WP-Safety

Advanced Wishlist & Share – Save Products for Later Security & Risk Analysis

wordpress.org/plugins/advwl-wishlist-for-woocommerce

A simple and user-friendly wishlist plugin that allows customers to save products they love for later purchase or review.

0 active installs v1.0.2 PHP 7.0+ WP 5.0+ Updated Unknown
favorite-productsproduct-wishlistsave-for-laterwishlist
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Advanced Wishlist & Share – Save Products for Later Safe to Use in 2026?

Generally Safe

Score 100/100

Advanced Wishlist & Share – Save Products for Later has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The plugin 'advwl-wishlist-for-woocommerce' v1.0.2 exhibits a generally good security posture based on the provided static analysis. The absence of known CVEs and a clean vulnerability history are strong indicators of diligent security practices. The plugin also demonstrates good coding habits with a high percentage of SQL queries using prepared statements and a significant portion of outputs being properly escaped.

However, there are a few areas for potential improvement. The presence of 9 AJAX handlers, while all appearing to have authentication checks, still represents a considerable attack surface. More importantly, the analysis reveals 0 capability checks for these AJAX handlers. This is a significant concern as it means that while an authentication check might be in place, any logged-in user, regardless of their role or permissions, could potentially trigger these AJAX actions. The sole file operation, while not explicitly flagged as risky, warrants scrutiny to ensure it's not exploitable.

In conclusion, the plugin benefits from a clean vulnerability history and good SQL and output sanitization. The primary concern lies in the potential lack of granular capability checks on its AJAX endpoints, which could allow unauthorized actions by authenticated users. Further investigation into the specific file operations and the implementation of capability checks on all AJAX handlers is recommended to solidify its security.

Key Concerns

  • No capability checks on AJAX handlers
  • One file operation detected
Vulnerabilities
None known

Advanced Wishlist & Share – Save Products for Later Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Advanced Wishlist & Share – Save Products for Later Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
10 prepared
Unescaped Output
78
312 escaped
Nonce Checks
9
Capability Checks
0
File Operations
1
External Requests
0
Bundled Libraries
0

SQL Query Safety

91% prepared11 total queries

Output Escaping

80% escaped390 total outputs
Data Flows
All sanitized

Data Flow Analysis

4 flows
advwl_upload_file (includes\admin\inc\functions\advwl-functions.php:19)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Advanced Wishlist & Share – Save Products for Later Attack Surface

Entry Points10
Unprotected0

AJAX Handlers 9

authwp_ajax_advwl_upload_fileincludes\admin\inc\functions\advwl-functions.php:73
authwp_ajax_advwl_add_to_wishlist_actionincludes\public\inc\advwl-functions.php:287
noprivwp_ajax_advwl_add_to_wishlist_actionincludes\public\inc\advwl-functions.php:288
authwp_ajax_advwl_remove_from_wishlistincludes\public\inc\advwl-functions.php:353
noprivwp_ajax_advwl_remove_from_wishlistincludes\public\inc\advwl-functions.php:354
authwp_ajax_advwl_view_wishlistincludes\public\inc\advwl-functions.php:380
noprivwp_ajax_advwl_view_wishlistincludes\public\inc\advwl-functions.php:381
authwp_ajax_advwl_add_to_cart_actionincludes\public\inc\advwl-functions.php:641
noprivwp_ajax_advwl_add_to_cart_actionincludes\public\inc\advwl-functions.php:642

Shortcodes 1

[advwl_wishlist] includes\public\inc\advwl-shortcode.php:23
WordPress Hooks 15
actionadmin_enqueue_scriptsadvwl-wishlist-for-woocommerce.php:41
actionadmin_menuadvwl-wishlist-for-woocommerce.php:42
actionplugins_loadedadvwl-wishlist-for-woocommerce.php:43
actionwp_enqueue_scriptsadvwl-wishlist-for-woocommerce.php:45
actionadmin_noticesadvwl-wishlist-for-woocommerce.php:163
actionadmin_noticesincludes\admin\inc\functions\advwl-functions.php:13
filtermanage_edit-product_columnsincludes\admin\inc\functions\advwl-functions.php:732
actionmanage_product_posts_custom_columnincludes\admin\inc\functions\advwl-functions.php:742
actionwoocommerce_after_shop_loop_itemincludes\public\inc\advwl-functions.php:45
actionwoocommerce_after_shop_loop_itemincludes\public\inc\advwl-functions.php:48
actionwoocommerce_before_shop_loop_item_titleincludes\public\inc\advwl-functions.php:51
actionwoocommerce_before_add_to_cart_buttonincludes\public\inc\advwl-functions.php:66
actionwoocommerce_after_add_to_cart_buttonincludes\public\inc\advwl-functions.php:69
actionwoocommerce_product_thumbnailsincludes\public\inc\advwl-functions.php:72
filterwoocommerce_add_to_cart_fragmentsincludes\public\inc\advwl-functions.php:621
Maintenance & Trust

Advanced Wishlist & Share – Save Products for Later Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedUnknown
PHP min version7.0
Downloads426

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Advanced Wishlist & Share – Save Products for Later Alternatives

Bizzwishlist

Bizzwishlist

bizzwishlist

A
100

A lightweight and powerful WooCommerce Wishlist addon. Allow customers to save their favorite products and purchase them later.

0 No CVEs
Addonify – WooCommerce Wishlist

Addonify – WooCommerce Wishlist

addonify-wishlist

A
99

Addonify WooCommerce Wishlist is a light-weight yet powerful tool that adds a wishlist functionality to your e-commerce shop.

1K 1 CVE
WPMozo Wishlist Lite for WooCommerce

WPMozo Wishlist Lite for WooCommerce

wpmozo-wishlist-lite-for-woocommerce

A
100

WPMozo Wishlist Lite for WooCommerce adds a wishlist feature to your WooCommerce store, allowing customers to save their favorite products for future …

10 No CVEs
Velocity Wishlist – WooCommerce Wishlist Plugin

Velocity Wishlist – WooCommerce Wishlist Plugin

velocity-wishlist

A
100

Powerful, lightweight wishlist functionality for WooCommerce. Supports guest users, product variations, social sharing, and fully customizable buttons …

0 No CVEs
QODE Wishlist for WooCommerce

QODE Wishlist for WooCommerce

qode-wishlist-for-woocommerce

A
99

Qode Wishlist for WooCommerce plugin is the ideal toolkit for letting your visitors save & share comprehensive lists with their products of interest.

10K 1 CVE
Developer Profile

Advanced Wishlist & Share – Save Products for Later Developer Profile

Kirtikumar Solanki

13 plugins · 120 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Advanced Wishlist & Share – Save Products for Later

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/advwl-wishlist-for-woocommerce/includes/admin/css/advwl-admin.css/wp-content/plugins/advwl-wishlist-for-woocommerce/includes/admin/js/advwl-admin.js/wp-content/plugins/advwl-wishlist-for-woocommerce/includes/public/css/advwl-frontend.css/wp-content/plugins/advwl-wishlist-for-woocommerce/includes/public/css/advwl-all.css/wp-content/plugins/advwl-wishlist-for-woocommerce/includes/public/js/advwl-frontend.js
Script Paths
/wp-content/plugins/advwl-wishlist-for-woocommerce/includes/admin/js/advwl-admin.js/wp-content/plugins/advwl-wishlist-for-woocommerce/includes/public/js/advwl-frontend.js
Version Parameters
/wp-content/plugins/advwl-wishlist-for-woocommerce/includes/admin/css/advwl-admin.css?ver=/wp-content/plugins/advwl-wishlist-for-woocommerce/includes/admin/js/advwl-admin.js?ver=/wp-content/plugins/advwl-wishlist-for-woocommerce/includes/public/css/advwl-frontend.css?ver=/wp-content/plugins/advwl-wishlist-for-woocommerce/includes/public/css/advwl-all.css?ver=/wp-content/plugins/advwl-wishlist-for-woocommerce/includes/public/js/advwl-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
advwl_add_to_wishlistadvwl_wishlist_button
HTML Comments
<!-- Do action for loop pages -->
Data Attributes
data-product_iddata-wishlist_iddata-add_to_cart_textdata-remove_from_wishlist_textdata-already_in_wishlist_text
JS Globals
advwl_uploadadvwl_addto_wishlistadvwl_paramsadvwl_view_wishlistadvwl_ajax
Shortcode Output
[advwl_add_to_wishlist][advwl_wishlist_page]
FAQ

Frequently Asked Questions about Advanced Wishlist & Share – Save Products for Later