Does Year Make Model Search for WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in Year Make Model Search for WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Year Make Model Search for WooCommerce compatible with WordPress 6.9.4?

According to WordPress.org data, Year Make Model Search for WooCommerce 1.0.12 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Year Make Model Search for WooCommerce updated?

Year Make Model Search for WooCommerce was last updated on Feb 20, 2026. Frequent updates are generally a positive security signal.

What is Year Make Model Search for WooCommerce's security score?

Year Make Model Search for WooCommerce has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Year Make Model Search for WooCommerce Security Review

Safety Verdict

Is Year Make Model Search for WooCommerce Safe to Use in 2026?

Generally Safe

Score 99/100

Year Make Model Search for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: May 19, 2025Updated 1mo ago

Risk Assessment

The 'ymm-search' plugin v1.0.12 exhibits a mixed security posture. While it has no known unpatched vulnerabilities, the static analysis reveals several significant concerns. A large portion of its attack surface, specifically 5 out of 6 entry points, lacks proper authentication checks. This is further exacerbated by taint analysis indicating 4 high-severity flows with unsanitized paths, suggesting potential for data manipulation or injection if these paths are reached.

The plugin's vulnerability history shows a past medium-severity Cross-Site Request Forgery (CSRF) vulnerability, which, while now patched, indicates a potential for such issues. The static analysis also highlights poor output escaping practices, with only 8% of outputs properly escaped, increasing the risk of Cross-Site Scripting (XSS) vulnerabilities. The presence of raw SQL queries without prepared statements in 26% of cases (7 out of 19) is also a concern for SQL injection.

Overall, the plugin has strengths in its lack of external HTTP requests and a decent percentage of SQL queries using prepared statements. However, the high number of unprotected entry points, critical taint flows, and insufficient output escaping significantly outweigh these strengths, presenting a notable risk to WordPress installations.

Key Concerns

High number of unprotected AJAX handlers
High severity taint flows with unsanitized paths
Low percentage of properly escaped output
SQL queries not using prepared statements
Past medium severity vulnerability (CSRF)

Vulnerabilities

1

Year Make Model Search for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1

1 total CVE

CVE-2025-48265medium · 4.3Cross-Site Request Forgery (CSRF)

Year Make Model Search for WooCommerce <= 1.0.11 - Cross-Site Request Forgery

May 19, 2025 Patched in 1.0.12 (10d)

Code Analysis

Analyzed Mar 16, 2026

Year Make Model Search for WooCommerce Code Analysis

Dangerous Functions

0

Raw SQL Queries

5

14 prepared

Unescaped Output

133

12 escaped

Nonce Checks

1

Capability Checks

1

File Operations

2

External Requests

0

Bundled Libraries

0

SQL Query Safety

74% prepared19 total queries

Output Escaping

8% escaped145 total outputs

Data Flows

9 unsanitized

Data Flow Analysis

9 flows9 with unsanitized paths

execute (Controller\Adminhtml\Ymm\Selector.php:30)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

5 unprotected

Year Make Model Search for WooCommerce Attack Surface

Entry Points6

Unprotected5

AJAX Handlers 5

authwp_ajax_ymm_selector_fetchymm-search.php:109

noprivwp_ajax_ymm_selector_fetchymm-search.php:110

authwp_ajax_ymm_selector_get_categoriesymm-search.php:115

noprivwp_ajax_ymm_selector_get_categoriesymm-search.php:116

authwp_ajax_ymm_restriction_searchymm-search.php:121

Shortcodes 1

[ymm_selector] ymm-search.php:84

WordPress Hooks 16

filterwoocommerce_product_data_tabsBlock\Adminhtml\Product\Edit\Restriction.php:19

actionwoocommerce_product_data_panelsBlock\Adminhtml\Product\Edit\Restriction.php:20

actionwoocommerce_process_product_metaBlock\Adminhtml\Product\Edit\Restriction.php:21

filtersingle_term_titleController\Product.php:24

filterwoocommerce_layered_nav_linkController\Product.php:25

filterwoocommerce_get_filtered_term_product_counts_queryController\Product.php:26

filterget_search_queryController\Product.php:27

actionwp_enqueue_scriptsymm-search.php:77

actionadmin_enqueue_scriptsymm-search.php:78

actionplugins_loadedymm-search.php:80

actionwidgets_initymm-search.php:81

actionadmin_menuymm-search.php:82

filterwoocommerce_product_tabsymm-search.php:90

filterpre_get_postsymm-search.php:95

actioninitymm-search.php:101

actionbefore_woocommerce_initymm-search.php:288

Maintenance & Trust

Year Make Model Search for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 20, 2026

PHP min version

Downloads28K

Community Trust

Rating100/100

Number of ratings34

Active installs1K

Alternatives

Year Make Model Search for WooCommerce Alternatives

SEMA API

sema-api

A

96

The plugin is built to automatically transfer auto parts data from SEMA Data Coop to Wordpress/wooCommerce. A comprehensive frontend catalog search p …

30 2 CVEs

YMM Product Filter for Woo – Year Make Model search

tyresaddict-ymm-product-filter

A

100

Filter and search products using Year Make Model. Finder widgets for pages with Elementor support, import/export YMM data.

10 No CVEs

Developer Profile

Year Make Model Search for WooCommerce Developer Profile

Pektsekye

14 plugins · 6K total installs

93

trust score

Avg Security Score

98/100

Avg Patch Time

8 days

View full developer profile

Detection Fingerprints

How We Detect Year Make Model Search for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/ymm-search/view/adminhtml/web/ymm/main.css/wp-content/plugins/ymm-search/view/adminhtml/web/product/edit/main.js/wp-content/plugins/ymm-search/view/adminhtml/web/product/edit/main.css/wp-content/plugins/ymm-search/view/frontend/web/main.js/wp-content/plugins/ymm-search/view/frontend/web/main.css/wp-content/plugins/ymm-search/view/frontend/web/product/restriction.css

Script Paths

/wp-content/plugins/ymm-search/view/adminhtml/web/ymm/main.css/wp-content/plugins/ymm-search/view/adminhtml/web/product/edit/main.js/wp-content/plugins/ymm-search/view/adminhtml/web/product/edit/main.css/wp-content/plugins/ymm-search/view/frontend/web/main.js/wp-content/plugins/ymm-search/view/frontend/web/main.css/wp-content/plugins/ymm-search/view/frontend/web/product/restriction.css

Version Parameters

ymm-search/view/adminhtml/web/ymm/main.css?ver=ymm-search/view/adminhtml/web/product/edit/main.js?ver=ymm-search/view/adminhtml/web/product/edit/main.css?ver=ymm-search/view/frontend/web/main.js?ver=ymm-search/view/frontend/web/main.css?ver=ymm-search/view/frontend/web/product/restriction.css?ver=

HTML / DOM Fingerprints

CSS Classes

ymm-selector-widgetymm-horizontal-selector-widgetymm-product-restriction-tabymm-admin-manage-selector

HTML Comments

Data Attributes

data-ymm-selector-widget-iddata-ymm-garage-enableddata-ymm-remove-from-garage-enableddata-ymm-filter-category-pagedata-ymm-template

JS Globals

ymm_selector_paramsYmmSelector

REST Endpoints

/wp-json/ymm/v1/selector/fetch/wp-json/ymm/v1/selector/categories/wp-json/ymm/v1/restriction/search

Shortcode Output

<div class="ymm-selector-widget"<div class="ymm-horizontal-selector-widget"

FAQ

Year Make Model Search for WooCommerce Security & Risk Analysis