WP-Safety

Wishlist for WooCommerce: Multi Wishlists Per Customer Security & Risk Analysis

wordpress.org/plugins/wish-list-for-woocommerce

Increase loyalty & sales by letting customers create, manage & share multiple wishlists on your WooCommerce store.

2K active installs v3.4.1 PHP 5.6.0+ WP 6.1+ Updated Mar 9, 2026
add-to-wishlistproduct-wishlistwishlistwoocommercewoocommerce-wishlist
95
A · Safe
CVEs total5
Unpatched0
Last CVEDec 30, 2025
Plugin page Download
Safety Verdict

Is Wishlist for WooCommerce: Multi Wishlists Per Customer Safe to Use in 2026?

Generally Safe

Score 95/100

Wishlist for WooCommerce: Multi Wishlists Per Customer has a strong security track record. Known vulnerabilities have been patched promptly.

5 known CVEsLast CVE: Dec 30, 2025Updated 25d ago
Risk Assessment

The "wish-list-for-woocommerce" v3.4.1 plugin exhibits a mixed security posture. On the positive side, the static analysis reveals no immediately exploitable entry points without authentication or permission checks, and all SQL queries are properly prepared. The absence of dangerous functions, file operations, and external HTTP requests is also a good indicator of secure coding practices in these areas. However, the taint analysis, while showing no critical or high severity issues, did identify two flows with unsanitized paths. This, coupled with the fact that 18% of output is not properly escaped, suggests potential vulnerabilities like Cross-Site Scripting (XSS) that could be exploited if an attacker can influence the data that reaches these outputs. The plugin's vulnerability history is a significant concern, with five medium-severity CVEs recorded, including common types like Missing Authorization, CSRF, and XSS. While there are currently no unpatched vulnerabilities, the recurring nature of these past issues, especially the lack of authorization and XSS flaws, indicates a pattern of potential weaknesses that could resurface. The presence of capability checks on only a small fraction of entry points is also a notable concern, as it leaves many potential interaction points less secure than they could be. Overall, while some foundational security aspects are well-handled, the identified taint flows, unescaped output, and historical vulnerability patterns necessitate caution and diligent patching.

Key Concerns

  • Unsanitized paths in taint analysis
  • Improperly escaped output detected
  • Five medium severity CVEs in history
  • Lack of capability checks on entry points
Vulnerabilities
5

Wishlist for WooCommerce: Multi Wishlists Per Customer Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
4 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
5

5 total CVEs

CVE-2025-69334medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Wishlist for WooCommerce <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 30, 2025 Patched in 3.3.1 (15d)
CVE-2025-49319medium · 5.3Missing Authorization

Wishlist for WooCommerce <= 3.2.3 - Missing Authorization

Jul 10, 2025 Patched in 3.2.4 (7d)
CVE-2025-48237medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Wishlist for WooCommerce <= 3.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

May 19, 2025 Patched in 3.2.3 (11d)
CVE-2024-13774medium · 6.1Cross-Site Request Forgery (CSRF)

Wishlist for WooCommerce: Multi Wishlists Per Customer <= 3.1.7 - Cross-Site Request Forgery to Cross-Site Scriping via Wishlist Name

Mar 7, 2025 Patched in 3.1.8 (3d)
CVE-2024-56228medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Wishlist for WooCommerce: Multi Wishlists Per Customer <= 3.1.2 - Reflected Cross-Site Scripting

Dec 19, 2024 Patched in 3.1.3 (21d)
Code Analysis
Analyzed Mar 16, 2026

Wishlist for WooCommerce: Multi Wishlists Per Customer Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
5 prepared
Unescaped Output
76
355 escaped
Nonce Checks
6
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared5 total queries

Output Escaping

82% escaped431 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
<remove-button> (templates\remove-button.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Wishlist for WooCommerce: Multi Wishlists Per Customer Attack Surface

Entry Points4
Unprotected0

Shortcodes 4

[ti_wishlists_addtowishlist] includes\free\class-alg-wc-wish-list-compatibility.php:35
[alg_wc_wl_toggle_item] includes\free\class-alg-wc-wish-list-shortcodes.php:45
[alg_wc_wl_add_to_cart] includes\free\class-alg-wc-wish-list-shortcodes.php:46
[alg_wc_wl_item_users_amount] includes\free\class-alg-wc-wish-list-shortcodes.php:50
WordPress Hooks 84
filterwoocommerce_get_sections_alg_wc_wish_listincludes\admin\class-alg-wc-wish-list-settings-section.php:59
filterwoocommerce_get_sections_alg_wc_wish_listincludes\admin\class-alg-wc-wish-list-settings-section.php:60
actionadmin_initincludes\admin\class-alg-wc-wish-list-settings.php:29
actioninitincludes\class-alg-wc-wish-list-core.php:150
actionbefore_woocommerce_initincludes\class-alg-wc-wish-list-core.php:153
actioninitincludes\class-alg-wc-wish-list-core.php:161
actionwp_enqueue_scriptsincludes\class-alg-wc-wish-list-core.php:172
actionwp_enqueue_scriptsincludes\class-alg-wc-wish-list-core.php:175
filteralg_wc_wl_locate_template_paramsincludes\class-alg-wc-wish-list-core.php:176
filteralg_wc_wl_fa_icon_classincludes\class-alg-wc-wish-list-core.php:177
filteralg_wc_wl_toggle_item_textsincludes\class-alg-wc-wish-list-core.php:180
filteralg_wc_wl_locate_templateincludes\class-alg-wc-wish-list-core.php:183
filteralg_wc_wl_locate_template_paramsincludes\class-alg-wc-wish-list-core.php:184
filteralg_wc_wl_locate_template_paramsincludes\class-alg-wc-wish-list-core.php:185
filteralg_wc_wl_locate_template_paramsincludes\class-alg-wc-wish-list-core.php:186
filteralg_wc_wl_locate_template_paramsincludes\class-alg-wc-wish-list-core.php:187
actionwp_enqueue_scriptsincludes\class-alg-wc-wish-list-core.php:190
actionuser_registerincludes\class-alg-wc-wish-list-core.php:196
actionwp_loginincludes\class-alg-wc-wish-list-core.php:199
filteralg_wc_wl_toggle_item_ajax_responseincludes\class-alg-wc-wish-list-core.php:201
filterwoocommerce_locate_templateincludes\class-alg-wc-wish-list-core.php:210
filterwoocommerce_locate_core_templateincludes\class-alg-wc-wish-list-core.php:211
actionwidgets_initincludes\class-alg-wc-wish-list-core.php:220
actioninitincludes\class-alg-wc-wish-list-core.php:231
filteralg_wc_wl_localizeincludes\class-alg-wc-wish-list-core.php:232
filteralg_wc_wl_fa_icon_classincludes\class-alg-wc-wish-list-core.php:235
filterwp_footerincludes\class-alg-wc-wish-list-core.php:238
filteralg_wc_wl_toggle_item_textsincludes\class-alg-wc-wish-list-core.php:241
filterwp_get_nav_menu_itemsincludes\class-alg-wc-wish-list-core.php:248
filteralg_wc_wl_show_default_btnincludes\class-alg-wc-wish-list-core.php:251
filteralg_wc_wl_show_thumb_btnincludes\class-alg-wc-wish-list-core.php:254
filteralg_wc_wl_toggle_item_responseincludes\class-alg-wc-wish-list-core.php:257
filteralg_wc_wl_can_toggle_unloggedincludes\class-alg-wc-wish-list-core.php:258
filteralg_wc_wl_btn_enabledincludes\class-alg-wc-wish-list-core.php:259
actionwp_footerincludes\class-alg-wc-wish-list-core.php:271
filterwoocommerce_blocks_product_grid_item_htmlincludes\class-alg-wc-wish-list-core.php:274
filteralg_wc_wl_remove_all_btn_labelincludes\class-alg-wc-wish-list-core.php:277
filteralg_wc_wl_all_removed_textincludes\class-alg-wc-wish-list-core.php:278
actionadmin_noticesincludes\class-alg-wc-wish-list-core.php:314
filteralg_wc_wl_localizeincludes\class-alg-wc-wish-list-core.php:1159
actionwp_enqueue_scriptsincludes\class-alg-wc-wish-list-core.php:1160
filteralg_wc_wishlist_js_modules_to_loadincludes\class-alg-wc-wish-list-core.php:1161
filterwoocommerce_get_settings_pagesincludes\class-alg-wc-wish-list-core.php:1265
actionadmin_enqueue_scriptsincludes\class-alg-wc-wish-list-core.php:1291
actionwoocommerce_product_thumbnailsincludes\class-alg-wc-wish-list-core.php:1514
filteralg_wc_wl_locate_templateincludes\free\class-alg-wc-wish-list-admin-multiple.php:25
actionwoocommerce_checkout_order_processedincludes\free\class-alg-wc-wish-list-auto-remove.php:27
actionwoocommerce_order_status_changedincludes\free\class-alg-wc-wish-list-auto-remove.php:29
actionwoocommerce_add_to_cartincludes\free\class-alg-wc-wish-list-auto-remove.php:31
actioninitincludes\free\class-alg-wc-wish-list-compatibility.php:34
filteralg_wc_wl_locate_template_paramsincludes\free\class-alg-wc-wish-list-email-sharing.php:23
filterquery_varsincludes\free\class-alg-wc-wish-list-email-sharing.php:26
actioninitincludes\free\class-alg-wc-wish-list-email-sharing.php:29
actionwp_enqueue_scriptsincludes\free\class-alg-wc-wish-list-email-sharing.php:46
filteralg_wc_wl_locate_template_paramsincludes\free\class-alg-wc-wish-list-note-field.php:26
filterwp_footerincludes\free\class-alg-wc-wish-list-note-field.php:29
filtermanage_users_columnsincludes\free\class-alg-wc-wish-list-report.php:47
filtermanage_users_custom_columnincludes\free\class-alg-wc-wish-list-report.php:48
actionpre_user_queryincludes\free\class-alg-wc-wish-list-report.php:49
filtermanage_users_sortable_columnsincludes\free\class-alg-wc-wish-list-report.php:50
actionposts_clausesincludes\free\class-alg-wc-wish-list-report.php:54
filtermanage_edit-product_sortable_columnsincludes\free\class-alg-wc-wish-list-report.php:55
actionadmin_enqueue_scriptsincludes\free\class-alg-wc-wish-list-report.php:57
filteralg_wc_wl_wish_listincludes\free\class-alg-wc-wish-list-sorting.php:25
filterwoocommerce_email_classesincludes\free\class-alg-wc-wish-list-stock-manager.php:26
actionupdate_postmetaincludes\free\class-alg-wc-wish-list-stock-manager.php:27
actioninitincludes\free\class-alg-wc-wish-list-stock-manager.php:28
actionalg_wcwl_wc_product_stock_change_instockincludes\free\class-alg-wc-wish-list-stock-manager.php:29
filteralg_wc_wl_locate_template_paramsincludes\free\class-alg-wc-wish-list-subtotal.php:26
filterwp_footerincludes\free\class-alg-wc-wish-list-subtotal.php:27
actioninitincludes\free\class-alg-wc-wish-list-tab.php:30
filterquery_varsincludes\free\class-alg-wc-wish-list-tab.php:31
filterwoocommerce_get_query_varsincludes\free\class-alg-wc-wish-list-tab.php:32
filterthe_titleincludes\free\class-alg-wc-wish-list-tab.php:35
filterwoocommerce_account_menu_itemsincludes\free\class-alg-wc-wish-list-tab.php:38
filterwcml_register_endpoints_query_varsincludes\free\class-alg-wc-wish-list-tab.php:44
filterwcml_endpoint_permalink_filterincludes\free\class-alg-wc-wish-list-tab.php:45
filteralg_wc_wl_locate_template_paramsincludes\free\class-alg-wc-wish-list-taxonomies.php:23
actionwp_footerincludes\free\class-alg-wc-wish-list-variable-products.php:23
actionwp_footerincludes\free\class-alg-wc-wish-list-variable-products.php:24
actionalg_wc_wl_toggle_wish_list_itemincludes\free\class-alg-wc-wish-list-variable-products.php:25
filteralg_wc_wl_locate_template_paramsincludes\free\class-alg-wc-wish-list-variable-products.php:26
actionbefore_woocommerce_initwish-list-for-woocommerce.php:43
actionplugins_loadedwish-list-for-woocommerce.php:271
Maintenance & Trust

Wishlist for WooCommerce: Multi Wishlists Per Customer Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 9, 2026
PHP min version5.6.0
Downloads187K

Community Trust

Rating98/100
Number of ratings52
Active installs2K
Alternatives

Wishlist for WooCommerce: Multi Wishlists Per Customer Alternatives

QODE Wishlist for WooCommerce

QODE Wishlist for WooCommerce

qode-wishlist-for-woocommerce

A
99

Qode Wishlist for WooCommerce plugin is the ideal toolkit for letting your visitors save & share comprehensive lists with their products of interest.

10K 1 CVE
Addonify – WooCommerce Wishlist

Addonify – WooCommerce Wishlist

addonify-wishlist

A
99

Addonify WooCommerce Wishlist is a light-weight yet powerful tool that adds a wishlist functionality to your e-commerce shop.

1K 1 CVE
Airy Wishlist for WooCommerce

Airy Wishlist for WooCommerce

airy-wishlist

A
100

A powerful and user-friendly wishlist plugin for WooCommerce. Let customers save their favorite products for later!

20 No CVEs
YITH WooCommerce Wishlist

YITH WooCommerce Wishlist

yith-woocommerce-wishlist

A
92

YITH WooCommerce Wishlist add all Wishlist features to your website. Needs WooCommerce to work. WooCommerce 10.6.x compatible.

500K 6 CVEs
WishSuite – Wishlist for WooCommerce

WishSuite – Wishlist for WooCommerce

wishsuite

A
92

WishSuite integrates wishlist functionality into your WooCommerce store, so customers can easily add products to their wishlists for later purchases.

1K 5 CVEs
Developer Profile

Wishlist for WooCommerce: Multi Wishlists Per Customer Developer Profile

WPFactory

63 plugins · 136K total installs

86
trust score
Avg Security Score
97/100
Avg Patch Time
90 days
View full developer profile
Detection Fingerprints

How We Detect Wishlist for WooCommerce: Multi Wishlists Per Customer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wish-list-for-woocommerce/assets/css/frontend.css/wp-content/plugins/wish-list-for-woocommerce/assets/js/frontend.js/wp-content/plugins/wish-list-for-woocommerce/assets/css/style.css
Script Paths
/wp-content/plugins/wish-list-for-woocommerce/assets/js/frontend.js
Version Parameters
wish-list-for-woocommerce/assets/css/frontend.css?ver=wish-list-for-woocommerce/assets/js/frontend.js?ver=wish-list-for-woocommerce/assets/css/style.css?ver=

HTML / DOM Fingerprints

CSS Classes
alg-wc-wl-wishlist-buttonalg-wc-wl-wishlist-button-wrapperalg-wc-wl-add-to-wishlistalg-wc-wl-added-to-wishlistalg-wc-wl-wishlist-counter
HTML Comments
<!--Alg_WC_Wishlist_For_Woocommerce--><!--wish-list-for-woocommerce-->
Data Attributes
data-wishlist-iddata-product-id
JS Globals
alg_wc_wl_frontend_params
FAQ

Frequently Asked Questions about Wishlist for WooCommerce: Multi Wishlists Per Customer