Does Better Wishlist have any unpatched vulnerabilities?

No. All known vulnerabilities in Better Wishlist have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Better Wishlist compatible with WordPress 6.6.5?

According to WordPress.org data, Better Wishlist 0.0.3 has been tested up to WordPress 6.6.5. Check the plugin's changelog for the latest compatibility information.

How often is Better Wishlist updated?

Better Wishlist was last updated on Oct 23, 2024. Frequent updates are generally a positive security signal.

What is Better Wishlist's security score?

Better Wishlist has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Better Wishlist Security & Risk Analysis

wordpress.org/plugins/better-wishlist

Better Wishlist lets you display Wishlist anywhere on your WooCommerce shop so that your customers can easily bookmark their favourite products and fi …

10 active installs v0.0.3 PHP + WP 4.0+ Updated Oct 23, 2024

e-commerceecommerce-wishlistshopwishlistwoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Better Wishlist Safe to Use in 2026?

Generally Safe

Score 92/100

Better Wishlist has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The "better-wishlist" v0.0.3 plugin demonstrates several positive security practices, including a high percentage of properly escaped outputs and a significant portion of SQL queries using prepared statements. The absence of file operations and external HTTP requests further contributes to a relatively controlled environment. However, the presence of two taint flows with unsanitized paths, both flagged as high severity, is a significant concern and indicates potential vulnerabilities that could be exploited for malicious purposes. While the plugin has no recorded vulnerability history (CVEs), this does not negate the risks identified in the static analysis. The lack of historical issues might be due to its version or limited exposure, and the current taint analysis highlights areas that require immediate attention. Overall, the plugin exhibits some good security habits but has critical weaknesses in its handling of data flow, making it a moderate risk until these taint issues are addressed.

Key Concerns

High severity taint flow with unsanitized path
High severity taint flow with unsanitized path
0% capability checks on entry points

Vulnerabilities

None known

Better Wishlist Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Better Wishlist Code Analysis

Dangerous Functions

Raw SQL Queries

16 prepared

Unescaped Output

29 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

70% prepared23 total queries

Output Escaping

94% escaped31 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths

save_settings (src\Admin.php:108)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Better Wishlist Attack Surface

Entry Points17

Unprotected0

AJAX Handlers 15

authwp_ajax_bw_save_settingssrc\Admin.php:29

authwp_ajax_added_wishlist_iconsrc\Frontend.php:59

noprivwp_ajax_added_wishlist_iconsrc\Frontend.php:60

authwp_ajax_add_to_wishlistsrc\Frontend.php:62

noprivwp_ajax_add_to_wishlistsrc\Frontend.php:63

authwp_ajax_add_to_mini_wishlistsrc\Frontend.php:65

noprivwp_ajax_add_to_mini_wishlistsrc\Frontend.php:66

authwp_ajax_restore_wishlistsrc\Frontend.php:68

noprivwp_ajax_restore_wishlistsrc\Frontend.php:69

authwp_ajax_remove_from_wishlistsrc\Frontend.php:71

noprivwp_ajax_remove_from_wishlistsrc\Frontend.php:72

authwp_ajax_add_to_cart_singlesrc\Frontend.php:74

noprivwp_ajax_add_to_cart_singlesrc\Frontend.php:75

authwp_ajax_add_to_cart_multiplesrc\Frontend.php:77

noprivwp_ajax_add_to_cart_multiplesrc\Frontend.php:78

Shortcodes 2

[better_wishlist] src\Frontend.php:86

[better_wishlist_mini] src\Frontend.php:87

WordPress Hooks 12

actionadmin_menusrc\Admin.php:28

actioninitsrc\Frontend.php:51

actionwp_enqueue_scriptssrc\Frontend.php:52

actionwoocommerce_account_betterwishlist_endpointsrc\Frontend.php:53

actionwoocommerce_loop_add_to_cart_linksrc\Frontend.php:55

filterbody_classsrc\Frontend.php:81

filterwoocommerce_account_menu_itemssrc\Frontend.php:82

filterwp_nav_menu_itemssrc\Frontend.php:83

actionwp_loginsrc\Model.php:63

filteradmin_noticessrc\Plugin.php:96

filterdisplay_post_statessrc\Plugin.php:97

actionbetter_wishlist_delete_expired_wishlistsrc\Schedule.php:44

Scheduled Events 1

better_wishlist_delete_expired_wishlist

Maintenance & Trust

Better Wishlist Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5

Last updatedOct 23, 2024

PHP min version

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Better Wishlist Alternatives

PBO Move to Wishlist for YITH WooCommerce Wishlist

pbo-move-to-wishlist-for-yith-woocommerce-wishlist

PBO Move to Wishlist for YITH WooCommerce Wishlist is a simple solution for adding functionality called 'Move to Wishlist' to Shopping Cart.

10 No CVEs

Wishlist for Woocommerce

wishlist-for-woocommerce

Wishlist Plugin lets your customers save the items that they would like to purchase, but in future. WooCommerce 2.4.6 compatible.

10 No CVEs

TI WooCommerce Wishlist

ti-woocommerce-wishlist

Boost your sales with a free WooCommerce Wishlist feature. Let your customers save and share their favorite products!

100K 9 CVEs

Product Filter for WooCommerce by WBW

woo-product-filter

Filter products by categories, attributes, prices, and more. Elementor Compatibility. Shoppers easily find products with WooCommerce Product Filter

60K 6 CVEs

WCBoost – Wishlist

wcboost-wishlist

100

WCBoost - Wishlist lets shoppers create wishlists for later purchases, reminding them of desired items, driving repeat visits and boost sales.

30K No CVEs

Developer Profile

Better Wishlist Developer Profile

WPDeveloper

46 plugins · 4.0M total installs

trust score

Avg Security Score

91/100

Avg Patch Time

163 days

View full developer profile

Detection Fingerprints

How We Detect Better Wishlist

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/better-wishlist/public/assets/css/frontend.css/wp-content/plugins/better-wishlist/public/assets/js/frontend.js/wp-content/plugins/better-wishlist/public/assets/css/admin.css/wp-content/plugins/better-wishlist/public/assets/js/admin.js

Script Paths

/wp-content/plugins/better-wishlist/public/assets/js/frontend.js/wp-content/plugins/better-wishlist/public/assets/js/admin.js

Version Parameters

better-wishlist/public/assets/css/frontend.css?ver=better-wishlist/public/assets/js/frontend.js?ver=better-wishlist/public/assets/css/admin.css?ver=better-wishlist/public/assets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

betterwishlist-admin

JS Globals

BetterWishlist

Shortcode Output

[better_wishlist][better_wishlist_mini]

FAQ