WP-Safety

Flexible Wishlist for WooCommerce – Ecommerce Wishlist & Save for later Security & Risk Analysis

wordpress.org/plugins/flexible-wishlist

Lightweight and simple WooCommerce wishlist. Increases sales. Fits any theme. Customizes texts and icons. Add to ecommerce wishlist with just 1 click.

900 active installs v1.2.39 PHP 7.4+ WP 6.4+ Updated Mar 7, 2026
ecommerce-wishlistproduct-wishlistwishlistwishlist-for-woocommercewoocommerce-wishlist
98
A · Safe
CVEs total2
Unpatched0
Last CVEFeb 17, 2025
Download
Safety Verdict

Is Flexible Wishlist for WooCommerce – Ecommerce Wishlist & Save for later Safe to Use in 2026?

Generally Safe

Score 98/100

Flexible Wishlist for WooCommerce – Ecommerce Wishlist & Save for later has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Feb 17, 2025Updated 27d ago
Risk Assessment

The flexible-wishlist plugin exhibits a mixed security posture. On one hand, it demonstrates good practices by utilizing prepared statements for most SQL queries and performing output escaping on a high percentage of outputs. It also includes a significant number of nonce and capability checks, suggesting an awareness of common WordPress security vulnerabilities. However, the presence of a 'passthru' function is a critical red flag, as this function can execute arbitrary commands on the server and should be avoided unless absolutely necessary and heavily secured. The taint analysis reveals two high-severity flows with unsanitized paths, indicating potential for data to be processed in an unsafe manner, which could lead to vulnerabilities if exploited. The vulnerability history, while showing no currently unpatched CVEs, indicates past issues including high and medium severity Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) vulnerabilities. This pattern suggests a history of input validation and authorization issues, even though recent versions appear to have addressed them.

Overall, while the plugin has made strides in hardening its code, the identified 'passthru' function and high-severity taint flows present significant immediate risks that require urgent attention. The historical pattern of CSRF and XSS vulnerabilities, though currently patched, warrants continued vigilance and thorough auditing of any new input handling mechanisms. The low number of unprotected entry points is a positive sign. The plugin's strengths lie in its use of prepared statements and output escaping, but these are overshadowed by the critical 'passthru' function and the identified taint flows. A cautious approach is recommended until these critical issues are fully remediated.

Key Concerns

  • Dangerous function 'passthru' detected
  • High severity taint flows with unsanitized paths (2)
  • History of high severity vulnerabilities (1)
  • History of medium severity vulnerabilities (1)
  • SQL queries without prepared statements (86% prepared = 14% not)
  • Output escaping not properly handled (83% escaped = 17% not)
Vulnerabilities
2

Flexible Wishlist for WooCommerce – Ecommerce Wishlist & Save for later Security Vulnerabilities

CVEs by Year

2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

High
1
Medium
1

2 total CVEs

CVE-2024-13718medium · 4.3Cross-Site Request Forgery (CSRF)

Flexible Wishlist for WooCommerce – Ecommerce Wishlist & Save for later <= 1.2.26 - Cross-Site Request Forgery to Wishlist Creation/Modification

Feb 17, 2025 Patched in 1.2.27 (1d)
CVE-2024-13696high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Flexible Wishlist for WooCommerce <= 1.2.25 - Unauthenticated Stored Cross-Site Scripting via wishlist_name Parameter

Jan 28, 2025 Patched in 1.2.26 (1d)
Code Analysis
Analyzed Mar 16, 2026

Flexible Wishlist for WooCommerce – Ecommerce Wishlist & Save for later Code Analysis

Dangerous Functions
1
Raw SQL Queries
3
19 prepared
Unescaped Output
71
348 escaped
Nonce Checks
14
Capability Checks
3
File Operations
40
External Requests
2
Bundled Libraries
0

Dangerous Functions Found

passthrupassthru($command);vendor_prefixed\wpdesk\wp-codeception\src\WPDesk\Composer\Commands\BaseCommand.php:20

SQL Query Safety

86% prepared22 total queries

Output Escaping

83% escaped419 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

6 flows4 with unsanitized paths
handle_ajax_request (vendor_prefixed\wpdesk\wp-wpdesk-deactivation-modal\src\Service\RequestSenderService.php:61)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Flexible Wishlist for WooCommerce – Ecommerce Wishlist & Save for later Attack Surface

Entry Points1
Unprotected0

AJAX Handlers 1

authwp_ajax_wpdesk_notice_dismissvendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\AjaxHandler.php:45
WordPress Hooks 56
actioninitsrc\Archive\ButtonGenerator.php:49
actionwoocommerce_before_shop_loop_itemsrc\Archive\ButtonGenerator.php:59
actionwoocommerce_after_shop_loop_itemsrc\Archive\ButtonGenerator.php:62
actionwoocommerce_after_shop_loop_itemsrc\Archive\ButtonGenerator.php:65
actionwoocommerce_after_shop_loop_itemsrc\Archive\ButtonGenerator.php:68
actionwoocommerce_after_shop_loop_itemsrc\Archive\ButtonGenerator.php:71
actionwoocommerce_before_add_to_cart_formsrc\Archive\ButtonGenerator.php:77
actionwoocommerce_after_add_to_cart_formsrc\Archive\ButtonGenerator.php:80
filterwp_enqueue_scriptssrc\Archive\FrontAssets.php:56
actionwp_footersrc\Archive\FrontAssets.php:57
filterwoocommerce_account_menu_itemssrc\Archive\MenuGenerator.php:41
filterwoocommerce_get_endpoint_urlsrc\Archive\MenuGenerator.php:42
filterwoocommerce_account_menu_item_classessrc\Archive\MenuGenerator.php:43
filterwp_get_nav_menu_itemssrc\Archive\MenuGenerator.php:44
filterwp_setup_nav_menu_itemsrc\Archive\MenuGenerator.php:45
filterwp_get_nav_menu_itemssrc\Archive\MenuGenerator.php:46
filterquery_varssrc\Archive\PermalinksGenerator.php:104
actioninitsrc\Archive\PermalinksGenerator.php:105
filterthe_postssrc\Archive\PermalinksGenerator.php:106
filterbody_classsrc\Archive\PermalinksGenerator.php:175
filteruser_has_capsrc\Archive\PermalinksGenerator.php:176
filterwp_robotssrc\Archive\PermalinksGenerator.php:177
actionrest_api_initsrc\Endpoint\EndpointIntegrator.php:32
actionadmin_menusrc\Marketing\SupportPage.php:25
actionplugins_loadedsrc\Migration\MigrationsManager.php:28
actionwoocommerce_initsrc\Plugin.php:110
actioninitsrc\Service\UserAuthManager.php:48
actionwp_update_nav_menu_itemsrc\Settings\MenuSettingsUpdater.php:27
actionadmin_menusrc\Settings\SettingsPageGenerator.php:50
actionin_admin_footersrc\Settings\SettingsPageGenerator.php:51
filteradmin_enqueue_scriptssrc\Settings\SettingsPageGenerator.php:52
actioninitsrc\Settings\SettingsTranslator.php:20
actionadmin_initsrc\Tracker\DeactivationTracker.php:31
actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-builder\src\Plugin\AbstractPlugin.php:148
actionwp_enqueue_scriptsvendor_prefixed\wpdesk\wp-builder\src\Plugin\AbstractPlugin.php:149
actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\AjaxHandler.php:41
actionadmin_headvendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\AjaxHandler.php:43
actionadmin_noticesvendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\Notice.php:155
actionadmin_footervendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\Notice.php:156
actionadmin_headvendor_prefixed\wpdesk\wp-notice\src\WPDesk\Notice\Notice.php:157
filterwp_autoloader_loader_loaders_to_loadvendor_prefixed\wpdesk\wp-plugin-flow-common\src\Initialization\PluginDisablerByFileTrait.php:45
filterwp_autoloader_loader_loaders_to_createvendor_prefixed\wpdesk\wp-plugin-flow-common\src\Initialization\PluginDisablerByFileTrait.php:46
actionplugins_loadedvendor_prefixed\wpdesk\wp-plugin-flow-common\src\Initialization\Simple\SimplePaidStrategy.php:58
actionplugins_loadedvendor_prefixed\wpdesk\wp-plugin-flow-common\src\PluginBootstrap.php:81
actionbefore_woocommerce_initvendor_prefixed\wpdesk\wp-plugin-flow-common\src\PluginBootstrap.php:88
actionactivated_pluginvendor_prefixed\wpdesk\wp-plugin-flow-common\src\PluginBootstrap.php:102
actionadmin_print_styles-plugins.phpvendor_prefixed\wpdesk\wp-wpdesk-deactivation-modal\src\Service\AssetsPrinterService.php:26
actionadmin_print_footer_scripts-plugins.phpvendor_prefixed\wpdesk\wp-wpdesk-deactivation-modal\src\Service\AssetsPrinterService.php:27
actionadmin_print_footer_scripts-plugins.phpvendor_prefixed\wpdesk\wp-wpdesk-deactivation-modal\src\Service\TemplateGeneratorService.php:43
actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-wpdesk-marketing\src\Boxes\Assets.php:16
actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-wpdesk-marketing\src\Boxes\Assets.php:30
actionadmin_enqueue_scriptsvendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\Assets.php:28
actionadmin_menuvendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\OptInPage.php:35
actionadmin_initvendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\OptInPage.php:36
actionadmin_noticesvendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\OptOut.php:28
filterplugin_row_metavendor_prefixed\wpdesk\wp-wpdesk-tracker\src\PSR\WPDesk\Tracker\PluginActionLinks.php:36
Maintenance & Trust

Flexible Wishlist for WooCommerce – Ecommerce Wishlist & Save for later Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 7, 2026
PHP min version7.4
Downloads48K

Community Trust

Rating88/100
Number of ratings5
Active installs900
Alternatives

Flexible Wishlist for WooCommerce – Ecommerce Wishlist & Save for later Alternatives

YITH WooCommerce Wishlist

YITH WooCommerce Wishlist

yith-woocommerce-wishlist

A
92

YITH WooCommerce Wishlist add all Wishlist features to your website. Needs WooCommerce to work. WooCommerce 10.6.x compatible.

500K 6 CVEs
QODE Wishlist for WooCommerce

QODE Wishlist for WooCommerce

qode-wishlist-for-woocommerce

A
99

Qode Wishlist for WooCommerce plugin is the ideal toolkit for letting your visitors save & share comprehensive lists with their products of interest.

10K 1 CVE
Wishlist for WooCommerce: Multi Wishlists Per Customer

Wishlist for WooCommerce: Multi Wishlists Per Customer

wish-list-for-woocommerce

A
95

Increase loyalty & sales by letting customers create, manage & share multiple wishlists on your WooCommerce store.

2K 5 CVEs
Addonify – WooCommerce Wishlist

Addonify – WooCommerce Wishlist

addonify-wishlist

A
99

Addonify WooCommerce Wishlist is a light-weight yet powerful tool that adds a wishlist functionality to your e-commerce shop.

1K 1 CVE
WishSuite – Wishlist for WooCommerce

WishSuite – Wishlist for WooCommerce

wishsuite

A
92

WishSuite integrates wishlist functionality into your WooCommerce store, so customers can easily add products to their wishlists for later purchases.

1K 5 CVEs
Developer Profile

Flexible Wishlist for WooCommerce – Ecommerce Wishlist & Save for later Developer Profile

wpdesk

23 plugins · 127K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
135 days
View full developer profile
Detection Fingerprints

How We Detect Flexible Wishlist for WooCommerce – Ecommerce Wishlist & Save for later

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/flexible-wishlist/assets/css/front.css/wp-content/plugins/flexible-wishlist/assets/js/front.js
Script Paths
/wp-content/plugins/flexible-wishlist/assets/js/front.js
Version Parameters
flexible-wishlist/assets/css/front.css?ver=flexible-wishlist/assets/js/front.js?ver=

HTML / DOM Fingerprints

Data Attributes
data-flexi-wishlist-add-to-cart-item-iddata-flexi-wishlist-add-to-cart-item-qtydata-flexi-wishlist-add-to-cart-item-product-id
JS Globals
window.flexible_wishlist_datawindow.flexible_wishlist_settingswindow.flexible_wishlist_settings.create_wishlist_endpointwindow.flexible_wishlist_settings.toggle_wishlist_endpointwindow.flexible_wishlist_settings.i18n_popup_titlewindow.flexible_wishlist_settings.i18n_add_to_list+6 more
REST Endpoints
/wp-json/flexible-wishlist/v1/create-wishlist/wp-json/flexible-wishlist/v1/toggle-item-in-wishlist
FAQ

Frequently Asked Questions about Flexible Wishlist for WooCommerce – Ecommerce Wishlist & Save for later