WP-Safety

Velocity Wishlist – WooCommerce Wishlist Plugin Security & Risk Analysis

wordpress.org/plugins/velocity-wishlist

Powerful, lightweight wishlist functionality for WooCommerce. Supports guest users, product variations, social sharing, and fully customizable buttons …

0 active installs v1.1.4 PHP 7.4+ WP 6.2+ Updated Unknown
favoritesproduct-wishlistsave-for-laterwishlistwoocommerce-wishlist
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Velocity Wishlist – WooCommerce Wishlist Plugin Safe to Use in 2026?

Generally Safe

Score 100/100

Velocity Wishlist – WooCommerce Wishlist Plugin has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The "velocity-wishlist" plugin v1.1.4 presents a mixed security posture. On the positive side, the plugin demonstrates good practices by extensively using prepared statements for its SQL queries and properly escaping most of its output. It also shows a clean vulnerability history with no recorded CVEs, suggesting a well-maintained codebase or a lack of past exploitation.

However, a significant concern lies in its attack surface. With a total of 12 entry points, 6 of which are AJAX handlers that lack authentication checks, there is a substantial risk of unauthorized access and execution of plugin functions. While the taint analysis did not reveal any critical or high-severity issues, the presence of unsanitized paths or vulnerabilities in these unprotected AJAX endpoints could still lead to security compromises.

In conclusion, while the plugin's core code and history appear solid, the significant number of unprotected AJAX handlers is a notable weakness. This makes it vulnerable to attacks that could exploit these entry points if they are not adequately secured within the plugin's logic. Administrators should be aware of this potential risk and ensure appropriate measures are in place to mitigate it.

Key Concerns

  • AJAX handlers without authentication checks
  • AJAX handlers without capability checks
Vulnerabilities
None known

Velocity Wishlist – WooCommerce Wishlist Plugin Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Velocity Wishlist – WooCommerce Wishlist Plugin Code Analysis

Dangerous Functions
0
Raw SQL Queries
14
61 prepared
Unescaped Output
31
291 escaped
Nonce Checks
7
Capability Checks
6
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

81% prepared75 total queries

Output Escaping

90% escaped322 total outputs
Data Flows
All sanitized

Data Flow Analysis

1 flows
<setup-wizard> (admin\views\setup-wizard.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
6 unprotected

Velocity Wishlist – WooCommerce Wishlist Plugin Attack Surface

Entry Points12
Unprotected6

AJAX Handlers 8

authwp_ajax_velocity_wishlist_add_to_wishlistpublic\class-velocity-wishlist-ajax.php:56
authwp_ajax_velocity_wishlist_remove_from_wishlistpublic\class-velocity-wishlist-ajax.php:57
authwp_ajax_velocity_wishlist_get_wishlist_countpublic\class-velocity-wishlist-ajax.php:58
noprivwp_ajax_velocity_wishlist_add_to_wishlistpublic\class-velocity-wishlist-ajax.php:61
noprivwp_ajax_velocity_wishlist_remove_from_wishlistpublic\class-velocity-wishlist-ajax.php:62
noprivwp_ajax_velocity_wishlist_get_wishlist_countpublic\class-velocity-wishlist-ajax.php:63
authwp_ajax_velocity_wishlist_cleanup_sessionspublic\class-velocity-wishlist-ajax.php:66
authwp_ajax_velocity_wishlist_recalculate_statspublic\class-velocity-wishlist-ajax.php:67

Shortcodes 4

[velocity_wishlist] public\class-velocity-wishlist-shortcodes.php:43
[velocity_wishlist_button] public\class-velocity-wishlist-shortcodes.php:44
[velocity_wishlist_count] public\class-velocity-wishlist-shortcodes.php:45
[velocity_wishlist_widget] public\class-velocity-wishlist-shortcodes.php:46
WordPress Hooks 23
actionadmin_noticesadmin\class-velocity-wishlist-admin.php:48
actionwoocommerce_admin_field_awdev_wishlist_button_styleadmin\class-velocity-wishlist-admin.php:762
actionwoocommerce_admin_field_awdev_wishlist_icon_pickeradmin\class-velocity-wishlist-admin.php:763
actionwoocommerce_admin_field_awdev_wishlist_image_uploadadmin\class-velocity-wishlist-admin.php:764
actionwoocommerce_admin_field_awdev_wishlist_shortcodes_documentationadmin\class-velocity-wishlist-admin.php:765
actionwp_loginincludes\class-velocity-wishlist-session.php:55
actionawdev_wishlist_cleanup_sessionsincludes\class-velocity-wishlist-session.php:58
actionplugins_loadedincludes\class-velocity-wishlist.php:105
actionadmin_enqueue_scriptsincludes\class-velocity-wishlist.php:117
actionadmin_enqueue_scriptsincludes\class-velocity-wishlist.php:118
actionadmin_menuincludes\class-velocity-wishlist.php:119
actionadmin_initincludes\class-velocity-wishlist.php:120
filterwoocommerce_settings_tabs_arrayincludes\class-velocity-wishlist.php:123
actionwoocommerce_settings_tabs_wishlistincludes\class-velocity-wishlist.php:124
actionwoocommerce_update_options_wishlistincludes\class-velocity-wishlist.php:125
actionwp_enqueue_scriptsincludes\class-velocity-wishlist.php:137
actionwp_enqueue_scriptsincludes\class-velocity-wishlist.php:138
actioninitincludes\class-velocity-wishlist.php:139
actionwoocommerce_after_shop_loop_itempublic\class-velocity-wishlist-public.php:222
actionwoocommerce_single_product_summarypublic\class-velocity-wishlist-public.php:324
actionadmin_noticesvelocity-wishlist.php:40
actionbefore_woocommerce_initvelocity-wishlist.php:101
actionplugins_loadedvelocity-wishlist.php:118

Scheduled Events 1

awdev_wishlist_cleanup_sessions
Maintenance & Trust

Velocity Wishlist – WooCommerce Wishlist Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedUnknown
PHP min version7.4
Downloads117

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Velocity Wishlist – WooCommerce Wishlist Plugin Alternatives

Addonify – WooCommerce Wishlist

Addonify – WooCommerce Wishlist

addonify-wishlist

A
99

Addonify WooCommerce Wishlist is a light-weight yet powerful tool that adds a wishlist functionality to your e-commerce shop.

1K 1 CVE
QODE Wishlist for WooCommerce

QODE Wishlist for WooCommerce

qode-wishlist-for-woocommerce

A
99

Qode Wishlist for WooCommerce plugin is the ideal toolkit for letting your visitors save & share comprehensive lists with their products of interest.

10K 1 CVE
Wishlist for WooCommerce: Multi Wishlists Per Customer

Wishlist for WooCommerce: Multi Wishlists Per Customer

wish-list-for-woocommerce

A
95

Increase loyalty & sales by letting customers create, manage & share multiple wishlists on your WooCommerce store.

2K 5 CVEs
WishSuite – Wishlist for WooCommerce

WishSuite – Wishlist for WooCommerce

wishsuite

A
92

WishSuite integrates wishlist functionality into your WooCommerce store, so customers can easily add products to their wishlists for later purchases.

1K 5 CVEs
Flexible Wishlist for WooCommerce – Ecommerce Wishlist & Save for later

Flexible Wishlist for WooCommerce – Ecommerce Wishlist & Save for later

flexible-wishlist

A
98

Lightweight and simple WooCommerce wishlist. Increases sales. Fits any theme. Customizes texts and icons. Add to ecommerce wishlist with just 1 click.

900 2 CVEs
Developer Profile

Velocity Wishlist – WooCommerce Wishlist Plugin Developer Profile

velocityplugins

4 plugins · 50 total installs

93
trust score
Avg Security Score
98/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Velocity Wishlist – WooCommerce Wishlist Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/velocity-wishlist/admin/css/vwish-admin.css/wp-content/plugins/velocity-wishlist/admin/css/vwish-admin-fields.css/wp-content/plugins/velocity-wishlist/assets/css/velocity-wishlist.css/wp-content/plugins/velocity-wishlist/assets/js/velocity-wishlist-public.js/wp-content/plugins/velocity-wishlist/assets/js/vendor/bootstrap.min.js/wp-content/plugins/velocity-wishlist/assets/js/vendor/jquery.validate.min.js/wp-content/plugins/velocity-wishlist/assets/js/vendor/isotope.min.js/wp-content/plugins/velocity-wishlist/assets/js/vendor/imagesloaded.pkgd.min.js+29 more
Script Paths
/wp-content/plugins/velocity-wishlist/assets/js/velocity-wishlist-public.js/wp-content/plugins/velocity-wishlist/assets/js/vendor/bootstrap.min.js/wp-content/plugins/velocity-wishlist/assets/js/vendor/jquery.validate.min.js/wp-content/plugins/velocity-wishlist/assets/js/vendor/isotope.min.js/wp-content/plugins/velocity-wishlist/assets/js/vendor/imagesloaded.pkgd.min.js/wp-content/plugins/velocity-wishlist/assets/js/vendor/magnific-popup.min.js+14 more
Version Parameters
velocity-wishlist/admin/css/vwish-admin.css?ver=velocity-wishlist/admin/css/vwish-admin-fields.css?ver=velocity-wishlist/assets/css/velocity-wishlist.css?ver=velocity-wishlist/assets/js/velocity-wishlist-public.js?ver=velocity-wishlist/assets/js/vendor/bootstrap.min.js?ver=velocity-wishlist/assets/js/vendor/jquery.validate.min.js?ver=velocity-wishlist/assets/js/vendor/isotope.min.js?ver=velocity-wishlist/assets/js/vendor/imagesloaded.pkgd.min.js?ver=velocity-wishlist/assets/js/vendor/magnific-popup.min.js?ver=velocity-wishlist/assets/js/vendor/swiper.min.js?ver=velocity-wishlist/assets/js/vendor/slick.min.js?ver=velocity-wishlist/assets/js/vendor/parsley.min.js?ver=velocity-wishlist/assets/js/vendor/select2.min.js?ver=velocity-wishlist/assets/js/vendor/nouislider.min.js?ver=velocity-wishlist/assets/js/vendor/jquery-ui.min.js?ver=velocity-wishlist/assets/js/vendor/moment.min.js?ver=velocity-wishlist/assets/js/vendor/daterangepicker.min.js?ver=velocity-wishlist/assets/js/vendor/chart.min.js?ver=velocity-wishlist/assets/js/vendor/dataTables.min.js?ver=velocity-wishlist/assets/js/vendor/dataTables.bootstrap4.min.js?ver=velocity-wishlist/assets/js/vendor/PACE.min.js?ver=velocity-wishlist/assets/js/vendor/bootstrap-notify.min.js?ver=velocity-wishlist/assets/js/velocity-wishlist-admin.js?ver=velocity-wishlist/assets/css/vendor/bootstrap.min.css?ver=velocity-wishlist/assets/css/vendor/font-awesome.min.css?ver=velocity-wishlist/assets/css/vendor/magnific-popup.min.css?ver=velocity-wishlist/assets/css/vendor/swiper.min.css?ver=velocity-wishlist/assets/css/vendor/slick.min.css?ver=velocity-wishlist/assets/css/vendor/parsley.css?ver=velocity-wishlist/assets/css/vendor/select2.min.css?ver=velocity-wishlist/assets/css/vendor/nouislider.min.css?ver=velocity-wishlist/assets/css/vendor/jquery-ui.min.css?ver=velocity-wishlist/assets/css/vendor/daterangepicker.min.css?ver=velocity-wishlist/assets/css/vendor/chart.min.css?ver=velocity-wishlist/assets/css/vendor/dataTables.bootstrap4.min.css?ver=velocity-wishlist/assets/css/vendor/PACE.css?ver=velocity-wishlist/assets/css/vendor/bootstrap-notify.min.css?ver=

HTML / DOM Fingerprints

CSS Classes
velocity-wishlist-buttonvwish-add-to-wishlistvelocity-wishlist-iconvwish-icon-vwish-wishlist-countvwish-wishlist-removevwish-wishlist-page-titlevwish-wishlist-product-image+30 more
HTML Comments
<!-- Velocity Wishlist --><!-- End Velocity Wishlist --><!-- Velocity Wishlist Admin Notices --><!-- End Velocity Wishlist Admin Notices -->+26 more
Data Attributes
data-product-iddata-wishlist-buttondata-actiondata-product_iddata-noncedata-wishlist-id+13 more
JS Globals
velocity_wishlist_paramsvwish_paramsVelocityWishlistPublicVelocityWishlistAdmin
FAQ

Frequently Asked Questions about Velocity Wishlist – WooCommerce Wishlist Plugin