WP-Safety

Year Make Model Search for WooCommerce Security & Risk Analysis

wordpress.org/plugins/ymm-search

It will find products for selected make and model.

1K active installs v1.0.12 PHP + WP 4.7+ Updated Feb 20, 2026
part-findertyre-searchyear-make-model-searchymm
99
A · Safe
CVEs total1
Unpatched0
Last CVEMay 19, 2025
Download
Safety Verdict

Is Year Make Model Search for WooCommerce Safe to Use in 2026?

Generally Safe

Score 99/100

Year Make Model Search for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: May 19, 2025Updated 2mo ago
Risk Assessment

The 'ymm-search' plugin v1.0.12 exhibits a mixed security posture. While it has no known unpatched vulnerabilities, the static analysis reveals several significant concerns. A large portion of its attack surface, specifically 5 out of 6 entry points, lacks proper authentication checks. This is further exacerbated by taint analysis indicating 4 high-severity flows with unsanitized paths, suggesting potential for data manipulation or injection if these paths are reached.

The plugin's vulnerability history shows a past medium-severity Cross-Site Request Forgery (CSRF) vulnerability, which, while now patched, indicates a potential for such issues. The static analysis also highlights poor output escaping practices, with only 8% of outputs properly escaped, increasing the risk of Cross-Site Scripting (XSS) vulnerabilities. The presence of raw SQL queries without prepared statements in 26% of cases (7 out of 19) is also a concern for SQL injection.

Overall, the plugin has strengths in its lack of external HTTP requests and a decent percentage of SQL queries using prepared statements. However, the high number of unprotected entry points, critical taint flows, and insufficient output escaping significantly outweigh these strengths, presenting a notable risk to WordPress installations.

Key Concerns

  • High number of unprotected AJAX handlers
  • High severity taint flows with unsanitized paths
  • Low percentage of properly escaped output
  • SQL queries not using prepared statements
  • Past medium severity vulnerability (CSRF)
Vulnerabilities
1 published

Year Make Model Search for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-48265medium · 4.3Cross-Site Request Forgery (CSRF)

Year Make Model Search for WooCommerce <= 1.0.11 - Cross-Site Request Forgery

May 19, 2025 Patched in 1.0.12 (10d)
Version History

Year Make Model Search for WooCommerce Release Timeline

No version history available.
Code Analysis
Analyzed Mar 16, 2026

Year Make Model Search for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
5
14 prepared
Unescaped Output
133
12 escaped
Nonce Checks
1
Capability Checks
1
File Operations
2
External Requests
0
Bundled Libraries
0

SQL Query Safety

74% prepared19 total queries

Output Escaping

8% escaped145 total outputs
Data Flows · Security
9 unsanitized

Data Flow Analysis

9 flows9 with unsanitized paths
execute (Controller\Adminhtml\Ymm\Selector.php:30)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
5 unprotected

Year Make Model Search for WooCommerce Attack Surface

Entry Points6
Unprotected5

AJAX Handlers 5

authwp_ajax_ymm_selector_fetchymm-search.php:109
noprivwp_ajax_ymm_selector_fetchymm-search.php:110
authwp_ajax_ymm_selector_get_categoriesymm-search.php:115
noprivwp_ajax_ymm_selector_get_categoriesymm-search.php:116
authwp_ajax_ymm_restriction_searchymm-search.php:121

Shortcodes 1

[ymm_selector] ymm-search.php:84
WordPress Hooks 16
filterwoocommerce_product_data_tabsBlock\Adminhtml\Product\Edit\Restriction.php:19
actionwoocommerce_product_data_panelsBlock\Adminhtml\Product\Edit\Restriction.php:20
actionwoocommerce_process_product_metaBlock\Adminhtml\Product\Edit\Restriction.php:21
filtersingle_term_titleController\Product.php:24
filterwoocommerce_layered_nav_linkController\Product.php:25
filterwoocommerce_get_filtered_term_product_counts_queryController\Product.php:26
filterget_search_queryController\Product.php:27
actionwp_enqueue_scriptsymm-search.php:77
actionadmin_enqueue_scriptsymm-search.php:78
actionplugins_loadedymm-search.php:80
actionwidgets_initymm-search.php:81
actionadmin_menuymm-search.php:82
filterwoocommerce_product_tabsymm-search.php:90
filterpre_get_postsymm-search.php:95
actioninitymm-search.php:101
actionbefore_woocommerce_initymm-search.php:288
Maintenance & Trust

Year Make Model Search for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 20, 2026
PHP min version
Downloads28K

Community Trust

Rating100/100
Number of ratings34
Active installs1K
Alternatives

Year Make Model Search for WooCommerce Alternatives

SEMA API

SEMA API

sema-api

A
96

The plugin is built to automatically transfer auto parts data from SEMA Data Coop to Wordpress/wooCommerce. A comprehensive frontend catalog search p &hellip;

30 2 CVEs
YMM Product Filter for Woo – Year Make Model search

YMM Product Filter for Woo – Year Make Model search

tyresaddict-ymm-product-filter

A
100

Filter and search products using Year Make Model. Finder widgets for pages with Elementor support, import/export YMM data.

10 No CVEs
Developer Profile

Year Make Model Search for WooCommerce Developer Profile

Pektsekye

15 plugins · 6K total installs

91
trust score
Avg Security Score
96/100
Avg Patch Time
8 days
View full developer profile
Detection Fingerprints

How We Detect Year Make Model Search for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ymm-search/view/adminhtml/web/ymm/main.css/wp-content/plugins/ymm-search/view/adminhtml/web/product/edit/main.js/wp-content/plugins/ymm-search/view/adminhtml/web/product/edit/main.css/wp-content/plugins/ymm-search/view/frontend/web/main.js/wp-content/plugins/ymm-search/view/frontend/web/main.css/wp-content/plugins/ymm-search/view/frontend/web/product/restriction.css
Script Paths
/wp-content/plugins/ymm-search/view/adminhtml/web/ymm/main.css/wp-content/plugins/ymm-search/view/adminhtml/web/product/edit/main.js/wp-content/plugins/ymm-search/view/adminhtml/web/product/edit/main.css/wp-content/plugins/ymm-search/view/frontend/web/main.js/wp-content/plugins/ymm-search/view/frontend/web/main.css/wp-content/plugins/ymm-search/view/frontend/web/product/restriction.css
Version Parameters
ymm-search/view/adminhtml/web/ymm/main.css?ver=ymm-search/view/adminhtml/web/product/edit/main.js?ver=ymm-search/view/adminhtml/web/product/edit/main.css?ver=ymm-search/view/frontend/web/main.js?ver=ymm-search/view/frontend/web/main.css?ver=ymm-search/view/frontend/web/product/restriction.css?ver=

HTML / DOM Fingerprints

CSS Classes
ymm-selector-widgetymm-horizontal-selector-widgetymm-product-restriction-tabymm-admin-manage-selector
HTML Comments
<!-- YMM SEARCH START --><!-- YMM SEARCH END --><!-- YMM SEARCH FOR GARAGE START --><!-- YMM SEARCH FOR GARAGE END -->
Data Attributes
data-ymm-selector-widget-iddata-ymm-garage-enableddata-ymm-remove-from-garage-enableddata-ymm-filter-category-pagedata-ymm-template
JS Globals
ymm_selector_paramsYmmSelector
REST Endpoints
/wp-json/ymm/v1/selector/fetch/wp-json/ymm/v1/selector/categories/wp-json/ymm/v1/restriction/search
Shortcode Output
<div class="ymm-selector-widget"<div class="ymm-horizontal-selector-widget"
FAQ

Frequently Asked Questions about Year Make Model Search for WooCommerce