WP-Safety

Premmerce Wishlist for WooCommerce Security & Risk Analysis

wordpress.org/plugins/premmerce-woocommerce-wishlist

This plugin provides the possibility for your customers to create wishlists with the further possibility to share them with friends.

200 active installs v1.1.11 PHP 5.6+ WP 4.8+ Updated Dec 24, 2025
e-commerceecommerceproduct-wishlistwishlistwoocommerce-wishlist
93
A · Safe
CVEs total3
Unpatched0
Last CVEDec 11, 2025
Plugin page Download
Safety Verdict

Is Premmerce Wishlist for WooCommerce Safe to Use in 2026?

Generally Safe

Score 93/100

Premmerce Wishlist for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Dec 11, 2025Updated 3mo ago
Risk Assessment

The 'premmerce-woocommerce-wishlist' plugin v1.1.11 presents a mixed security profile. The static analysis shows good practices in several areas, including 100% prepared statement usage for SQL queries and the presence of nonce and capability checks. There are also no identified dangerous functions, file operations, or external HTTP requests, which are positive indicators. However, the low percentage of properly escaped output (16%) is a significant concern, indicating a potential for cross-site scripting (XSS) vulnerabilities if user-supplied data is not handled securely before being displayed. Furthermore, all analyzed taint flows exhibited unsanitized paths, although none were classified as critical or high severity in this static analysis, which warrants further investigation.

Key Concerns

  • Significant portion of output not properly escaped
  • All analyzed taint flows had unsanitized paths
  • Bundled library (Freemius) is outdated
Vulnerabilities
3

Premmerce Wishlist for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2019
2019
2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

High
2
Medium
1

3 total CVEs

CVE-2025-13440medium · 5.3Missing Authorization

Premmerce Wishlist for WooCommerce <= 1.1.10 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Wishlist Deletion

Dec 11, 2025 Patched in 1.1.11 (26d)
CVE-2025-60191high · 8.1Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Premmerce Wishlist for WooCommerce <= 1.1.10 - Unauthenticated Local File Inclusion

Jul 28, 2025 Patched in 1.1.11 (163d)
WF-3fda31fa-efc9-44b9-99ba-9e3e23aa2ee0-premmerce-woocommerce-wishlisthigh · 8.8Missing Authorization

Freemius SDK <= 2.2.3 - Missing Authorization to Arbitrary Options Update

Feb 25, 2019 Patched in 1.1.3 (1793d)
Code Analysis
Analyzed Mar 17, 2026

Premmerce Wishlist for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
18 prepared
Unescaped Output
46
9 escaped
Nonce Checks
1
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

Freemius1.0

SQL Query Safety

100% prepared18 total queries

Output Escaping

16% escaped55 total outputs
Data Flows
7 unsanitized

Data Flow Analysis

7 flows7 with unsanitized paths
wishlistAdd (src\RestApi\RestApi.php:113)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Premmerce Wishlist for WooCommerce Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[wishlist_page] src\Frontend\Frontend.php:66
WordPress Hooks 26
actionafter_uninstallpremmerce-wishlist.php:43
actioninitsrc\Admin\Admin.php:37
actionadmin_menusrc\Admin\Admin.php:43
actionadmin_menusrc\Admin\Admin.php:44
actionshow_user_profilesrc\Admin\Admin.php:46
actionedit_user_profilesrc\Admin\Admin.php:47
actionadmin_post_premmerce_delete_wishlistsrc\Admin\Admin.php:49
actionwp_trash_postsrc\Admin\Admin.php:51
actionsave_postsrc\Admin\Admin.php:52
actionwoocommerce_single_product_summarysrc\Frontend\Frontend.php:44
actionwoocommerce_after_shop_loop_itemsrc\Frontend\Frontend.php:45
actionwoocommerce_after_shop_loop_itemsrc\Frontend\Frontend.php:46
actionwoocommerce_before_shop_loop_itemsrc\Frontend\Frontend.php:47
actionwp_loginsrc\Frontend\Frontend.php:49
actionwp_enqueue_scriptssrc\Frontend\Frontend.php:51
actioninitsrc\Frontend\Frontend.php:69
actionwp_enqueue_scriptssrc\Integration\OceanWpIntegration.php:23
actionocean_after_single_product_quantity-buttonsrc\Integration\OceanWpIntegration.php:27
actionocean_after_archive_product_innersrc\Integration\OceanWpIntegration.php:32
actionocean_after_archive_product_innersrc\Integration\OceanWpIntegration.php:36
actionrest_api_initsrc\RestApi\RestApi.php:59
actionwc_ajax_premmerce_wishlist_popupsrc\RestApi\RestApi.php:61
actionwidgets_initsrc\WishlistPlugin.php:54
actioninitsrc\WishlistPlugin.php:56
actionadmin_initsrc\WishlistPlugin.php:57
filterhide_account_tabsviews\admin\tabs\account.php:3
Maintenance & Trust

Premmerce Wishlist for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 24, 2025
PHP min version5.6
Downloads23K

Community Trust

Rating74/100
Number of ratings3
Active installs200
Alternatives

Premmerce Wishlist for WooCommerce Alternatives

Flexible Wishlist for WooCommerce – Ecommerce Wishlist & Save for later

Flexible Wishlist for WooCommerce – Ecommerce Wishlist & Save for later

flexible-wishlist

A
98

Lightweight and simple WooCommerce wishlist. Increases sales. Fits any theme. Customizes texts and icons. Add to ecommerce wishlist with just 1 click.

900 2 CVEs
TI WooCommerce Wishlist

TI WooCommerce Wishlist

ti-woocommerce-wishlist

B
77

Boost your sales with a free WooCommerce Wishlist feature. Let your customers save and share their favorite products!

100K 9 CVEs
WCBoost – Wishlist

WCBoost – Wishlist

wcboost-wishlist

A
100

WCBoost - Wishlist lets shoppers create wishlists for later purchases, reminding them of desired items, driving repeat visits and boost sales.

30K No CVEs
QODE Wishlist for WooCommerce

QODE Wishlist for WooCommerce

qode-wishlist-for-woocommerce

A
99

Qode Wishlist for WooCommerce plugin is the ideal toolkit for letting your visitors save & share comprehensive lists with their products of interest.

10K 1 CVE
Wishlist for WooCommerce: Multi Wishlists Per Customer

Wishlist for WooCommerce: Multi Wishlists Per Customer

wish-list-for-woocommerce

A
95

Increase loyalty & sales by letting customers create, manage & share multiple wishlists on your WooCommerce store.

2K 5 CVEs
Developer Profile

Premmerce Wishlist for WooCommerce Developer Profile

Premmerce

14 plugins · 60K total installs

75
trust score
Avg Security Score
94/100
Avg Patch Time
416 days
View full developer profile
Detection Fingerprints

How We Detect Premmerce Wishlist for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/premmerce-woocommerce-wishlist/assets/css/backend/backend.css/wp-content/plugins/premmerce-woocommerce-wishlist/assets/css/frontend/frontend.css/wp-content/plugins/premmerce-woocommerce-wishlist/assets/js/frontend/frontend.js
Script Paths
/wp-content/plugins/premmerce-woocommerce-wishlist/assets/js/backend/backend.js/wp-content/plugins/premmerce-woocommerce-wishlist/assets/js/frontend/frontend.js
Version Parameters
/wp-content/plugins/premmerce-woocommerce-wishlist/assets/css/backend/backend.css?ver=/wp-content/plugins/premmerce-woocommerce-wishlist/assets/css/frontend/frontend.css?ver=/wp-content/plugins/premmerce-woocommerce-wishlist/assets/js/backend/backend.js?ver=/wp-content/plugins/premmerce-woocommerce-wishlist/assets/js/frontend/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
premmerce-wishlist-frontendpremmerce-wishlist-backend
Data Attributes
data-product-iddata-wishlist-id
JS Globals
premmerceWishlistFrontendpremmerceWishlistBackend
FAQ

Frequently Asked Questions about Premmerce Wishlist for WooCommerce