Does YITH WooCommerce Tab Manager have any unpatched vulnerabilities?

No. All known vulnerabilities in YITH WooCommerce Tab Manager have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is YITH WooCommerce Tab Manager compatible with WordPress 6.9.4?

According to WordPress.org data, YITH WooCommerce Tab Manager 2.12.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is YITH WooCommerce Tab Manager compatible with PHP 7.4+?

YITH WooCommerce Tab Manager requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is YITH WooCommerce Tab Manager updated?

YITH WooCommerce Tab Manager was last updated on Mar 6, 2026. Frequent updates are generally a positive security signal.

What is YITH WooCommerce Tab Manager's security score?

YITH WooCommerce Tab Manager has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

YITH WooCommerce Tab Manager Security & Risk Analysis

wordpress.org/plugins/yith-woocommerce-tab-manager

Improve your WooCommerce product pages by adding custom tabs and ad hoc content for your customers

5K active installs v2.12.0 PHP 7.4+ WP 6.7+ Updated Mar 6, 2026

custom-tabe-commerceproducttabwoocommerce

A · Safe

CVEs total2

Unpatched0

Last CVEJun 6, 2024

Plugin page Download

Safety Verdict

Is YITH WooCommerce Tab Manager Safe to Use in 2026?

Generally Safe

Score 98/100

YITH WooCommerce Tab Manager has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Jun 6, 2024Updated 28d ago

Risk Assessment

The "yith-woocommerce-tab-manager" plugin v2.12.0 exhibits a generally good security posture with strong adherence to best practices such as using prepared statements for all SQL queries and a high percentage of properly escaped output. The presence of numerous nonce and capability checks also indicates a solid foundation for authorization. However, a significant concern lies in the attack surface, with one out of seven AJAX handlers lacking any authentication checks. This unprotected entry point presents a direct avenue for potential abuse by unauthenticated users. While the taint analysis shows no critical or high severity flows, the single flow with unsanitized paths, even if not immediately critical, warrants attention as it could be a precursor to vulnerabilities. The plugin's vulnerability history is a mixed bag, with two past CVEs, one of high severity (Missing Authorization) and one of medium severity (Cross-site Scripting). The fact that both are currently patched is positive, but the types of past vulnerabilities align with the identified weaknesses in the current version (unprotected AJAX). In conclusion, while the plugin demonstrates good development practices in many areas, the unprotected AJAX handler and historical vulnerability types suggest a need for careful review and hardening of entry points to prevent exploitation.

Key Concerns

Unprotected AJAX handler
Flows with unsanitized paths
Past high severity CVE (Missing Authorization)
Past medium severity CVE (XSS)

Vulnerabilities

YITH WooCommerce Tab Manager Security Vulnerabilities

CVEs by Year

1 CVE in 2022

2022

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

High

Medium

2 total CVEs

CVE-2024-35698medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

YITH WooCommerce Tab Manager <= 1.35.0 - Authenticated (Editor+) Stored Cross-Site Scripting

Jun 6, 2024 Patched in 1.35.1 (8d)

WF-b948574a-0aab-4596-83e6-04be21f78bc1-yith-woocommerce-tab-managerhigh · 7.1Missing Authorization

YITH plugins by YITHEMES <= (Various Versions) - Missing Authorization

Nov 11, 2022 Patched in 1.17.1 (438d)

Code Analysis

Analyzed Mar 16, 2026

YITH WooCommerce Tab Manager Code Analysis

Dangerous Functions

Raw SQL Queries

8 prepared

Unescaped Output

1489 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

SQL Query Safety

100% prepared8 total queries

Output Escaping

94% escaped1583 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

15 flows1 with unsanitized paths

maybe_render_blank_state (includes\admin\class-yith-tab-manager-post-type-admin.php:352)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

YITH WooCommerce Tab Manager Attack Surface

Entry Points7

Unprotected1

AJAX Handlers 7

authwp_ajax_ywtm_toggle_show_tabincludes\class-yith-tab-manager-ajax.php:24

authwp_ajax_ywtm_sort_tabsincludes\class-yith-tab-manager-ajax.php:25

authwp_ajax_yith_plugin_fw_gutenberg_do_shortcodeplugin-fw\includes\builders\gutenberg\class-yith-gutenberg.php:63

authwp_ajax_yith_plugin_fw_save_toggle_element_metaboxplugin-fw\includes\class-yit-metabox.php:86

authwp_ajax_yith_plugin_fw_save_toggle_elementplugin-fw\includes\class-yit-plugin-panel.php:138

authwp_ajax_yith_bh_onboardingplugin-fw\includes\class-yith-bh-onboarding.php:37

authwp_ajax_yith_create_log_fileplugin-fw\includes\class-yith-system-status.php:101

WordPress Hooks 120

filteryith_show_plugin_row_metaincludes\admin\class-yith-tab-manager-admin.php:47

actionadmin_menuincludes\admin\class-yith-tab-manager-admin.php:48

filteryith_plugin_fw_get_field_template_pathincludes\admin\class-yith-tab-manager-admin.php:49

actionadmin_initincludes\admin\class-yith-tab-manager-post-type-admin.php:38

actionadmin_initincludes\admin\class-yith-tab-manager-post-type-admin.php:39

filterpost_updated_messagesincludes\admin\class-yith-tab-manager-post-type-admin.php:40

filterbulk_post_updated_messagesincludes\admin\class-yith-tab-manager-post-type-admin.php:41

actionadmin_menuincludes\admin\class-yith-tab-manager-post-type-admin.php:42

actionadmin_headincludes\admin\class-yith-tab-manager-post-type-admin.php:43

actiondbx_post_sidebarincludes\admin\class-yith-tab-manager-post-type-admin.php:51

filterpost_classincludes\admin\class-yith-tab-manager-post-type-admin.php:53

actionadmin_action_duplicate_tabincludes\admin\class-yith-tab-manager-post-type-admin.php:54

actionadmin_enqueue_scriptsincludes\class-yith-tab-manager-assets.php:24

filterwoocommerce_product_tabsincludes\class-yith-tab-manager-frontend.php:23

actioninitincludes\class-yith-tab-manager-install.php:58

actionyith_tab_manager_run_update_callbackincludes\class-yith-tab-manager-install.php:59

filterwoocommerce_data_storesincludes\class-yith-tab-manager-install.php:232

actioninitincludes\class-yith-tab-manager-post-type.php:34

actionplugins_loadedincludes\class-yith-woocommerce-tab-manager.php:35

actioninitincludes\class-yith-woocommerce-tab-manager.php:36

actionyith_wc_tabmanager_initinit.php:144

actionadmin_noticesinit.php:155

actionadmin_noticesinit.php:157

actionbefore_woocommerce_initinit.php:160

actionplugins_loadedinit.php:166

actionelementor/elements/categories_registeredplugin-fw\includes\builders\elementor\class-yith-elementor.php:50

actionelementor/editor/after_enqueue_stylesplugin-fw\includes\builders\elementor\class-yith-elementor.php:52

actionelementor/frontend/after_enqueue_stylesplugin-fw\includes\builders\elementor\class-yith-elementor.php:53

actioninitplugin-fw\includes\builders\gutenberg\class-yith-gutenberg.php:60

actioninitplugin-fw\includes\builders\gutenberg\class-yith-gutenberg.php:61

actioninitplugin-fw\includes\builders\gutenberg\class-yith-gutenberg.php:62

actionwc_ajax_yith_plugin_fw_gutenberg_do_shortcodeplugin-fw\includes\builders\gutenberg\class-yith-gutenberg.php:64

actioninitplugin-fw\includes\class-yit-assets.php:47

actionelementor/editor/before_enqueue_stylesplugin-fw\includes\class-yit-assets.php:48

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-assets.php:50

actioninitplugin-fw\includes\class-yit-assets.php:52

actionshould_load_block_editor_scripts_and_stylesplugin-fw\includes\class-yit-assets.php:53

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-icons.php:970

actionwp_enqueue_scriptsplugin-fw\includes\class-yit-icons.php:971

actionadd_meta_boxesplugin-fw\includes\class-yit-metabox.php:80

actionsave_postplugin-fw\includes\class-yit-metabox.php:81

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-metabox.php:82

filteryit_icons_screen_idsplugin-fw\includes\class-yit-metabox.php:84

filteradmin_body_classplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:93

actionadmin_initplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:94

actionadmin_menuplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:95

actionadmin_menuplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:96

actionadmin_bar_menuplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:97

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:98

actionadmin_initplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:99

filterwoocommerce_screen_idsplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:100

filterwoocommerce_admin_settings_sanitize_optionplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:102

actionyith_plugin_fw_get_field_afterplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:104

actionadmin_action_yith_plugin_fw_save_toggle_elementplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:105

filterwoocommerce_admin_settings_sanitize_optionplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:106

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:108

actionadmin_initplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:109

filteryith_plugin_fw_premium_landing_uriplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:112

actionwoocommerce_admin_field_boxinfoplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:126

actionwoocommerce_admin_field_yith-fieldplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:127

filterwoocommerce_admin_settings_sanitize_optionplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:129

actionadmin_menuplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:132

filteradd_menu_classesplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:134

filteradmin_body_classplugin-fw\includes\class-yit-plugin-panel.php:121

actionadmin_initplugin-fw\includes\class-yit-plugin-panel.php:122

actionadmin_menuplugin-fw\includes\class-yit-plugin-panel.php:123

actionadmin_menuplugin-fw\includes\class-yit-plugin-panel.php:124

actionadmin_bar_menuplugin-fw\includes\class-yit-plugin-panel.php:125

actionadmin_initplugin-fw\includes\class-yit-plugin-panel.php:126

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-plugin-panel.php:128

actionadmin_initplugin-fw\includes\class-yit-plugin-panel.php:129

filteryith_plugin_fw_premium_landing_uriplugin-fw\includes\class-yit-plugin-panel.php:132

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-plugin-panel.php:137

actionall_admin_noticesplugin-fw\includes\class-yit-plugin-panel.php:242

actionadmin_footerplugin-fw\includes\class-yit-plugin-panel.php:243

filterparent_fileplugin-fw\includes\class-yit-plugin-panel.php:245

filtersubmenu_fileplugin-fw\includes\class-yit-plugin-panel.php:246

actionadmin_menuplugin-fw\includes\class-yit-plugin-panel.php:259

filteradd_menu_classesplugin-fw\includes\class-yit-plugin-panel.php:260

filterremovable_query_argsplugin-fw\includes\class-yit-plugin-panel.php:261

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-plugin-panel.php:1081

actionadmin_initplugin-fw\includes\class-yit-plugin-panel.php:1082

actionadmin_footerplugin-fw\includes\class-yit-plugin-panel.php:1213

actionadmin_initplugin-fw\includes\class-yit-plugin-subpanel.php:44

actionadmin_menuplugin-fw\includes\class-yit-plugin-subpanel.php:45

actionadmin_bar_menuplugin-fw\includes\class-yit-plugin-subpanel.php:46

actionadmin_initplugin-fw\includes\class-yit-plugin-subpanel.php:47

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-plugin-subpanel.php:48

actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-pointers.php:118

actionadmin_initplugin-fw\includes\class-yit-pointers.php:119

actionyith_bh_onboardingplugin-fw\includes\class-yith-bh-onboarding.php:36

actionwp_dashboard_setupplugin-fw\includes\class-yith-dashboard.php:146

actionadmin_enqueue_scriptsplugin-fw\includes\class-yith-dashboard.php:147

actionadmin_initplugin-fw\includes\class-yith-post-type-admin.php:65

actioncurrent_screenplugin-fw\includes\class-yith-post-type-admin.php:67

actionedit_form_topplugin-fw\includes\class-yith-post-type-admin.php:70

actionmanage_posts_extra_tablenavplugin-fw\includes\class-yith-post-type-admin.php:119

actionmanage_posts_extra_tablenavplugin-fw\includes\class-yith-post-type-admin.php:120

actionrestrict_manage_postsplugin-fw\includes\class-yith-post-type-admin.php:122

filterrequestplugin-fw\includes\class-yith-post-type-admin.php:123

filterlist_table_primary_columnplugin-fw\includes\class-yith-post-type-admin.php:125

filterpost_row_actionsplugin-fw\includes\class-yith-post-type-admin.php:126

filterpage_row_actionsplugin-fw\includes\class-yith-post-type-admin.php:127

filterdefault_hidden_columnsplugin-fw\includes\class-yith-post-type-admin.php:129

actiondisable_months_dropdownplugin-fw\includes\class-yith-post-type-admin.php:137

filteradmin_body_classplugin-fw\includes\class-yith-system-status.php:95

actionadmin_menuplugin-fw\includes\class-yith-system-status.php:96

actionadmin_initplugin-fw\includes\class-yith-system-status.php:97

actionadmin_noticesplugin-fw\includes\class-yith-system-status.php:98

actionadmin_enqueue_scriptsplugin-fw\includes\class-yith-system-status.php:99

actioninitplugin-fw\includes\class-yith-system-status.php:100

filteryith_plugin_fw_privacy_guide_contentplugin-fw\includes\privacy\class-yith-privacy-plugin-abstract.php:39

actionadmin_initplugin-fw\includes\privacy\class-yith-privacy.php:50

actionplugins_loadedplugin-fw\init.php:94

filterextra_theme_headersplugin-fw\yit-functions.php:602

filteryit_title_special_charactersplugin-fw\yit-functions.php:726

filterplugin_row_metaplugin-fw\yit-plugin.php:56

actionadmin_noticesplugin-fw\yit-plugin.php:298

actionplugins_loadedplugin-fw\yit-plugin.php:300

actionshutdownplugin-fw\yit-woocommerce-compatibility.php:765

Maintenance & Trust

YITH WooCommerce Tab Manager Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 6, 2026

PHP min version7.4

Downloads294K

Community Trust

Rating60/100

Number of ratings16

Active installs5K

Alternatives

YITH WooCommerce Tab Manager Alternatives

Custom Product tabs for WooCommerce

wb-custom-product-tabs-for-woocommerce

Create unlimited WooCommerce tabs and assign them in bulk by category, tag, brand, or product. Also disable WooCommerce’s default product tabs.

10K 1 CVE

Product Tabs for WooCommerce

woocommerce-product-tabs

100

Discover the easy way to add extra tabs to your WooCommerce product pages.

10K No CVEs

Custom Product Tabs Lite for WooCommerce

woocommerce-custom-product-tabs-lite

This plugin extends WooCommerce by allowing a custom product tab to be created with any content.

4K 2 CVEs

WPB Custom Product Tabs for WooCommerce – Add, Edit, Re-order, and Remove Tabs

wpb-woocommerce-custom-tab-manager

100

WPB WooCommerce tab manager can add additional dynamic tabs to your products. It enhances the customer experience and helps reduce pre-sale inquiries.

500 No CVEs

Extra Custom Product Tabs for WooCommerce

custom-product-tabs-for-woocommerce

Add extra multiple custom tabs with tab name and content in single product using WooCommerce.

50 No CVEs

Developer Profile

YITH WooCommerce Tab Manager Developer Profile

YITHEMES

33 plugins · 1.1M total installs

trust score

Avg Security Score

97/100

Avg Patch Time

411 days

View full developer profile

Detection Fingerprints

How We Detect YITH WooCommerce Tab Manager

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/yith-woocommerce-tab-manager/assets/css/admin.css/wp-content/plugins/yith-woocommerce-tab-manager/assets/js/build/admin.js

Script Paths

/wp-content/plugins/yith-woocommerce-tab-manager/assets/js/build/admin.js

Version Parameters

yith-woocommerce-tab-manager/assets/css/admin.css?ver=yith-woocommerce-tab-manager/assets/js/build/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

ywtm-admin

JS Globals

ywtm_admin_args

FAQ