Does SaveTo Wishlist Lite – WooCommerce Wishlist have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is SaveTo Wishlist Lite – WooCommerce Wishlist compatible with WordPress 7.0?

According to WordPress.org data, SaveTo Wishlist Lite – WooCommerce Wishlist 1.0.4 has been tested up to WordPress 7.0. Check the plugin's changelog for the latest compatibility information.

Is SaveTo Wishlist Lite – WooCommerce Wishlist compatible with PHP 7.4+?

SaveTo Wishlist Lite – WooCommerce Wishlist requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is SaveTo Wishlist Lite – WooCommerce Wishlist updated?

SaveTo Wishlist Lite – WooCommerce Wishlist was last updated on Mar 24, 2026. Frequent updates are generally a positive security signal.

What is SaveTo Wishlist Lite – WooCommerce Wishlist's security score?

SaveTo Wishlist Lite – WooCommerce Wishlist has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

SaveTo Wishlist Lite – WooCommerce Wishlist Security & Risk Analysis

wordpress.org/plugins/saveto-wishlist-lite-for-woocommerce

A simple, powerful WooCommerce wishlist plugin – help customers save products they love and buy later.

200 active installs v1.0.4 PHP 7.4+ WP 5.8+ Updated Mar 24, 2026

add-to-wishlistsave-to-wishlistwishlistwishlist-pluginwoocommerce-wishlist

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is SaveTo Wishlist Lite – WooCommerce Wishlist Safe to Use in 2026?

Generally Safe

Score 100/100

SaveTo Wishlist Lite – WooCommerce Wishlist has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The "saveto-wishlist-lite-for-woocommerce" v1.0.4 plugin exhibits a mixed security posture. While it demonstrates strong adherence to output escaping (99%) and a high percentage of prepared statements for SQL queries (85%), significant concerns arise from its extensive attack surface. A notable 13 AJAX handlers are present, with a concerning 12 of them lacking any authentication checks, making them prime targets for unauthorized actions. Additionally, the taint analysis reveals one flow with unsanitized paths classified as high severity, indicating a potential vulnerability to injection attacks or other path manipulation issues. The plugin's vulnerability history is currently clean, with no recorded CVEs, which is a positive indicator of its current state. However, the presence of a high-severity taint flow and a large number of unprotected AJAX endpoints represent immediate and substantial risks that outweigh the lack of historical vulnerabilities. These issues suggest that while the plugin developers have implemented good practices in some areas, there are critical oversights in securing its entry points, leaving it susceptible to exploitation.

Key Concerns

Unprotected AJAX handlers
High severity unsanitized path taint flow

Vulnerabilities

None known

SaveTo Wishlist Lite – WooCommerce Wishlist Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

SaveTo Wishlist Lite – WooCommerce Wishlist Release Timeline

v1.0.4Current

v1.0.3

v1.0.2

v1.0.1

v1.0.0.2

v1.0.0.1

v1.0.0

Code Analysis

Analyzed Mar 16, 2026

SaveTo Wishlist Lite – WooCommerce Wishlist Code Analysis

Dangerous Functions

Raw SQL Queries

50 prepared

Unescaped Output

99 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

85% prepared59 total queries

Output Escaping

99% escaped100 total outputs

Data Flows · Security

1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths

<Wishlist> (Classes\Frontend\Wishlist.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

12 unprotected

SaveTo Wishlist Lite – WooCommerce Wishlist Attack Surface

Entry Points14

Unprotected12

AJAX Handlers 13

authwp_ajax_stwlite_dismiss_review_requestClasses\Admin\Admin_Hooks.php:94

authwp_ajax_stwlite_add_to_cartClasses\Frontend\Frontend_Hooks.php:92

noprivwp_ajax_stwlite_add_to_cartClasses\Frontend\Frontend_Hooks.php:93

authwp_ajax_stwlite_add_to_wishlistClasses\Frontend\Frontend_Hooks.php:96

noprivwp_ajax_stwlite_add_to_wishlistClasses\Frontend\Frontend_Hooks.php:97

authwp_ajax_stwlite_check_product_in_wishlistClasses\Frontend\Frontend_Hooks.php:100

noprivwp_ajax_stwlite_check_product_in_wishlistClasses\Frontend\Frontend_Hooks.php:101

authwp_ajax_stwlite_add_product_cart_to_wishlistClasses\Frontend\Frontend_Hooks.php:104

noprivwp_ajax_stwlite_add_product_cart_to_wishlistClasses\Frontend\Frontend_Hooks.php:105

authwp_ajax_stwlite_remove_product_from_wishlistClasses\Frontend\Frontend_Hooks.php:108

noprivwp_ajax_stwlite_remove_product_from_wishlistClasses\Frontend\Frontend_Hooks.php:109

authwp_ajax_stwlite_store_wishlist_from_local_storageClasses\Frontend\Frontend_Hooks.php:112

noprivwp_ajax_stwlite_store_wishlist_from_local_storageClasses\Frontend\Frontend_Hooks.php:113

Shortcodes 1

[saveto_wishlist] Classes\Frontend\Frontend_Hooks.php:83

WordPress Hooks 75

actionadmin_menuClasses\Admin\Admin_Hooks.php:70

actionadmin_enqueue_scriptsClasses\Admin\Admin_Hooks.php:71

filteradmin_body_classClasses\Admin\Admin_Hooks.php:74

actionstwlite_trigger_install_pluginClasses\Admin\Admin_Hooks.php:80

filterstwlite_admin_app_afterClasses\Admin\Admin_Hooks.php:83

actionin_admin_headerClasses\Admin\Admin_Hooks.php:86

actionupdate_option_stwlite_wishlist_pageClasses\Admin\Admin_Hooks.php:89

actionadd_option_stwlite_wishlist_pageClasses\Admin\Admin_Hooks.php:90

actioninitClasses\Admin\Admin_Hooks.php:91

actionadmin_noticesClasses\Admin\Admin_Hooks.php:97

actionrest_api_initClasses\API\API_Admin_Importer.php:47

actionrest_api_initClasses\API\API_Admin_Settings.php:46

actionrest_api_initClasses\API\API_Admin_Wishlists.php:49

actionrest_api_initClasses\API\API_Frontend_Endpoints.php:49

actionwoocommerce_before_shop_loop_itemClasses\Frontend\Buttons.php:62

filterstwlite_before_woocommerce/product-imageClasses\Frontend\Buttons.php:63

actionwoocommerce_before_shop_loop_item_titleClasses\Frontend\Buttons.php:65

filterstwlite_after_woocommerce/product-imageClasses\Frontend\Buttons.php:66

actionwoocommerce_shop_loop_item_titleClasses\Frontend\Buttons.php:68

filterstwlite_before_woocommerce/product-priceClasses\Frontend\Buttons.php:69

actionwoocommerce_after_shop_loop_item_titleClasses\Frontend\Buttons.php:71

filterstwlite_before_woocommerce/product-buttonClasses\Frontend\Buttons.php:72

actionwoocommerce_after_shop_loop_itemClasses\Frontend\Buttons.php:74

filterstwlite_after_woocommerce/product-buttonClasses\Frontend\Buttons.php:75

actionwoocommerce_product_thumbnailsClasses\Frontend\Buttons.php:95

actionwoocommerce_before_single_product_summaryClasses\Frontend\Buttons.php:97

actionwoocommerce_before_add_to_cart_quantityClasses\Frontend\Buttons.php:99

actionwoocommerce_after_add_to_cart_buttonClasses\Frontend\Buttons.php:101

actionwoocommerce_single_product_summaryClasses\Frontend\Buttons.php:103

actionwoocommerce_single_product_summaryClasses\Frontend\Buttons.php:105

actionwoocommerce_after_cart_tableClasses\Frontend\Buttons.php:118

actionstwlite_after_woocommerce/cart-line-items-blockClasses\Frontend\Buttons.php:119

actionwp_enqueue_scriptsClasses\Frontend\Frontend_Hooks.php:67

actioninitClasses\Frontend\Frontend_Hooks.php:70

actioninitClasses\Frontend\Frontend_Hooks.php:71

filterquery_varsClasses\Frontend\Frontend_Hooks.php:72

actioninitClasses\Frontend\Frontend_Hooks.php:75

actiontemplate_redirectClasses\Frontend\Frontend_Hooks.php:86

filterstwlite_collections_whereClasses\Frontend\Frontend_Hooks.php:89

filterstwlite_response_wishlist_dataClasses\Frontend\Frontend_Hooks.php:116

actionwpml_language_switchedClasses\Frontend\Frontend_Hooks.php:119

filterwoocommerce_account_menu_itemsClasses\Frontend\Frontend_Hooks.php:132

actionwoocommerce_account_wishlist_endpointClasses\Frontend\Frontend_Hooks.php:133

filterdocument_title_partsClasses\Frontend\Wishlist.php:361

actionwp_headClasses\Frontend\Wishlist.php:362

filterrocket_exclude_jsClasses\Integrations\Cache_Exclusions.php:88

filterrocket_minify_excluded_external_jsClasses\Integrations\Cache_Exclusions.php:89

filterrocket_exclude_defer_jsClasses\Integrations\Cache_Exclusions.php:90

filtersgo_js_minify_excludeClasses\Integrations\Cache_Exclusions.php:93

filtersgo_javascript_combine_excludeClasses\Integrations\Cache_Exclusions.php:94

filtersgo_javascript_combine_excluded_inline_contentClasses\Integrations\Cache_Exclusions.php:95

filtersgo_html_minify_exclude_paramsClasses\Integrations\Cache_Exclusions.php:96

filtersgo_js_async_excludeClasses\Integrations\Cache_Exclusions.php:97

filterscript_loader_tagClasses\Integrations\Cache_Exclusions.php:98

filterlitespeed_optimize_js_excludesClasses\Integrations\Cache_Exclusions.php:101

filterautoptimize_filter_js_excludeClasses\Integrations\Cache_Exclusions.php:104

filterw3tc_minify_js_do_tag_minificationClasses\Integrations\Cache_Exclusions.php:107

filterwpfc_exclude_current_pageClasses\Integrations\Cache_Exclusions.php:110

filterwpacu_skip_assets_from_rules_and_list_for_optimizationClasses\Integrations\Cache_Exclusions.php:113

filterwp-optimize-minify-default-exclusionsClasses\Integrations\Cache_Exclusions.php:116

filterbreeze_minify_exclude_jsClasses\Integrations\Cache_Exclusions.php:119

filterrender_blockClasses\Integrations\WooCommerce.php:52

actioninitClasses\Integrations\WPML_Support.php:50

actionwpml_loadedClasses\Integrations\WPML_Support.php:53

actionupdate_option_stwlite_settings_wishlist_button_labelClasses\Integrations\WPML_Support.php:57

actionupdate_option_stwlite_settings_wishlist_button_cart_labelClasses\Integrations\WPML_Support.php:58

actionupdate_option_stwlite_settings_wishlist_titleClasses\Integrations\WPML_Support.php:59

actionupdate_option_stwlite_settings_wishlist_descriptionClasses\Integrations\WPML_Support.php:60

filterstwlite_string_optionClasses\Integrations\WPML_Support.php:98

actionwp_headHelpers\Vite_App.php:304

filterscript_loader_tagHelpers\Vite_App.php:420

filterstyle_loader_tagHelpers\Vite_App.php:421

actionadmin_noticessaveto-wishlist-lite-for-woocommerce.php:72

actionbefore_woocommerce_initsaveto-wishlist-lite-for-woocommerce.php:80

actionsetup_themesaveto-wishlist-lite-for-woocommerce.php:96

Maintenance & Trust

SaveTo Wishlist Lite – WooCommerce Wishlist Maintenance & Trust

Maintenance Signals

WordPress version tested7.0

Last updatedMar 24, 2026

PHP min version7.4

Downloads2K

Community Trust

Rating84/100

Number of ratings5

Active installs200

Alternatives

SaveTo Wishlist Lite – WooCommerce Wishlist Alternatives

YITH WooCommerce Wishlist

yith-woocommerce-wishlist

YITH WooCommerce Wishlist add all Wishlist features to your website. Needs WooCommerce to work. WooCommerce 10.7.x compatible.

500K 8 CVEs

QODE Wishlist for WooCommerce

qode-wishlist-for-woocommerce

Qode Wishlist for WooCommerce plugin is the ideal toolkit for letting your visitors save & share comprehensive lists with their products of interest.

10K 1 CVE

Wishlist for WooCommerce: Multi Wishlists Per Customer

wish-list-for-woocommerce

Increase loyalty & sales by letting customers create, manage & share multiple wishlists on your WooCommerce store.

2K 5 CVEs

Addonify – WooCommerce Wishlist

addonify-wishlist

Addonify WooCommerce Wishlist is a light-weight yet powerful tool that adds a wishlist functionality to your e-commerce shop.

1K 1 CVE

Wishlist for WooCommerce

jvm-woocommerce-wishlist

100

Supercharge your sales with WooCommerce Wishlist - a powerful tool that empowers customers to create wishlists and enhances their shopping experience.

700 1 CVE

Developer Profile

SaveTo Wishlist Lite – WooCommerce Wishlist Developer Profile

Josh Kohlbach

9 plugins · 141K total installs

trust score

Avg Security Score

93/100

Avg Patch Time

744 days

View full developer profile

Detection Fingerprints

How We Detect SaveTo Wishlist Lite – WooCommerce Wishlist

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/saveto-wishlist-lite-for-woocommerce/assets/css/admin-app.css/wp-content/plugins/saveto-wishlist-lite-for-woocommerce/assets/css/admin-style.css/wp-content/plugins/saveto-wishlist-lite-for-woocommerce/assets/js/admin-app.js/wp-content/plugins/saveto-wishlist-lite-for-woocommerce/assets/js/frontend-app.js/wp-content/plugins/saveto-wishlist-lite-for-woocommerce/assets/js/frontend-script.js/wp-content/plugins/saveto-wishlist-lite-for-woocommerce/assets/js/global.js

Script Paths

/wp-content/plugins/saveto-wishlist-lite-for-woocommerce/assets/js/admin-app.js/wp-content/plugins/saveto-wishlist-lite-for-woocommerce/assets/js/frontend-app.js/wp-content/plugins/saveto-wishlist-lite-for-woocommerce/assets/js/frontend-script.js/wp-content/plugins/saveto-wishlist-lite-for-woocommerce/assets/js/global.js

Version Parameters

saveto-wishlist-lite-for-woocommerce/assets/css/admin-app.css?ver=saveto-wishlist-lite-for-woocommerce/assets/css/admin-style.css?ver=saveto-wishlist-lite-for-woocommerce/assets/js/admin-app.js?ver=saveto-wishlist-lite-for-woocommerce/assets/js/frontend-app.js?ver=saveto-wishlist-lite-for-woocommerce/assets/js/frontend-script.js?ver=saveto-wishlist-lite-for-woocommerce/assets/js/global.js?ver=

HTML / DOM Fingerprints

CSS Classes

stwlite-admin-app

Data Attributes

data-plugin-name="SaveTo Wishlist"data-plugin-version="1.0.4"

JS Globals

stwlite_admin_objectstwlite_frontend_objectstwlite_global_object

FAQ