WP-Safety

Easy Wishlist Security & Risk Analysis

wordpress.org/plugins/easy-wishlist

The Easy Wishlist Plugin provides a wishlist solution for ecommerce websites. Users can wishlist products and view them anytime.

100 active installs v1.0.3 PHP 7.4+ WP 6.0+ Updated Nov 30, 2025
easy-wishlistproduct-wishlistsave-productwishlistwishlist-products
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Easy Wishlist Safe to Use in 2026?

Generally Safe

Score 100/100

Easy Wishlist has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago
Risk Assessment

The "easy-wishlist" v1.0.3 plugin demonstrates a generally strong security posture based on the static analysis. The plugin has no known CVEs, indicating a good track record and likely a diligent development approach regarding security. Furthermore, the code analysis reveals no critical or high-severity taint flows, no direct SQL queries without prepared statements, and a very high percentage of properly escaped output. The absence of file operations and external HTTP requests also reduces the attack surface. The presence of nonce checks on AJAX handlers is a positive sign of protecting against CSRF attacks.

However, a notable concern is the complete absence of capability checks for its AJAX handlers and shortcodes. While there are no unauthenticated entry points detected in the attack surface analysis, this lack of capability checks means that any authenticated user, regardless of their role or permissions, could potentially interact with these features. This could lead to privilege escalation or unauthorized actions if the functionality itself can be abused. The plugin's vulnerability history being empty is a positive indicator, but it doesn't negate the need for robust authorization controls.

In conclusion, "easy-wishlist" v1.0.3 is likely a secure plugin in many regards, particularly concerning code execution vulnerabilities and data leakage. Its strengths lie in its clean code regarding SQL, output escaping, and lack of known historical issues. The primary weakness, and a significant one from a security perspective, is the missing capability checks, which leaves it vulnerable to authorization bypass for authenticated users.

Key Concerns

  • Missing capability checks on AJAX handlers
  • Missing capability checks on shortcodes
Vulnerabilities
None known

Easy Wishlist Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Easy Wishlist Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
8
148 escaped
Nonce Checks
6
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

95% escaped156 total outputs
Data Flows
All sanitized

Data Flow Analysis

3 flows
eswislst_save_plugin_options (admin\includes\class.admin-settings.php:351)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Easy Wishlist Attack Surface

Entry Points7
Unprotected0

AJAX Handlers 4

authwp_ajax_eswislst_save_plugin_optionsadmin\includes\class.admin-settings.php:12
noprivwp_ajax_eswislst_save_plugin_optionsadmin\includes\class.admin-settings.php:13
noprivwp_ajax_eswislst_get_easy_wishlisted_productspublic\includes\class.wishlist-view.php:29
authwp_ajax_eswislst_get_easy_wishlisted_productspublic\includes\class.wishlist-view.php:30

Shortcodes 3

[eswislst_counter] admin\includes\shortcodes.php:6
[eswislst_button] admin\includes\shortcodes.php:31
[eswislst_product_list] admin\includes\shortcodes.php:62
WordPress Hooks 19
actionadmin_menuadmin\includes\class.admin-settings.php:9
actionadmin_initadmin\includes\class.admin-settings.php:10
actionplugins_loadedadmin\includes\class.templates.php:18
filtertemplate_includeadmin\includes\class.templates.php:23
filterthe_contentadmin\includes\class.templates.php:24
filterdisplay_post_statesadmin\includes\class.wishlist-admin.php:44
actionadmin_enqueue_scriptsadmin\includes\plugin-scripts.php:3
actionplugins_loadedclass.easy-wishlist.php:14
actionelementor/widgets/registerclass.easy-wishlist.php:33
actionelementor/elements/categories_registeredclass.easy-wishlist.php:34
actionelementor/editor/before_enqueue_scriptsclass.easy-wishlist.php:35
actionwoocommerce_before_shop_loop_item_titlepublic\includes\class.woocommerce-hooks.php:19
actionwoocommerce_loop_add_to_cart_linkpublic\includes\class.woocommerce-hooks.php:21
actionwoocommerce_before_shop_loop_item_titlepublic\includes\class.woocommerce-hooks.php:27
actionwoocommerce_after_shop_loop_itempublic\includes\class.woocommerce-hooks.php:29
actionwoocommerce_after_add_to_cart_formpublic\includes\class.woocommerce-hooks.php:36
actionwp_enqueue_scriptspublic\includes\dynamic-css.php:97
actionwp_enqueue_scriptspublic\includes\plugin-scripts.php:3
filterscript_loader_tagpublic\includes\plugin-scripts.php:21
Maintenance & Trust

Easy Wishlist Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedNov 30, 2025
PHP min version7.4
Downloads845

Community Trust

Rating0/100
Number of ratings0
Active installs100
Alternatives

Easy Wishlist Alternatives

QODE Wishlist for WooCommerce

QODE Wishlist for WooCommerce

qode-wishlist-for-woocommerce

A
99

Qode Wishlist for WooCommerce plugin is the ideal toolkit for letting your visitors save & share comprehensive lists with their products of interest.

10K 1 CVE
Wishlist for WooCommerce: Multi Wishlists Per Customer

Wishlist for WooCommerce: Multi Wishlists Per Customer

wish-list-for-woocommerce

A
95

Increase loyalty & sales by letting customers create, manage & share multiple wishlists on your WooCommerce store.

2K 5 CVEs
Addonify – WooCommerce Wishlist

Addonify – WooCommerce Wishlist

addonify-wishlist

A
99

Addonify WooCommerce Wishlist is a light-weight yet powerful tool that adds a wishlist functionality to your e-commerce shop.

1K 1 CVE
WishSuite – Wishlist for WooCommerce

WishSuite – Wishlist for WooCommerce

wishsuite

A
92

WishSuite integrates wishlist functionality into your WooCommerce store, so customers can easily add products to their wishlists for later purchases.

1K 5 CVEs
Flexible Wishlist for WooCommerce – Ecommerce Wishlist & Save for later

Flexible Wishlist for WooCommerce – Ecommerce Wishlist & Save for later

flexible-wishlist

A
98

Lightweight and simple WooCommerce wishlist. Increases sales. Fits any theme. Customizes texts and icons. Add to ecommerce wishlist with just 1 click.

900 2 CVEs
Developer Profile

Easy Wishlist Developer Profile

themewant

8 plugins · 9K total installs

91
trust score
Avg Security Score
95/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Easy Wishlist

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/easy-wishlist/admin/assets/css/admin-style.css/wp-content/plugins/easy-wishlist/public/assets/css/elementor-icon.css
Script Paths
/wp-content/plugins/easy-wishlist/admin/assets/js/wp-color-picker-alpha.min.js/wp-content/plugins/easy-wishlist/admin/assets/js/admin.js
Version Parameters
easy-wishlist/admin/assets/css/admin-style.css?ver=easy-wishlist/admin/assets/js/wp-color-picker-alpha.min.js?ver=easy-wishlist/admin/assets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
eswislst-add-to-wishlisteswislst-remove-from-wishlist
HTML Comments
Easy Wishlist StartEasy Wishlist End
Data Attributes
data-product-iddata-wishlist-url
JS Globals
eswislst_ajax
REST Endpoints
/wp-json/easy-wishlist/v1/add/wp-json/easy-wishlist/v1/remove
Shortcode Output
[easy_wishlist][easy_wishlist_button]
FAQ

Frequently Asked Questions about Easy Wishlist