WP-Safety

YITH WooCommerce Product Gallery & Image Zoom Security & Risk Analysis

wordpress.org/plugins/yith-woocommerce-zoom-magnifier

YITH WooCommerce Product Gallery & Image Zoom add zoom effect to product images and a customizable image slider.

20K active installs v2.48.0 PHP 7.4+ WP 6.7+ Updated Mar 2, 2026
carouselmagnifiersliderwoocommercezoom
99
A · Safe
CVEs total1
Unpatched0
Last CVENov 11, 2022
Plugin page Download
Safety Verdict

Is YITH WooCommerce Product Gallery & Image Zoom Safe to Use in 2026?

Generally Safe

Score 99/100

YITH WooCommerce Product Gallery & Image Zoom has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Nov 11, 2022Updated 1mo ago
Risk Assessment

The "yith-woocommerce-zoom-magnifier" plugin, version 2.48.0, exhibits a generally good security posture with several strengths, including 100% of SQL queries using prepared statements and a very high percentage (94%) of properly escaped output. The static analysis also shows no critical or high severity taint flows, indicating a low risk of direct code injection or data manipulation through user-supplied input in most scenarios. Nonce and capability checks are also present in a reasonable number of entry points, demonstrating an awareness of WordPress security best practices.

However, a significant concern arises from the presence of one AJAX handler without any authentication checks. This represents a direct, unprotected entry point into the plugin's functionality that could be exploited by unauthenticated users if the handler performs sensitive operations. While the plugin has a history of one high severity CVE, it is currently unpatched. The common vulnerability type of 'Missing Authorization' in past issues, coupled with the current unprotected AJAX handler, suggests a recurring pattern of authorization weaknesses that require careful attention.

In conclusion, the plugin has made commendable efforts in secure coding practices, particularly with SQL and output handling. Nevertheless, the unprotected AJAX endpoint and the historical pattern of authorization vulnerabilities are notable weaknesses. The unpatched high severity CVE from 2022 also suggests that timely security updates are crucial for this plugin.

Key Concerns

  • Unprotected AJAX handler
  • Historically unpatched high severity CVE
  • Pattern of missing authorization vulnerabilities
Vulnerabilities
1

YITH WooCommerce Product Gallery & Image Zoom Security Vulnerabilities

CVEs by Year

1 CVE in 2022
2022
Patched Has unpatched

Severity Breakdown

High
1

1 total CVE

WF-b948574a-0aab-4596-83e6-04be21f78bc1-yith-woocommerce-zoom-magnifierhigh · 7.1Missing Authorization

YITH plugins by YITHEMES <= (Various Versions) - Missing Authorization

Nov 11, 2022 Patched in 2.15.0 (438d)
Code Analysis
Analyzed Mar 16, 2026

YITH WooCommerce Product Gallery & Image Zoom Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
5 prepared
Unescaped Output
99
1486 escaped
Nonce Checks
15
Capability Checks
16
File Operations
0
External Requests
7
Bundled Libraries
2

Bundled Libraries

jQuerySelect2

SQL Query Safety

100% prepared5 total queries

Output Escaping

94% escaped1585 total outputs
Data Flows
All sanitized

Data Flow Analysis

13 flows
do_shortcode (plugin-fw\includes\builders\gutenberg\class-yith-gutenberg.php:279)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

YITH WooCommerce Product Gallery & Image Zoom Attack Surface

Entry Points5
Unprotected1

AJAX Handlers 5

authwp_ajax_yith_plugin_fw_gutenberg_do_shortcodeplugin-fw\includes\builders\gutenberg\class-yith-gutenberg.php:63
authwp_ajax_yith_plugin_fw_save_toggle_element_metaboxplugin-fw\includes\class-yit-metabox.php:86
authwp_ajax_yith_plugin_fw_save_toggle_elementplugin-fw\includes\class-yit-plugin-panel.php:138
authwp_ajax_yith_bh_onboardingplugin-fw\includes\class-yith-bh-onboarding.php:37
authwp_ajax_yith_create_log_fileplugin-fw\includes\class-yith-system-status.php:101
WordPress Hooks 99
actionyith_ywzm_initinit.php:134
actionadmin_noticesinit.php:145
actionadmin_noticesinit.php:147
actionplugins_loadedinit.php:156
actionelementor/elements/categories_registeredplugin-fw\includes\builders\elementor\class-yith-elementor.php:50
actionelementor/editor/after_enqueue_stylesplugin-fw\includes\builders\elementor\class-yith-elementor.php:52
actionelementor/frontend/after_enqueue_stylesplugin-fw\includes\builders\elementor\class-yith-elementor.php:53
actioninitplugin-fw\includes\builders\gutenberg\class-yith-gutenberg.php:60
actioninitplugin-fw\includes\builders\gutenberg\class-yith-gutenberg.php:61
actioninitplugin-fw\includes\builders\gutenberg\class-yith-gutenberg.php:62
actionwc_ajax_yith_plugin_fw_gutenberg_do_shortcodeplugin-fw\includes\builders\gutenberg\class-yith-gutenberg.php:64
actioninitplugin-fw\includes\class-yit-assets.php:47
actionelementor/editor/before_enqueue_stylesplugin-fw\includes\class-yit-assets.php:48
actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-assets.php:50
actioninitplugin-fw\includes\class-yit-assets.php:52
actionshould_load_block_editor_scripts_and_stylesplugin-fw\includes\class-yit-assets.php:53
actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-icons.php:970
actionwp_enqueue_scriptsplugin-fw\includes\class-yit-icons.php:971
actionadd_meta_boxesplugin-fw\includes\class-yit-metabox.php:80
actionsave_postplugin-fw\includes\class-yit-metabox.php:81
actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-metabox.php:82
filteryit_icons_screen_idsplugin-fw\includes\class-yit-metabox.php:84
filteradmin_body_classplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:93
actionadmin_initplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:94
actionadmin_menuplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:95
actionadmin_menuplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:96
actionadmin_bar_menuplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:97
actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:98
actionadmin_initplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:99
filterwoocommerce_screen_idsplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:100
filterwoocommerce_admin_settings_sanitize_optionplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:102
actionyith_plugin_fw_get_field_afterplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:104
actionadmin_action_yith_plugin_fw_save_toggle_elementplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:105
filterwoocommerce_admin_settings_sanitize_optionplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:106
actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:108
actionadmin_initplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:109
filteryith_plugin_fw_premium_landing_uriplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:112
actionwoocommerce_admin_field_boxinfoplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:126
actionwoocommerce_admin_field_yith-fieldplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:127
filterwoocommerce_admin_settings_sanitize_optionplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:129
actionadmin_menuplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:132
filteradd_menu_classesplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:134
filteradmin_body_classplugin-fw\includes\class-yit-plugin-panel.php:121
actionadmin_initplugin-fw\includes\class-yit-plugin-panel.php:122
actionadmin_menuplugin-fw\includes\class-yit-plugin-panel.php:123
actionadmin_menuplugin-fw\includes\class-yit-plugin-panel.php:124
actionadmin_bar_menuplugin-fw\includes\class-yit-plugin-panel.php:125
actionadmin_initplugin-fw\includes\class-yit-plugin-panel.php:126
actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-plugin-panel.php:128
actionadmin_initplugin-fw\includes\class-yit-plugin-panel.php:129
filteryith_plugin_fw_premium_landing_uriplugin-fw\includes\class-yit-plugin-panel.php:132
actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-plugin-panel.php:137
actionall_admin_noticesplugin-fw\includes\class-yit-plugin-panel.php:242
actionadmin_footerplugin-fw\includes\class-yit-plugin-panel.php:243
filterparent_fileplugin-fw\includes\class-yit-plugin-panel.php:245
filtersubmenu_fileplugin-fw\includes\class-yit-plugin-panel.php:246
actionadmin_menuplugin-fw\includes\class-yit-plugin-panel.php:259
filteradd_menu_classesplugin-fw\includes\class-yit-plugin-panel.php:260
filterremovable_query_argsplugin-fw\includes\class-yit-plugin-panel.php:261
actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-plugin-panel.php:1081
actionadmin_initplugin-fw\includes\class-yit-plugin-panel.php:1082
actionadmin_footerplugin-fw\includes\class-yit-plugin-panel.php:1213
actionadmin_initplugin-fw\includes\class-yit-plugin-subpanel.php:44
actionadmin_menuplugin-fw\includes\class-yit-plugin-subpanel.php:45
actionadmin_bar_menuplugin-fw\includes\class-yit-plugin-subpanel.php:46
actionadmin_initplugin-fw\includes\class-yit-plugin-subpanel.php:47
actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-plugin-subpanel.php:48
actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-pointers.php:118
actionadmin_initplugin-fw\includes\class-yit-pointers.php:119
actionyith_bh_onboardingplugin-fw\includes\class-yith-bh-onboarding.php:36
actionwp_dashboard_setupplugin-fw\includes\class-yith-dashboard.php:146
actionadmin_enqueue_scriptsplugin-fw\includes\class-yith-dashboard.php:147
actionadmin_initplugin-fw\includes\class-yith-post-type-admin.php:65
actioncurrent_screenplugin-fw\includes\class-yith-post-type-admin.php:67
actionedit_form_topplugin-fw\includes\class-yith-post-type-admin.php:70
actionmanage_posts_extra_tablenavplugin-fw\includes\class-yith-post-type-admin.php:119
actionmanage_posts_extra_tablenavplugin-fw\includes\class-yith-post-type-admin.php:120
actionrestrict_manage_postsplugin-fw\includes\class-yith-post-type-admin.php:122
filterrequestplugin-fw\includes\class-yith-post-type-admin.php:123
filterlist_table_primary_columnplugin-fw\includes\class-yith-post-type-admin.php:125
filterpost_row_actionsplugin-fw\includes\class-yith-post-type-admin.php:126
filterpage_row_actionsplugin-fw\includes\class-yith-post-type-admin.php:127
filterdefault_hidden_columnsplugin-fw\includes\class-yith-post-type-admin.php:129
actiondisable_months_dropdownplugin-fw\includes\class-yith-post-type-admin.php:137
filteradmin_body_classplugin-fw\includes\class-yith-system-status.php:95
actionadmin_menuplugin-fw\includes\class-yith-system-status.php:96
actionadmin_initplugin-fw\includes\class-yith-system-status.php:97
actionadmin_noticesplugin-fw\includes\class-yith-system-status.php:98
actionadmin_enqueue_scriptsplugin-fw\includes\class-yith-system-status.php:99
actioninitplugin-fw\includes\class-yith-system-status.php:100
filteryith_plugin_fw_privacy_guide_contentplugin-fw\includes\privacy\class-yith-privacy-plugin-abstract.php:39
actionadmin_initplugin-fw\includes\privacy\class-yith-privacy.php:50
actionplugins_loadedplugin-fw\init.php:94
filterextra_theme_headersplugin-fw\yit-functions.php:602
filteryit_title_special_charactersplugin-fw\yit-functions.php:726
filterplugin_row_metaplugin-fw\yit-plugin.php:56
actionadmin_noticesplugin-fw\yit-plugin.php:298
actionplugins_loadedplugin-fw\yit-plugin.php:300
actionshutdownplugin-fw\yit-woocommerce-compatibility.php:765
Maintenance & Trust

YITH WooCommerce Product Gallery & Image Zoom Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 2, 2026
PHP min version7.4
Downloads3.1M

Community Trust

Rating72/100
Number of ratings71
Active installs20K
Alternatives

YITH WooCommerce Product Gallery & Image Zoom Alternatives

superZoom- WooCommerce Product Image Zoom

superZoom- WooCommerce Product Image Zoom

superzoom-woocommerce-product-image-zoom

A
85

superZoom- WooCommerce Product Image Zoom add zoom effect to product images and a customizable image slider.

10 No CVEs
Product Gallery Slider, Additional Variation Images, Product Video, Product Image Zoom and Lightbox for WooCommerce – WooGallery

Product Gallery Slider, Additional Variation Images, Product Video, Product Image Zoom and Lightbox for WooCommerce – WooGallery

gallery-slider-for-woocommerce

A
100

🔥 All-in-One WooCommerce Product Image and Video Gallery Solution to Enhance Your Customers' Shopping Experience and Boost Sales Instantly! 🚀

20K No CVEs
Product Gallery Slider, Additional Variation Images for WooCommerce

Product Gallery Slider, Additional Variation Images for WooCommerce

woo-product-gallery-slider

A
99

Enhance your customers' shopping experience and boost sales instantly with this WooCommerce Product Gallery Slider! 🚀

20K 2 CVEs
Product Slider, Product Carousel and Product Grid Gallery for WooCommerce – WooProduct Slider

Product Slider, Product Carousel and Product Grid Gallery for WooCommerce – WooProduct Slider

woo-product-slider

A
99

Display your WooCommerce products in a responsive Product Slider, Product Carousel, or Product Grid Gallery with easy customization.

20K 2 CVEs
WP Image Zoom

WP Image Zoom

wp-image-zoooom

A
99

Awesome image zoom plugin for images in posts/pages and for WooCommerce products.

20K 2 CVEs
Developer Profile

YITH WooCommerce Product Gallery & Image Zoom Developer Profile

YITHEMES

33 plugins · 1.1M total installs

77
trust score
Avg Security Score
97/100
Avg Patch Time
411 days
View full developer profile
Detection Fingerprints

How We Detect YITH WooCommerce Product Gallery & Image Zoom

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/yith-woocommerce-zoom-magnifier/assets/css/frontend.min.css/wp-content/plugins/yith-woocommerce-zoom-magnifier/assets/css/magnifier.css/wp-content/plugins/yith-woocommerce-zoom-magnifier/assets/js/frontend.min.js/wp-content/plugins/yith-woocommerce-zoom-magnifier/assets/js/magnifier.js
Script Paths
/wp-content/plugins/yith-woocommerce-zoom-magnifier/assets/js/magnifier.js/wp-content/plugins/yith-woocommerce-zoom-magnifier/assets/js/frontend.min.js
Version Parameters
yith-woocommerce-zoom-magnifier/assets/css/frontend.min.css?ver=yith-woocommerce-zoom-magnifier/assets/css/magnifier.css?ver=yith-woocommerce-zoom-magnifier/assets/js/frontend.min.js?ver=yith-woocommerce-zoom-magnifier/assets/js/magnifier.js?ver=

HTML / DOM Fingerprints

CSS Classes
yith-woo-zoomyith-carousel-zoomyith-woo-zoom-main-imageyith-woo-zoom-thumbnail
Data Attributes
data-yith-zoom-magnifier
JS Globals
yith_frontend_zoom
FAQ

Frequently Asked Questions about YITH WooCommerce Product Gallery & Image Zoom