WP-Safety

Waitlist Woocommerce ( Back in stock notifier ) Security & Risk Analysis

wordpress.org/plugins/waitlist-woocommerce

Build a waiting list for your products and notify customers by email based on product availability.

4K active installs v2.8.8 PHP + WP 3.0.1+ Updated Feb 5, 2026
back-in-stockemail-notificationout-of-stockwaiting-list
98
A · Safe
CVEs total3
Unpatched0
Last CVESep 13, 2024
Plugin page Download
Safety Verdict

Is Waitlist Woocommerce ( Back in stock notifier ) Safe to Use in 2026?

Generally Safe

Score 98/100

Waitlist Woocommerce ( Back in stock notifier ) has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Sep 13, 2024Updated 1mo ago
Risk Assessment

The waitlist-woocommerce plugin version 2.8.8 presents a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for a vast majority of its SQL queries and a high percentage of proper output escaping. The absence of dangerous functions and no unpatched CVEs are also reassuring. However, there are notable areas of concern. The plugin has a significant attack surface with 10 entry points, and critically, 2 of these (AJAX handlers) lack proper authorization checks. This opens the door for potential unauthorized actions by unauthenticated users.

The taint analysis reveals 6 high-severity flows with unsanitized paths, indicating potential vulnerabilities where user input might be processed without adequate validation or sanitization. While no critical taint flows or raw SQL queries were found, these high-severity issues are a serious concern. The vulnerability history shows 3 medium-severity CVEs in the past, with common types including Cross-Site Scripting and Missing Authorization. This pattern, coupled with the current taint analysis findings, suggests a tendency for input validation and authorization to be areas that require vigilant attention.

In conclusion, while waitlist-woocommerce shows strengths in database interaction and output handling, the presence of unprotected AJAX endpoints and high-severity taint flows are significant risks. The historical trend of vulnerabilities also points to potential recurring weaknesses. Users should be aware of these risks, and developers should prioritize addressing the identified taint flows and securing all AJAX handlers.

Key Concerns

  • 2 AJAX handlers without auth checks
  • 6 high severity taint flows
  • 3 medium severity CVEs in history
  • 13 unsanitized paths in taint analysis
Vulnerabilities
3

Waitlist Woocommerce ( Back in stock notifier ) Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
2 CVEs in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
3

3 total CVEs

CVE-2024-8724medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Waitlist Woocommerce ( Back in stock notifier ) <= 2.7.5 - Reflected Cross-Site Scripting

Sep 13, 2024 Patched in 2.7.6 (1d)
CVE-2024-43134medium · 4.3Missing Authorization

Waitlist Woocommerce ( Back in stock notifier ) <= 2.6 - Missing Authorization

Aug 7, 2024 Patched in 2.6.1 (8d)
WF-20910787-b99d-475e-acc9-cc2bb669aa56-waitlist-woocommercemedium · 4.3Cross-Site Request Forgery (CSRF)

Waitlist Woocommerce ( Back in stock notifier ) <= 2.5.2 - Cross-Site Request Forgery to Settings Reset

Jun 27, 2023 Patched in 2.5.3 (210d)
Code Analysis
Analyzed Mar 16, 2026

Waitlist Woocommerce ( Back in stock notifier ) Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
26 prepared
Unescaped Output
87
350 escaped
Nonce Checks
13
Capability Checks
10
File Operations
2
External Requests
3
Bundled Libraries
2

Bundled Libraries

DataTablesSelect2

SQL Query Safety

96% prepared27 total queries

Output Escaping

80% escaped437 total outputs
Data Flows
13 unsanitized

Data Flow Analysis

20 flows13 with unsanitized paths
extra_tablenav (admin\class-xoo-wl-table-users-list-parent.php:330)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Waitlist Woocommerce ( Back in stock notifier ) Attack Surface

Entry Points10
Unprotected2

AJAX Handlers 9

authwp_ajax_xoo_wl_table_remove_rowadmin\class-xoo-wl-table-core.php:22
authwp_ajax_xoo_wl_table_send_emailadmin\class-xoo-wl-table-core.php:23
authwp_ajax_xoo_wl_form_submitincludes\class-xoo-wl-core.php:22
noprivwp_ajax_xoo_wl_form_submitincludes\class-xoo-wl-core.php:23
authwp_ajax_xoo_admin_settings_saveincludes\xoo-framework\admin\class-xoo-admin-settings.php:51
authwp_ajax_xoo_admin_settings_exportincludes\xoo-framework\admin\class-xoo-admin-settings.php:52
authwp_ajax_xoo_admin_settings_importincludes\xoo-framework\admin\class-xoo-admin-settings.php:53
authwp_ajax_xoo_aff_save_settingsxoo-form-fields-fw\admin\class-xoo-aff-fields.php:36
authwp_ajax_xoo_aff_reset_settingsxoo-form-fields-fw\admin\class-xoo-aff-fields.php:43

Shortcodes 1

[xoo_wl_form] includes\xoo-wl-functions.php:173
WordPress Hooks 76
actioninitadmin\class-xoo-wl-admin-settings.php:29
actionadmin_menuadmin\class-xoo-wl-admin-settings.php:30
actioninitadmin\class-xoo-wl-admin-settings.php:31
actioninitadmin\class-xoo-wl-admin-settings.php:32
actionwoocommerce_product_options_inventory_product_dataadmin\class-xoo-wl-admin-settings.php:37
actionwoocommerce_process_product_metaadmin\class-xoo-wl-admin-settings.php:38
actionadmin_initadmin\class-xoo-wl-admin-settings.php:40
actionadmin_enqueue_scriptsadmin\class-xoo-wl-admin-settings.php:41
actionxoo_tab_page_endadmin\class-xoo-wl-admin-settings.php:43
actionxoo_tab_page_startadmin\class-xoo-wl-admin-settings.php:45
actionxoo_tab_page_endadmin\class-xoo-wl-admin-settings.php:46
filterxoo_aff_add_fieldsadmin\class-xoo-wl-admin-settings.php:48
actionxoo_aff_field_selectoradmin\class-xoo-wl-admin-settings.php:49
actionxoo_tab_page_endadmin\class-xoo-wl-admin-settings.php:54
actionxoo_tab_page_startadmin\class-xoo-wl-admin-settings.php:55
actionwp_loadedadmin\class-xoo-wl-admin-settings.php:58
actionxoo_tab_page_startadmin\class-xoo-wl-admin-settings.php:59
actionxoo_as_setting_sidebar_waitlist-woocommerceadmin\class-xoo-wl-admin-settings.php:61
actionadmin_enqueue_scriptsadmin\class-xoo-wl-admin-settings.php:63
actionxoo_aff_waitlist-woocommerce_add_predefined_fieldsadmin\class-xoo-wl-aff-fields.php:10
actionxoo_wl_cron_send_back_in_stock_email_for_productincludes\class-xoo-wl-core.php:24
actionxoo_wl_form_submit_successincludes\class-xoo-wl-core.php:25
actioninitincludes\class-xoo-wl-core.php:26
actionplugins_loadedincludes\class-xoo-wl-db.php:30
actionwp_enqueue_scriptsincludes\class-xoo-wl-frontend.php:24
actionwp_enqueue_scriptsincludes\class-xoo-wl-frontend.php:25
actionwp_footerincludes\class-xoo-wl-frontend.php:26
actioninitincludes\class-xoo-wl-frontend.php:29
actionwoocommerce_before_single_productincludes\class-xoo-wl-frontend.php:32
actionwoocommerce_after_shop_loop_itemincludes\class-xoo-wl-frontend.php:36
actionxoo_wl_form_endincludes\class-xoo-wl-frontend.php:38
actioninitincludes\class-xoo-wl.php:84
actionxoo_wl_cron_fetch_old_waitlistincludes\class-xoo-wl.php:85
actionxoo_wl_test_cronincludes\class-xoo-wl.php:88
actionadmin_initincludes\class-xoo-wl.php:89
filterxoo_aff_enable_autocompadrincludes\class-xoo-wl.php:90
actionelementor/widgets/registerincludes\class-xoo-wl.php:92
actionxoo_wl_email_back_in_stock_sentincludes\emails\class-xoo-wl-back-in-stock-email.php:20
actionxoo_wl_email_back_in_stock_sentincludes\emails\class-xoo-wl-back-in-stock-email.php:21
actionxoo_wl_email_headincludes\emails\class-xoo-wl-back-in-stock-email.php:22
filterwp_mail_fromincludes\emails\class-xoo-wl-email.php:139
filterwp_mail_from_nameincludes\emails\class-xoo-wl-email.php:140
filterwp_mail_content_typeincludes\emails\class-xoo-wl-email.php:141
filterwpml_user_languageincludes\emails\class-xoo-wl-email.php:144
filterwpml_user_languageincludes\emails\class-xoo-wl-email.php:176
actionxoo_wl_email_headincludes\emails\class-xoo-wl-emails.php:26
actionxoo_wl_email_headerincludes\emails\class-xoo-wl-emails.php:27
actionxoo_wl_email_footerincludes\emails\class-xoo-wl-emails.php:28
actionxoo_wl_email_footer_contentincludes\emails\class-xoo-wl-emails.php:29
actioninitincludes\xoo-framework\admin\class-xoo-admin-settings.php:57
actioninitincludes\xoo-framework\admin\class-xoo-admin-settings.php:58
actionadmin_enqueue_scriptsincludes\xoo-framework\admin\class-xoo-admin-settings.php:62
actionwp_loadedincludes\xoo-framework\admin\class-xoo-admin-settings.php:64
actionxoo_tab_page_startincludes\xoo-framework\admin\class-xoo-admin-settings.php:65
actionxoo_tab_page_startincludes\xoo-framework\admin\class-xoo-admin-settings.php:66
actionadmin_noticesincludes\xoo-framework\admin\class-xoo-admin-settings.php:72
actionadmin_initincludes\xoo-framework\admin\class-xoo-admin-settings.php:73
actionadmin_initincludes\xoo-framework\admin\class-xoo-admin-settings.php:74
actioninitincludes\xoo-framework\class-xoo-helper.php:41
actionadmin_initincludes\xoo-framework\class-xoo-helper.php:42
filterwp_mail_fromincludes\xoo-framework\class-xoo-helper.php:430
filterwp_mail_from_nameincludes\xoo-framework\class-xoo-helper.php:431
filterwp_mail_content_typeincludes\xoo-framework\class-xoo-helper.php:432
actionxoo_aff_waitlist-woocommerce_input_argsincludes\xoo-wl-functions.php:182
filterxoo_aff_export_optionsxoo-form-fields-fw\admin\class-xoo-aff-admin.php:21
actionadmin_footerxoo-form-fields-fw\admin\class-xoo-aff-admin.php:25
actionadmin_enqueue_scriptsxoo-form-fields-fw\admin\class-xoo-aff-admin.php:26
actionadmin_footerxoo-form-fields-fw\admin\class-xoo-aff-admin.php:27
actionadmin_footerxoo-form-fields-fw\admin\class-xoo-aff-fields.php:30
actioninitxoo-form-fields-fw\admin\class-xoo-aff-fields.php:31
actionadmin_initxoo-form-fields-fw\admin\class-xoo-aff-fields.php:39
actionadmin_initxoo-form-fields-fw\admin\settings\class-xoo-aff-settings.php:19
actioninitxoo-form-fields-fw\admin\settings\class-xoo-aff-settings.php:20
actionadmin_enqueue_scriptsxoo-form-fields-fw\admin\settings\class-xoo-aff-settings.php:21
actioninitxoo-form-fields-fw\includes\class-xoo-aff.php:19
actionplugins_loadedxoo-wl-main.php:42

Scheduled Events 3

xoo_wl_cron_send_back_in_stock_email_for_product
xoo_wl_cron_fetch_old_waitlist
xoo_wl_test_cron
Maintenance & Trust

Waitlist Woocommerce ( Back in stock notifier ) Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 5, 2026
PHP min version
Downloads114K

Community Trust

Rating92/100
Number of ratings113
Active installs4K
Alternatives

Waitlist Woocommerce ( Back in stock notifier ) Alternatives

MoreConvert Wishlist for WooCommerce

MoreConvert Wishlist for WooCommerce

smart-wishlist-for-more-convert

A
94

Free: WooCommerce Wishlist, Email automation, Elementor and Premium: Back-in-Stock Notifier, Save For Later, Multi-lists, reports, Email Marketing

9K 6 CVEs
Notifima – WooCommerce Stock Manager, Inventory Management, Waitlist

Notifima – WooCommerce Stock Manager, Inventory Management, Waitlist

woocommerce-product-stock-alert

A
99

WooCommerce back in stock notifier and stock manager plugin. Manage inventory, enable waitlists, and send stock notifications automatically.

3K 2 CVEs
YITH WooCommerce Waitlist

YITH WooCommerce Waitlist

yith-woocommerce-waiting-list

A
99

This plugin enables registered users to request an email notification when an out-of-stock product comes back into stock.

3K 2 CVEs
Restock Notifier For WooCommerce

Restock Notifier For WooCommerce

restock-notifier-for-woocommerce

A
100

Notify customers via email when out-of-stock WooCommerce products are restocked. Simple, smart, and fully automated.

20 No CVEs
PiWeb Advance notification for WooCommerce

PiWeb Advance notification for WooCommerce

advance-notification-for-woocommerce

A
100

Advance notification for WooCommerce | WooCommerce email notifications | Woocommerce send email after order | WooCommerce order notification | Low sto &hellip;

10 No CVEs
Developer Profile

Waitlist Woocommerce ( Back in stock notifier ) Developer Profile

xootix

6 plugins · 136K total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
320 days
View full developer profile
Detection Fingerprints

How We Detect Waitlist Woocommerce ( Back in stock notifier )

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/waitlist-woocommerce/assets/css/xoo-wl-public.css/wp-content/plugins/waitlist-woocommerce/assets/css/xoo-wl-admin.css/wp-content/plugins/waitlist-woocommerce/assets/js/xoo-wl-public.js/wp-content/plugins/waitlist-woocommerce/assets/js/xoo-wl-admin.js/wp-content/plugins/waitlist-woocommerce/assets/js/xoo-wl-ajax.js/wp-content/plugins/waitlist-woocommerce/admin/views/settings/add-ons.php
Script Paths
/wp-content/plugins/waitlist-woocommerce/assets/js/xoo-wl-public.js/wp-content/plugins/waitlist-woocommerce/assets/js/xoo-wl-admin.js/wp-content/plugins/waitlist-woocommerce/assets/js/xoo-wl-ajax.js
Version Parameters
waitlist-woocommerce/assets/css/xoo-wl-public.css?ver=waitlist-woocommerce/assets/css/xoo-wl-admin.css?ver=waitlist-woocommerce/assets/js/xoo-wl-public.js?ver=waitlist-woocommerce/assets/js/xoo-wl-admin.js?ver=waitlist-woocommerce/assets/js/xoo-wl-ajax.js?ver=

HTML / DOM Fingerprints

CSS Classes
xoo-wl-form-wrapperxoo-wl-submit-buttonxoo-wl-waitlist-buttonxoo-wl-added-to-waitlistxoo-wl-product-stock-statusxoo-wl-form-rowxoo-wl-form-fieldxoo-wl-notice+4 more
HTML Comments
<!-- waitlist for woocommerce --><!-- Waitlist woocommerce ( Back in stock notifier ) --><!-- Info Tab --><!-- Troubleshooting -->
Data Attributes
data-product_iddata-waitlist_button_typedata-product_slugdata-product_skudata-button_textdata-button_class+35 more
JS Globals
XooWlPublicxoo_wl_varsxoo_wl_ajax_object
REST Endpoints
/wp-json/xoo-wl/v1/waitlist/add/wp-json/xoo-wl/v1/waitlist/remove/wp-json/xoo-wl/v1/waitlist/get
Shortcode Output
[xoo_wl_form]
FAQ

Frequently Asked Questions about Waitlist Woocommerce ( Back in stock notifier )