Does YML for Yandex Market have any unpatched vulnerabilities?

No. All known vulnerabilities in YML for Yandex Market have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is YML for Yandex Market compatible with WordPress 6.9.4?

According to WordPress.org data, YML for Yandex Market 5.2.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is YML for Yandex Market compatible with PHP 7.4.0+?

YML for Yandex Market requires PHP 7.4.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is YML for Yandex Market updated?

YML for Yandex Market was last updated on Feb 4, 2026. Frequent updates are generally a positive security signal.

What is YML for Yandex Market's security score?

YML for Yandex Market has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

YML for Yandex Market Security Review

Safety Verdict

Is YML for Yandex Market Safe to Use in 2026?

Generally Safe

Score 98/100

YML for Yandex Market has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Oct 1, 2024Updated 1mo ago

Risk Assessment

The 'yml-for-yandex-market' plugin v5.2.0 exhibits a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for SQL queries and achieving a high rate of proper output escaping. The presence of nonce and capability checks, along with file operations and external HTTP requests, suggests intentional security considerations in its design. However, a significant concern arises from its attack surface, which includes one AJAX handler lacking authentication checks. This creates a direct entry point for unauthenticated attackers.

The vulnerability history shows a past pattern of medium-severity Cross-Site Scripting (XSS) vulnerabilities, with the most recent one patched. While no currently unpatched vulnerabilities are reported, the previous occurrences of XSS indicate a potential for such issues if input sanitization is not consistently applied across all entry points. The taint analysis, while not revealing critical or high-severity flaws, shows a notable number of flows with unsanitized paths, which could potentially be exploited in conjunction with other weaknesses.

In conclusion, while the plugin incorporates several strong security measures, the presence of an unprotected AJAX handler is a critical weakness that needs immediate attention. The past XSS vulnerabilities, though patched, serve as a reminder to maintain rigorous input validation and output escaping practices. The taint analysis also points to areas where sanitization could be strengthened to further reduce risk.

Key Concerns

Unprotected AJAX handler present
Flows with unsanitized paths detected
Past XSS vulnerabilities indicate risk

Vulnerabilities

3

YML for Yandex Market Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

2 CVEs in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

3

3 total CVEs

CVE-2024-9378medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

YML for Yandex Market <= 4.7.2 - Reflected Cross-Site Scripting

Oct 1, 2024 Patched in 4.7.3 (1d)

CVE-2024-1365medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

YML for Yandex Market <= 4.2.3 - Reflected Cross-Site Scripting

Feb 23, 2024 Patched in 4.2.4 (99d)

CVE-2023-30473medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Yml for Yandex Market <= 3.10.7 - Reflected Cross-Site Scripting

Apr 17, 2023 Patched in 3.10.8 (281d)

Code Analysis

Analyzed Mar 16, 2026

YML for Yandex Market Code Analysis

Dangerous Functions

0

Raw SQL Queries

0

0 prepared

Unescaped Output

4

152 escaped

Nonce Checks

8

Capability Checks

4

File Operations

12

External Requests

2

Bundled Libraries

1

Bundled Libraries

Select2

Output Escaping

97% escaped156 total outputs

Data Flows

5 unsanitized

Data Flow Analysis

11 flows5 with unsanitized paths

save_plugin_set (admin\class-y4ym-admin.php:532)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

YML for Yandex Market Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_y4ym_select2includes\class-y4ym.php:277

WordPress Hooks 45

actionshutdownincludes\class-y4ym-autoloader.php:96

actionplugins_loadedincludes\class-y4ym.php:216

actionadmin_enqueue_scriptsincludes\class-y4ym.php:233

actionadmin_enqueue_scriptsincludes\class-y4ym.php:234

actioninitincludes\class-y4ym.php:237

actionwoocommerce_product_data_tabsincludes\class-y4ym.php:240

actionadmin_footerincludes\class-y4ym.php:241

actionwoocommerce_product_data_panelsincludes\class-y4ym.php:242

actionwoocommerce_product_options_skuincludes\class-y4ym.php:243

actionsave_postincludes\class-y4ym.php:244

actionwoocommerce_product_after_variable_attributesincludes\class-y4ym.php:245

actionwoocommerce_save_product_variationincludes\class-y4ym.php:246

actionadmin_footerincludes\class-y4ym.php:249

actionadmin_menuincludes\class-y4ym.php:257

actionadmin_initincludes\class-y4ym.php:260

actionadmin_initincludes\class-y4ym.php:263

filtery4ym_f_flag_save_if_emptyincludes\class-y4ym.php:266

actiony4ym_f_feedback_additional_infoincludes\class-y4ym.php:284

actionwp_enqueue_scriptsincludes\class-y4ym.php:301

actionwp_enqueue_scriptsincludes\class-y4ym.php:302

actioncron_schedulesincludes\class-y4ym.php:323

actiony4ym_cron_start_feed_creationincludes\class-y4ym.php:326

actiony4ym_cron_sborkiincludes\class-y4ym.php:329

actionwoocommerce_reduce_order_item_stockincludes\class-y4ym.php:332

actioninitincludes\class-y4ym.php:335

actionyfym_collection_add_form_fieldsincludes\class-y4ym.php:336

actionyfym_collection_edit_form_fieldsincludes\class-y4ym.php:337

actionedited_yfym_collectionincludes\class-y4ym.php:338

actioncreate_yfym_collectionincludes\class-y4ym.php:339

actionupload_mimesincludes\class-y4ym.php:342

actionadmin_print_footer_scriptsincludes\common-libs\class-icpd-promo.php:145

actionadmin_noticesincludes\common-libs\class-icpd-set-admin-notices.php:68

actionadmin_print_footer_scriptsincludes\feedback\class-y4ym-feedback.php:83

actionadmin_initincludes\feedback\class-y4ym-feedback.php:90

filterwp_mail_content_typeincludes\feedback\class-y4ym-feedback.php:275

actiony4ym_activation_formsincludes\updates\class-y4ym-plugin-form-activate.php:114

filterpre_site_transient_update_pluginsincludes\updates\class-y4ym-plugin-form-activate.php:262

filterpre_set_site_transient_update_pluginsincludes\updates\class-y4ym-plugin-upd.php:138

filterplugins_apiincludes\updates\class-y4ym-plugin-upd.php:140

filterupgrader_package_optionsincludes\updates\class-y4ym-plugin-upd.php:142

filterplugin_action_linksincludes\updates\class-y4ym-plugin-upd.php:143

filterupload_mimesincludes\wordpress\class-y4ym-mime-types.php:29

actionadmin_noticesyml-for-yandex-market.php:152

actionadmin_noticesyml-for-yandex-market.php:172

actionbefore_woocommerce_inityml-for-yandex-market.php:184

Scheduled Events 2

y4ym_cron_start_feed_creation

y4ym_cron_sborki

Maintenance & Trust

YML for Yandex Market Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 4, 2026

PHP min version7.4.0

Downloads690K

Community Trust

Rating96/100

Number of ratings72

Active installs10K

Alternatives

YML for Yandex Market Alternatives

Market Exporter

market-exporter

A

96

Плагин для экспорта товарных предложений из WooCommerce в YML файл для Яндекс Маркет.

1K 3 CVEs

Import from YML

import-from-yml

A

99

Import products from YML-feed to WooCommerce.

500 1 CVE

Mergado Pack

mergado-marketing-pack

C

56

Connect your online store to the e-commerce world and get even more from hundreds shopping channels

800 2 unpatched

XML for Avito

xml-for-avito

A

99

Создаёт XML-feed для загрузки на Авито.

100 1 CVE

XML for Hotline

xml-for-hotline

A

92

Creates a XML-feed to upload to Hotline.ua.

100 No CVEs

Developer Profile

YML for Yandex Market Developer Profile

icopydoc

14 plugins · 16K total installs

75

trust score

Avg Security Score

94/100

Avg Patch Time

102 days

View full developer profile

Detection Fingerprints

How We Detect YML for Yandex Market

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/yml-for-yandex-market/classes/YandexMarket.php/wp-content/plugins/yml-for-yandex-market/classes/YmlFeedGenerator.php/wp-content/plugins/yml-for-yandex-market/classes/WooCommerceFeed.php/wp-content/plugins/yml-for-yandex-market/yml-for-yandex-market.php

HTML / DOM Fingerprints

FAQ

YML for Yandex Market Security & Risk Analysis

Is YML for Yandex Market Safe to Use in 2026?

Generally Safe

Key Concerns

YML for Yandex Market Security Vulnerabilities

CVEs by Year

Severity Breakdown

YML for Yandex Market Code Analysis

Bundled Libraries

Output Escaping

Data Flow Analysis

YML for Yandex Market Attack Surface

AJAX Handlers 1

Scheduled Events 2

YML for Yandex Market Maintenance & Trust

Maintenance Signals

Community Trust

YML for Yandex Market Alternatives

Market Exporter

Import from YML

Mergado Pack

XML for Avito

XML for Hotline

YML for Yandex Market Developer Profile

How We Detect YML for Yandex Market

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about YML for Yandex Market