Does Wishlist for WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in Wishlist for WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Wishlist for WooCommerce compatible with WordPress 6.9.4?

According to WordPress.org data, Wishlist for WooCommerce 1.1.5 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Wishlist for WooCommerce compatible with PHP 7.0+?

Wishlist for WooCommerce requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Wishlist for WooCommerce updated?

Wishlist for WooCommerce was last updated on Dec 10, 2025. Frequent updates are generally a positive security signal.

What is Wishlist for WooCommerce's security score?

Wishlist for WooCommerce has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Wishlist for WooCommerce Security & Risk Analysis

wordpress.org/plugins/th-wishlist

A modern wishlist plugin for WooCommerce. Allows users to add products to a wishlist, view, and manage them.

800 active installs v1.1.5 PHP 7.0+ WP 5.0+ Updated Dec 10, 2025

ecommerceshopwishlistwoocommercewoocommerce-wishlist

A · Safe

CVEs total1

Unpatched0

Last CVENov 24, 2025

Plugin page Download

Safety Verdict

Is Wishlist for WooCommerce Safe to Use in 2026?

Generally Safe

Score 99/100

Wishlist for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Nov 24, 2025Updated 3mo ago

Risk Assessment

The "th-wishlist" plugin v1.1.5 demonstrates a generally good security posture with several strengths. Notably, all identified entry points (AJAX handlers, REST API routes, and shortcodes) appear to have proper authorization checks, and all output is properly escaped, mitigating common web vulnerabilities like Cross-Site Scripting (XSS). The high percentage of SQL queries using prepared statements is also a positive indicator of secure database interaction, and the absence of file operations and external HTTP requests reduces potential attack vectors. However, the static analysis did reveal two flows with unsanitized paths in the taint analysis, categorized as high severity. While the plugin has no currently unpatched vulnerabilities, its history includes one medium severity CVE related to Authorization Bypass Through User-Controlled Key. This suggests that while the developers are responsive to security issues, there have been past vulnerabilities that warrant ongoing vigilance.

Key Concerns

High severity unsanitized taint flow
High severity unsanitized taint flow
History of medium severity CVE

Vulnerabilities

Wishlist for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-12040medium · 6.5Authorization Bypass Through User-Controlled Key

Wishlist for WooCommerce <= 1.1.3 - Insecure Direct Object Reference to Unauthenticated Wishlist Manipulation

Nov 24, 2025 Patched in 1.1.4 (7d)

Code Analysis

Analyzed Mar 16, 2026

Wishlist for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

26 prepared

Unescaped Output

221 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

96% prepared27 total queries

Output Escaping

100% escaped222 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths

thwl_save_settings (includes\admin\class-th-wishlist-settings-ajax.php:74)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Wishlist for WooCommerce Attack Surface

Entry Points14

Unprotected0

AJAX Handlers 10

authwp_ajax_thwl_save_settingsincludes\admin\class-th-wishlist-settings-ajax.php:17

authwp_ajax_thwl_reset_settingsincludes\admin\class-th-wishlist-settings-ajax.php:18

authwp_ajax_thwl_add_to_wishlistincludes\class-th-wishlist-frontend.php:30

noprivwp_ajax_thwl_add_to_wishlistincludes\class-th-wishlist-frontend.php:31

authwp_ajax_thwl_remove_from_wishlistincludes\class-th-wishlist-frontend.php:32

authwp_ajax_thwl_update_item_quantityincludes\class-th-wishlist-frontend.php:33

authwp_ajax_thwl_add_all_to_cartincludes\class-th-wishlist-frontend.php:34

noprivwp_ajax_thwl_add_all_to_cartincludes\class-th-wishlist-frontend.php:35

authwp_ajax_thwl_add_to_cart_and_manageincludes\class-th-wishlist-frontend.php:36

noprivwp_ajax_thwl_add_to_cart_and_manageincludes\class-th-wishlist-frontend.php:37

Shortcodes 4

[thwl_wishlist_button] includes\class-th-wishlist-frontend.php:24

[thwl_wishlist] includes\class-th-wishlist-frontend.php:26

[thwl_add_to_wishlist] includes\class-th-wishlist-frontend.php:28

[thwl_wishlist_redirect] includes\th-wishlist-function.php:201

WordPress Hooks 26

actionadmin_enqueue_scriptsincludes\admin\class-th-wishlist-admin.php:21

actionadmin_noticesincludes\admin\class-th-wishlist-list-table.php:217

actionadmin_menuincludes\admin\class-th-wishlist-settings.php:17

actionadmin_menuincludes\admin\class-th-wishlist-track.php:18

filterbody_classincludes\class-th-wishlist-frontend.php:21

actionwp_enqueue_scriptsincludes\class-th-wishlist-frontend.php:22

filterrender_block_woocommerce/product-buttonincludes\class-th-wishlist-frontend.php:223

actionwoocommerce_after_shop_loop_itemincludes\class-th-wishlist-frontend.php:226

filterrender_block_woocommerce/product-buttonincludes\class-th-wishlist-frontend.php:232

actionwoocommerce_after_shop_loop_itemincludes\class-th-wishlist-frontend.php:234

filterrender_block_woocommerce/product-imageincludes\class-th-wishlist-frontend.php:240

actionwoocommerce_before_shop_loop_itemincludes\class-th-wishlist-frontend.php:242

actionwoocommerce_before_single_product_summaryincludes\class-th-wishlist-frontend.php:277

actionwoocommerce_after_add_to_cart_formincludes\class-th-wishlist-frontend.php:281

actionwoocommerce_after_single_product_summaryincludes\class-th-wishlist-frontend.php:285

filterrender_block_woocommerce/add-to-cart-formincludes\class-th-wishlist-frontend.php:310

filterrender_block_woocommerce/product-image-galleryincludes\class-th-wishlist-frontend.php:315

filterrender_block_woocommerce/product-detailsincludes\class-th-wishlist-frontend.php:320

actionwpincludes\th-wishlist-function.php:120

actionwpincludes\th-wishlist-function.php:121

actionbefore_woocommerce_initth-wishlist.php:32

actioninitth-wishlist.php:71

actionplugins_loadedth-wishlist.php:114

actioninitth-wishlist.php:117

actioninitth-wishlist.php:131

actionadmin_noticesth-wishlist.php:139

Maintenance & Trust

Wishlist for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 10, 2025

PHP min version7.0

Downloads6K

Community Trust

Rating0/100

Number of ratings0

Active installs800

Alternatives

Wishlist for WooCommerce Alternatives

TI WooCommerce Wishlist

ti-woocommerce-wishlist

Boost your sales with a free WooCommerce Wishlist feature. Let your customers save and share their favorite products!

100K 9 CVEs

Flexible Wishlist for WooCommerce – Ecommerce Wishlist & Save for later

flexible-wishlist

Lightweight and simple WooCommerce wishlist. Increases sales. Fits any theme. Customizes texts and icons. Add to ecommerce wishlist with just 1 click.

900 2 CVEs

Premmerce Wishlist for WooCommerce

premmerce-woocommerce-wishlist

This plugin provides the possibility for your customers to create wishlists with the further possibility to share them with friends.

200 3 CVEs

Better Wishlist

better-wishlist

Better Wishlist lets you display Wishlist anywhere on your WooCommerce shop so that your customers can easily bookmark their favourite products and fi …

10 No CVEs

Wishlist with hearts

wishlist-with-hearts

100

Click on heart(icon)/button to add/delete the product in wishlist in a Woocommerce store

10 No CVEs

Developer Profile

Wishlist for WooCommerce Developer Profile

ThemeHunk

48 plugins · 66K total installs

trust score

Avg Security Score

94/100

Avg Patch Time

189 days

View full developer profile

Detection Fingerprints

How We Detect Wishlist for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/th-wishlist/assets/css/th-wishlist-frontend.css/wp-content/plugins/th-wishlist/assets/js/th-wishlist-frontend.js/wp-content/plugins/th-wishlist/assets/css/th-wishlist-backend.css/wp-content/plugins/th-wishlist/assets/js/th-wishlist-backend.js/wp-content/plugins/th-wishlist/assets/css/pickr.min.css

Script Paths

/wp-content/plugins/th-wishlist/assets/js/th-wishlist-frontend.js/wp-content/plugins/th-wishlist/assets/js/th-wishlist-backend.js

Version Parameters

th-wishlist/assets/css/th-wishlist-frontend.css?ver=th-wishlist/assets/js/th-wishlist-frontend.js?ver=th-wishlist/assets/css/th-wishlist-backend.css?ver=th-wishlist/assets/js/th-wishlist-backend.js?ver=pickr-style?ver=

HTML / DOM Fingerprints

CSS Classes

thwl-add-to-wishlist

Data Attributes

data-thwl-wishlist-iddata-product-id

JS Globals

thwl_frontend_params

FAQ