WP-Safety

LearnPress – Course Wishlist Security & Risk Analysis

wordpress.org/plugins/learnpress-wishlist

LearnPress Wishlist add wishlist feature to your LearnPress course in your site.

20K active installs v4.1.0 PHP 7.4+ WP 6.0+ Updated Feb 4, 2026
e-learningeducationelearninglearning-management-systemlms
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is LearnPress – Course Wishlist Safe to Use in 2026?

Generally Safe

Score 100/100

LearnPress – Course Wishlist has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The learnpress-wishlist v4.1.0 plugin exhibits a generally strong security posture based on the provided static analysis. The absence of AJAX handlers, REST API routes, shortcodes, and cron events with unprotected entry points, as well as the complete absence of file operations and external HTTP requests, significantly minimizes the plugin's attack surface. The use of prepared statements for all SQL queries and a single nonce check are positive indicators. However, a notable concern is the relatively low output escaping rate of 61%. This means that over a third of the plugin's output is not properly escaped, which could potentially lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is not sanitized before being displayed.

The plugin's vulnerability history is entirely clean, with no recorded CVEs. This, combined with the lack of critical or high severity issues in the taint analysis, suggests a history of secure development and a stable codebase. While the lack of vulnerability history is a positive sign, it's important to remember that new vulnerabilities can always emerge. The primary weakness identified is the insufficient output escaping.

In conclusion, learnpress-wishlist v4.1.0 is likely a secure plugin with a minimal attack surface and a clean vulnerability record. The main area for improvement lies in enhancing output escaping to prevent potential XSS issues. Given the absence of critical vulnerabilities and a limited attack surface, the overall risk is low, but the unescaped output warrants attention.

Key Concerns

  • Low output escaping rate (61%)
Vulnerabilities
None known

LearnPress – Course Wishlist Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

LearnPress – Course Wishlist Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
7
11 escaped
Nonce Checks
1
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

61% escaped18 total outputs
Data Flows
All sanitized

Data Flow Analysis

1 flows
<load> (inc\load.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

LearnPress – Course Wishlist Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 23
filterlp/elementor/widgetsinc\Elementor\WishListElementorHandler.php:25
actionlearn_press_wishlist_loop_item_titleinc\functions.php:49
filterlp/rest/ajax/allow_callbackinc\Gutenberg\Blocks\ButtonWishListBlockType.php:34
filterlearn-press/profile-tabsinc\load.php:52
actionwp_enqueue_scriptsinc\load.php:54
actionadmin_enqueue_scriptsinc\load.php:55
actionlearn-press/after-course-buttonsinc\load.php:77
filterlearn_press_profile_tab_endpointsinc\load.php:78
filterlearn-press/single-course/offline/section-right/info-metainc\load.php:79
actionlp/template/archive-course/descriptioninc\load.php:88
actionlearn-press/user-profileinc\load.php:89
filterlearn-press/config/block-elementsinc\load.php:91
filterlearn-press/single-course/social-share/sectionsinc\load.php:94
actionlearn-press/list-courses/layoutinc\load.php:104
actionlearn-press/single-instructor/layoutinc\load.php:111
actionlearn-press/single-course/courses-related/layoutinc\load.php:119
filterlearn-press/layout/list-courses/item/section-topinc\load.php:126
filterlearn-press/list-courses/related/layout/item/sectioninc\load.php:136
filterlp_rest_api_get_rest_namespacesinc\rest-api\class-rest-api.php:12
filterlp/rest/ajax/allow_callbackinc\TemplateHooks\CoursesWishlistTemplate.php:29
filterlp/rest/ajax/allow_callbackinc\TemplateHooks\CourseWishlistTemplate.php:40
actionadmin_noticeslearnpress-wishlist.php:79
actionlearn-press/readylearnpress-wishlist.php:91
Maintenance & Trust

LearnPress – Course Wishlist Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 4, 2026
PHP min version7.4
Downloads668K

Community Trust

Rating60/100
Number of ratings2
Active installs20K
Alternatives

LearnPress – Course Wishlist Alternatives

LearnPress – Prerequisites Courses

LearnPress – Prerequisites Courses

learnpress-prerequisites-courses

A
92

LearnPress Prerequisites is an add-on for LearnPress allow you to set prerequisite courses for a certain course in a LearnPress site.

6K No CVEs
LearnPress – bbPress Integration

LearnPress – bbPress Integration

learnpress-bbpress

A
100

bbPress addon for LearnPress is a plugin which bring bbPress features to LearnPress - WordPress LMS Plugin.

2K No CVEs
LearnPress – BuddyPress Integration

LearnPress – BuddyPress Integration

learnpress-buddypress

A
100

LearnPress buddyPress bring wonderful profile page for LearnPress.

2K No CVEs
Tutor LMS – eLearning and online course solution

Tutor LMS – eLearning and online course solution

tutor

B
75

A complete WordPress LMS plugin to create any eLearning website easily.

100K 60 CVEs
LearnPress – WordPress LMS Plugin for Create and Sell Online Courses

LearnPress – WordPress LMS Plugin for Create and Sell Online Courses

learnpress

B
76

A WordPress LMS Plugin to create WordPress Learning Management System. Turn your WordPress to LMS WordPress Website with Courses, Lessons, Quizzes &am &hellip;

80K 63 CVEs
Developer Profile

LearnPress – Course Wishlist Developer Profile

ThimPress

21 plugins · 209K total installs

70
trust score
Avg Security Score
87/100
Avg Patch Time
265 days
View full developer profile
Detection Fingerprints

How We Detect LearnPress – Course Wishlist

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/learnpress-wishlist/assets/css/course-wishlist.css/wp-content/plugins/learnpress-wishlist/assets/js/course-wishlist.js/wp-content/plugins/learnpress-wishlist/assets/js/course-wishlist.min.js/wp-content/plugins/learnpress-wishlist/assets/js/gutenberg/blocks/course-button-wishlist.min.js/wp-content/plugins/learnpress-wishlist/assets/js/gutenberg/blocks/course-button-wishlist.js
Script Paths
/wp-content/plugins/learnpress-wishlist/assets/js/course-wishlist.js/wp-content/plugins/learnpress-wishlist/assets/js/course-wishlist.min.js/wp-content/plugins/learnpress-wishlist/assets/js/gutenberg/blocks/course-button-wishlist.js/wp-content/plugins/learnpress-wishlist/assets/js/gutenberg/blocks/course-button-wishlist.min.js
Version Parameters
learnpress-wishlist/assets/css/course-wishlist.css?ver=learnpress-wishlist/assets/js/course-wishlist.js?ver=learnpress-wishlist/assets/js/course-wishlist.min.js?ver=learnpress-wishlist/assets/js/gutenberg/blocks/course-button-wishlist.js?ver=learnpress-wishlist/assets/js/gutenberg/blocks/course-button-wishlist.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
course-wishlist-buttoncourse-wishlist-itemlp-course-wishlist-buttonlp-course-wishlist-wraplp-course-wishlist-titlecourse-iduser-idlp-btn-add-wishlist
HTML Comments
<!--LP_OUTPUT_AJAX_END--><!--LP_OUTPUT_AJAX_START-->
Data Attributes
data-course-iddata-user-iddata-lp-course-iddata-lp-user-iddata-item-iddata-lp-btn-add-wishlist
JS Globals
lp_wishlist_params
REST Endpoints
/wp-json/learnpress-wishlist/v1/add-course/wp-json/learnpress-wishlist/v1/remove-course
FAQ

Frequently Asked Questions about LearnPress – Course Wishlist