Does Wishlist for WooCommerce have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Wishlist for WooCommerce compatible with WordPress 6.8.5?

According to WordPress.org data, Wishlist for WooCommerce 2.0.6 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Wishlist for WooCommerce compatible with PHP 7.4+?

Wishlist for WooCommerce requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Wishlist for WooCommerce updated?

Wishlist for WooCommerce was last updated on May 30, 2025. Frequent updates are generally a positive security signal.

What is Wishlist for WooCommerce's security score?

Wishlist for WooCommerce has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Wishlist for WooCommerce Security & Risk Analysis

wordpress.org/plugins/jvm-woocommerce-wishlist

Supercharge your sales with WooCommerce Wishlist - a powerful tool that empowers customers to create wishlists and enhances their shopping experience.

700 active installs v2.0.6 PHP 7.4+ WP 5.0+ Updated May 30, 2025

add-to-wishlistti-wishlistwishlistwishlist-for-woocommercewoocommerce-wishlist

A · Safe

CVEs total1

Unpatched0

Last CVEAug 12, 2019

Download

Safety Verdict

Is Wishlist for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Wishlist for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Aug 12, 2019Updated 11mo ago

Risk Assessment

The "jvm-woocommerce-wishlist" v2.0.6 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by implementing nonces for all identified entry points and performs capability checks on a significant number of these. The plugin also heavily favors prepared statements for its SQL queries, indicating a strong defense against SQL injection. File operations and bundled libraries are absent, further reducing potential attack vectors.

However, concerns arise from the taint analysis, which reveals flows with unsanitized paths, specifically two of high severity. While the static analysis reports no directly dangerous functions, these unsanitized flows represent a significant risk, potentially leading to unexpected behavior or data manipulation if exploited. The vulnerability history, while showing no currently unpatched CVEs, does indicate a past medium-severity vulnerability related to "Authorization Bypass Through User-Controlled Key." This suggests a history of authorization-related weaknesses that, when combined with the current taint analysis findings, warrants caution.

In conclusion, while the plugin has strengths in its input validation and SQL handling, the presence of high-severity unsanitized taint flows is a notable weakness. The past authorization bypass vulnerability also suggests that authorization mechanisms should be carefully reviewed. The overall security is moderate, with critical areas for improvement in sanitizing user-controlled data to prevent potential exploitation.

Key Concerns

High severity taint flows with unsanitized paths
Past medium severity vulnerability (Authorization Bypass)
Output escaping below 80% (76%)

Vulnerabilities

1 published

Wishlist for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2019

2019

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

WF-5b266a09-22f3-4ac3-a2ba-8321503200e7-jvm-woocommerce-wishlistmedium · 5.3Authorization Bypass Through User-Controlled Key

JVM WooCommerce Wishlist <= 1.2.6 - Insecure Direct Object Reference

Aug 12, 2019 Patched in 1.2.7 (1625d)

Version History

Wishlist for WooCommerce Release Timeline

v2.0.6Current

v2.0.5

v2.0.4

v2.0.3

v2.0.2

v2.0.1

v2.0

v1.3.6

v1.3.5

v1.3.4

Code Analysis

Analyzed Mar 16, 2026

Wishlist for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

6 prepared

Unescaped Output

263

813 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

86% prepared7 total queries

Output Escaping

76% escaped1076 total outputs

Data Flows · Security

3 unsanitized

Data Flow Analysis

6 flows3 with unsanitized paths

csf_export (inc\codestar-framework\functions\actions.php:62)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Wishlist for WooCommerce Attack Surface

Entry Points7

Unprotected0

AJAX Handlers 5

authwp_ajax_csf-get-iconsinc\codestar-framework\functions\actions.php:50

authwp_ajax_csf-exportinc\codestar-framework\functions\actions.php:87

authwp_ajax_csf-importinc\codestar-framework\functions\actions.php:123

authwp_ajax_csf-resetinc\codestar-framework\functions\actions.php:150

authwp_ajax_csf-choseninc\codestar-framework\functions\actions.php:189

Shortcodes 2

[jvm_woocommerce_wishlist] v2\Wishlist.php:23

[jvm_add_to_wishlist] v2\Wishlist.php:24

WordPress Hooks 84

actionwp_enqueue_scriptsinc\codestar-framework\classes\abstract.class.php:21

actionadmin_menuinc\codestar-framework\classes\admin-options.class.php:107

actionadmin_bar_menuinc\codestar-framework\classes\admin-options.class.php:108

actionnetwork_admin_menuinc\codestar-framework\classes\admin-options.class.php:112

filteradmin_footer_textinc\codestar-framework\classes\admin-options.class.php:432

actionadd_meta_boxes_commentinc\codestar-framework\classes\comment-options.class.php:38

actionedit_commentinc\codestar-framework\classes\comment-options.class.php:39

actioncustomize_registerinc\codestar-framework\classes\customize-options.class.php:44

actioncustomize_save_afterinc\codestar-framework\classes\customize-options.class.php:45

actionwp_enqueue_scriptsinc\codestar-framework\classes\customize-options.class.php:49

actionadd_meta_boxesinc\codestar-framework\classes\metabox-options.class.php:50

actionsave_postinc\codestar-framework\classes\metabox-options.class.php:51

actionedit_attachmentinc\codestar-framework\classes\metabox-options.class.php:52

actionwp_nav_menu_item_custom_fieldsinc\codestar-framework\classes\nav-menu-options.class.php:32

actionwp_update_nav_menu_iteminc\codestar-framework\classes\nav-menu-options.class.php:33

filterwp_edit_nav_menu_walkerinc\codestar-framework\classes\nav-menu-options.class.php:35

actionadmin_initinc\codestar-framework\classes\profile-options.class.php:32

actionshow_user_profileinc\codestar-framework\classes\profile-options.class.php:44

actionedit_user_profileinc\codestar-framework\classes\profile-options.class.php:45

actionpersonal_options_updateinc\codestar-framework\classes\profile-options.class.php:47

actionedit_user_profile_updateinc\codestar-framework\classes\profile-options.class.php:48

actionafter_setup_themeinc\codestar-framework\classes\setup.class.php:73

actioninitinc\codestar-framework\classes\setup.class.php:74

actionswitch_themeinc\codestar-framework\classes\setup.class.php:75

actionadmin_enqueue_scriptsinc\codestar-framework\classes\setup.class.php:76

actionwp_enqueue_scriptsinc\codestar-framework\classes\setup.class.php:77

actionwp_headinc\codestar-framework\classes\setup.class.php:78

filteradmin_body_classinc\codestar-framework\classes\setup.class.php:79

actionadmin_footerinc\codestar-framework\classes\shortcode-options.class.php:47

actioncustomize_controls_print_footer_scriptsinc\codestar-framework\classes\shortcode-options.class.php:48

actionelementor/editor/before_enqueue_scriptsinc\codestar-framework\classes\shortcode-options.class.php:59

actionelementor/editor/footerinc\codestar-framework\classes\shortcode-options.class.php:60

actionelementor/editor/footerinc\codestar-framework\classes\shortcode-options.class.php:61

actionenqueue_block_editor_assetsinc\codestar-framework\classes\shortcode-options.class.php:258

actionmedia_buttonsinc\codestar-framework\classes\shortcode-options.class.php:262

actionadmin_initinc\codestar-framework\classes\taxonomy-options.class.php:41

actionadmin_footerinc\codestar-framework\fields\icon\icon.php:41

actioncustomize_controls_print_footer_scriptsinc\codestar-framework\fields\icon\icon.php:42

actionadmin_print_footer_scriptsinc\codestar-framework\fields\link\link.php:65

actionprint_default_editor_scriptsinc\codestar-framework\fields\wp_editor\wp_editor.php:62

actionadmin_menuinc\codestar-framework\views\welcome.php:19

filterplugin_action_linksinc\codestar-framework\views\welcome.php:20

filterplugin_row_metainc\codestar-framework\views\welcome.php:21

actionadmin_enqueue_scriptsinc\core.php:7

actionadmin_menuinc\core.php:8

actionadmin_menuinc\core.php:9

actionadmin_initinc\onboarding\Config.php:221

actioninitinc\onboarding\Config.php:377

filteruser_has_capinc\onboarding\Includes\Source\abstractBoarding.php:417

actionadmin_menuinc\onboarding\Includes\Source\abstractBoarding.php:425

actionadmin_initinc\onboarding\Includes\Source\abstractBoarding.php:426

actionshutdowninc\onboarding\Includes\Source\abstractBoarding.php:2942

actioncix_onboarding_wizard_saveinc\onboarding\Includes\Wizard.php:41

filtercix_onboarding_wizard_optioninc\onboarding\Includes\Wizard.php:42

filterhzfex_onboarding_wizard_readyinc\onboarding\Includes\Wizard.php:43

actionadmin_noticesinc\onboarding\Onboarding.php:59

actionswitch_themeinc\usage-tracking\Insights.php:135

actionswitch_themeinc\usage-tracking\Insights.php:136

actionadmin_footerinc\usage-tracking\Insights.php:146

actionadmin_noticesinc\usage-tracking\Insights.php:161

actionadmin_initinc\usage-tracking\Insights.php:164

filtercron_schedulesinc\usage-tracking\Insights.php:168

actionadmin_menuinc\usage-tracking\License.php:219

actionafter_switch_themeinc\usage-tracking\License.php:781

actionswitch_themeinc\usage-tracking\License.php:782

actionbefore_woocommerce_initjvm-woocommerce-wishlist.php:54

actionplugins_loadedjvm-woocommerce-wishlist.php:66

actionwp_enqueue_scriptsv2\Bootstrap.php:30

filterdisplay_post_statesv2\Bootstrap.php:31

actionadmin_initv2\Bootstrap.php:32

actioncsf_cixwishlist_settings_save_afterv2\Settings.php:28

filterplugin_row_metav2\Settings.php:29

actioninitv2\Wishlist.php:28

actionwp_footerv2\Wishlist.php:29

filtercix_replace_text_listv2\Wishlist.php:30

actionwp_loginv2\Wishlist.php:31

actionadmin_noticesv2\Wishlist.php:32

actionwp_loadedv2\Wishlist.php:33

actionwoocommerce_after_add_to_cart_buttonv2\Wishlist.php:164

actionwoocommerce_before_add_to_cart_buttonv2\Wishlist.php:166

actionwoocommerce_after_single_product_summaryv2\Wishlist.php:168

actionwoocommerce_after_shop_loop_itemv2\Wishlist.php:176

actionwoocommerce_after_shop_loop_itemv2\Wishlist.php:178

actionwoocommerce_before_shop_loop_item_titlev2\Wishlist.php:180

Maintenance & Trust

Wishlist for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedMay 30, 2025

PHP min version7.4

Downloads18K

Community Trust

Rating76/100

Number of ratings10

Active installs700

Alternatives

Wishlist for WooCommerce Alternatives

YITH WooCommerce Wishlist

yith-woocommerce-wishlist

YITH WooCommerce Wishlist add all Wishlist features to your website. Needs WooCommerce to work. WooCommerce 10.7.x compatible.

500K 8 CVEs

OLLITS Wishlist for WooCommerce

ollits-woo-wishlist

Enable WooCommerce customers to effortlessly manage their personal wishlists, improving their shopping experience!

0 No CVEs

QODE Wishlist for WooCommerce

qode-wishlist-for-woocommerce

Qode Wishlist for WooCommerce plugin is the ideal toolkit for letting your visitors save & share comprehensive lists with their products of interest.

10K 1 CVE

Wishlist for WooCommerce: Multi Wishlists Per Customer

wish-list-for-woocommerce

Increase loyalty & sales by letting customers create, manage & share multiple wishlists on your WooCommerce store.

2K 5 CVEs

Addonify – WooCommerce Wishlist

addonify-wishlist

Addonify WooCommerce Wishlist is a light-weight yet powerful tool that adds a wishlist functionality to your e-commerce shop.

1K 1 CVE

Developer Profile

Wishlist for WooCommerce Developer Profile

Niloy - Codeixer

8 plugins · 29K total installs

trust score

Avg Security Score

94/100

Avg Patch Time

856 days

View full developer profile

Detection Fingerprints

How We Detect Wishlist for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/jvm-woocommerce-wishlist/assets/css/frontend.css/wp-content/plugins/jvm-woocommerce-wishlist/assets/css/backend.css/wp-content/plugins/jvm-woocommerce-wishlist/assets/js/frontend.js/wp-content/plugins/jvm-woocommerce-wishlist/assets/js/backend.js

Script Paths

/wp-content/plugins/jvm-woocommerce-wishlist/assets/js/frontend.js/wp-content/plugins/jvm-woocommerce-wishlist/assets/js/backend.js

Version Parameters

/wp-content/plugins/jvm-woocommerce-wishlist/assets/css/frontend.css?ver=/wp-content/plugins/jvm-woocommerce-wishlist/assets/css/backend.css?ver=/wp-content/plugins/jvm-woocommerce-wishlist/assets/js/frontend.js?ver=/wp-content/plugins/jvm-woocommerce-wishlist/assets/js/backend.js?ver=

HTML / DOM Fingerprints

CSS Classes

jvm-wishlist-add-to-cart

Data Attributes

data-product-iddata-wishlist-id

JS Globals

jvm_wishlist_frontend_params

Shortcode Output

[jvm_wishlist_button]

FAQ