionwoocommerce_admin_field_boxinfoplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:126

actionwoocommerce_admin_field_yith-fieldplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:127

filterwoocommerce_admin_settings_sanitize_optionplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:129

actionadmin_menuplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:132

filteradd_menu_classesplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:134

filteradmin_body_classplugin-fw\includes\class-yit-plugin-panel.php:121

actionadmin_initplugin-fw\includes\class-yit-plugin-panel.php:122

actionadmin_menuplugin-fw\includes\class-yit-plugin-panel.php:123

actionadmin_menuplugin-fw\includes\class-yit-plugin-panel.php:124

actionadmin_bar_menuplugin-fw\includes\class-yit-plugin-panel.php:125

actionadmin_initplugin-fw\includes\class-yit-plugin-panel.php:126

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-plugin-panel.php:128

actionadmin_initplugin-fw\includes\class-yit-plugin-panel.php:129

filteryith_plugin_fw_premium_landing_uriplugin-fw\includes\class-yit-plugin-panel.php:132

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-plugin-panel.php:137

actionall_admin_noticesplugin-fw\includes\class-yit-plugin-panel.php:242

actionadmin_footerplugin-fw\includes\class-yit-plugin-panel.php:243

filterparent_fileplugin-fw\includes\class-yit-plugin-panel.php:245

filtersubmenu_fileplugin-fw\includes\class-yit-plugin-panel.php:246

actionadmin_menuplugin-fw\includes\class-yit-plugin-panel.php:259

filteradd_menu_classesplugin-fw\includes\class-yit-plugin-panel.php:260

filterremovable_query_argsplugin-fw\includes\class-yit-plugin-panel.php:261

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-plugin-panel.php:1081

actionadmin_initplugin-fw\includes\class-yit-plugin-panel.php:1082

actionadmin_footerplugin-fw\includes\class-yit-plugin-panel.php:1213

actionadmin_initplugin-fw\includes\class-yit-plugin-subpanel.php:44

actionadmin_menuplugin-fw\includes\class-yit-plugin-subpanel.php:45

actionadmin_bar_menuplugin-fw\includes\class-yit-plugin-subpanel.php:46

actionadmin_initplugin-fw\includes\class-yit-plugin-subpanel.php:47

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-plugin-subpanel.php:48

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-pointers.php:118

actionadmin_initplugin-fw\includes\class-yit-pointers.php:119

actionyith_bh_onboardingplugin-fw\includes\class-yith-bh-onboarding.php:36

actionwp_dashboard_setupplugin-fw\includes\class-yith-dashboard.php:146

actionadmin_enqueue_scriptsplugin-fw\includes\class-yith-dashboard.php:147

actionadmin_initplugin-fw\includes\class-yith-post-type-admin.php:65

actioncurrent_screenplugin-fw\includes\class-yith-post-type-admin.php:67

actionedit_form_topplugin-fw\includes\class-yith-post-type-admin.php:70

actionmanage_posts_extra_tablenavplugin-fw\includes\class-yith-post-type-admin.php:119

actionmanage_posts_extra_tablenavplugin-fw\includes\class-yith-post-type-admin.php:120

actionrestrict_manage_postsplugin-fw\includes\class-yith-post-type-admin.php:122

filterrequestplugin-fw\includes\class-yith-post-type-admin.php:123

filterlist_table_primary_columnplugin-fw\includes\class-yith-post-type-admin.php:125

filterpost_row_actionsplugin-fw\includes\class-yith-post-type-admin.php:126

filterpage_row_actionsplugin-fw\includes\class-yith-post-type-admin.php:127

filterdefault_hidden_columnsplugin-fw\includes\class-yith-post-type-admin.php:129

actiondisable_months_dropdownplugin-fw\includes\class-yith-post-type-admin.php:137

filteradmin_body_classplugin-fw\includes\class-yith-system-status.php:95

actionadmin_menuplugin-fw\includes\class-yith-system-status.php:96

actionadmin_initplugin-fw\includes\class-yith-system-status.php:97

actionadmin_noticesplugin-fw\includes\class-yith-system-status.php:98

actionadmin_enqueue_scriptsplugin-fw\includes\class-yith-system-status.php:99

actioninitplugin-fw\includes\class-yith-system-status.php:100

filteryith_plugin_fw_privacy_guide_contentplugin-fw\includes\privacy\class-yith-privacy-plugin-abstract.php:39

actionadmin_initplugin-fw\includes\privacy\class-yith-privacy.php:50

actionplugins_loadedplugin-fw\init.php:94

filterextra_theme_headersplugin-fw\yit-functions.php:602

filteryit_title_special_charactersplugin-fw\yit-functions.php:726

filterplugin_row_metaplugin-fw\yit-plugin.php:56

actionadmin_noticesplugin-fw\yit-plugin.php:298

actionplugins_loadedplugin-fw\yit-plugin.php:300

actionshutdownplugin-fw\yit-woocommerce-compatibility.php:765

Maintenance & Trust

YITH WooCommerce Quick View Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 4, 2026

PHP min version7.4

Downloads6.3M

Community Trust

Rating76/100

Number of ratings27

Active installs100K

Alternatives

YITH WooCommerce Quick View Alternatives

Addonify – Quick View For WooCommerce

addonify-quick-view

Addonify WooCommerce Quick View plugin adds functionality to have a quick preview of WooCommerce product on a popup modal.

1K 2 CVEs

WPB Quick View Popup for WooCommerce

woocommerce-lightbox

Add a quick view popup to WooCommerce products so customers can preview product details without leaving the shop page.

1K 1 CVE

Quick View for WooCommerce

wc-easy-quick-view

100

Quick View for WooCommerce is a plugin that allows shoppers to view product information without having to navigate to the product page.

200 No CVEs

Quick View For Woocommerce

quick-view-for-woocommerce

100

The Product Quick View plugin enables your customers to get an overview of the WooCommerce products without being directed to the detail page.

100 No CVEs

Products Quick View for WooCommerce

woocommerce-products-quick-view

Add Quick View feature to all product cards on shop, category, tag pages. Opens full product page content, add to cart without leaving the page.

100 2 CVEs

Developer Profile

YITH WooCommerce Quick View Developer Profile

YITHEMES

33 plugins · 1.1M total installs

trust score

Avg Security Score

97/100

Avg Patch Time

411 days

View full developer profile

Detection Fingerprints

How We Detect YITH WooCommerce Quick View

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/yith-woocommerce-quick-view/assets/css/style.css/wp-content/plugins/yith-woocommerce-quick-view/assets/js/script.js/wp-content/plugins/yith-woocommerce-quick-view/assets/js/yith-wcqv-admin.js

Script Paths

/wp-content/plugins/yith-woocommerce-quick-view/assets/js/script.js/wp-content/plugins/yith-woocommerce-quick-view/assets/js/yith-wcqv-admin.js

Version Parameters

yith-woocommerce-quick-view/assets/css/style.css?ver=yith-woocommerce-quick-view/assets/js/script.js?ver=yith-woocommerce-quick-view/assets/js/yith-wcqv-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

yith-wcqv-buttonyith-wcqv-closeyith-wcqv-overlayyith-wcqv-wrapyith-wcqv-singleyith-wcqv-main-imageyith-wcqv-product-imageyith-wcqv-product-summary+2 more

HTML Comments

Data Attributes

data-yith-wcqv-loadingdata-yith-wcqv-product-iddata-yith-wcqv-link

JS Globals

yith_wcqv_params

FAQ