Does Wishlist and Compare for WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in Wishlist and Compare for WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Wishlist and Compare for WooCommerce compatible with WordPress 6.6.5?

According to WordPress.org data, Wishlist and Compare for WooCommerce 1.3.3 has been tested up to WordPress 6.6.5. Check the plugin's changelog for the latest compatibility information.

Is Wishlist and Compare for WooCommerce compatible with PHP 7.0.0+?

Wishlist and Compare for WooCommerce requires PHP 7.0.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Wishlist and Compare for WooCommerce updated?

Wishlist and Compare for WooCommerce was last updated on Aug 10, 2024. Frequent updates are generally a positive security signal.

What is Wishlist and Compare for WooCommerce's security score?

Wishlist and Compare for WooCommerce has a WP-Safety security score of 91/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Wishlist and Compare for WooCommerce Security & Risk Analysis

wordpress.org/plugins/wishlist-and-compare

Enhance your WooCommerce store with our Wishlist & Compare Plugin. Let customers save favorite products and compare features for informed decisions.

100 active installs v1.3.3 PHP 7.0.0+ WP 5.2+ Updated Aug 10, 2024

compareproducts-comparesave-favoriteswishlistwoocommerce-wishlist

A · Safe

CVEs total1

Unpatched0

Last CVEMay 8, 2021

Plugin page Download

Safety Verdict

Is Wishlist and Compare for WooCommerce Safe to Use in 2026?

Generally Safe

Score 91/100

Wishlist and Compare for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: May 8, 2021Updated 1yr ago

Risk Assessment

The "wishlist-and-compare" plugin version 1.3.3 exhibits a mixed security posture. While it demonstrates good practices such as 100% of SQL queries using prepared statements and a high rate of output escaping (97%), there are significant concerns regarding its attack surface. The analysis reveals 36 entry points, with a concerning 2 of these lacking proper permission callbacks. This indicates a potential for unauthorized access to certain functionalities.

Taint analysis identified 2 flows with unsanitized paths, which, while not reaching critical or high severity in this specific analysis, still represent a potential risk for data manipulation or injection if not handled with absolute certainty by upstream or downstream processes. The plugin's vulnerability history shows a single high-severity vulnerability in the past, specifically related to Missing Authorization. The fact that this is currently unpatched is a significant red flag, suggesting that users of this version are still exposed to this past risk.

Overall, the plugin has strengths in its SQL handling and output sanitization. However, the presence of unprotected REST API routes and the historical pattern of authorization issues are substantial weaknesses that require immediate attention. The plugin's attack surface is moderately large, and the two unprotected entry points, combined with the historical vulnerability, necessitate caution.

Key Concerns

REST API routes without permission callbacks
Flows with unsanitized paths
High severity vulnerability (unpatched)
AJAX handlers without auth checks

Vulnerabilities

Wishlist and Compare for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2021

2021

Patched Has unpatched

Severity Breakdown

High

1 total CVE

WF-d99614e6-4543-4594-9a46-71ecc986be45-wishlist-and-comparehigh · 7.5Missing Authorization

Wishlist and Compare for WooCommerce <= 1.0.4 - Authorization Bypass

May 8, 2021 Patched in 1.0.5 (990d)

Code Analysis

Analyzed Mar 16, 2026

Wishlist and Compare for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

488 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

97% escaped504 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths

update_wishlist_products (inc\thpublic\class-thwwc-public-settings.php:242)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Wishlist and Compare for WooCommerce Attack Surface

Entry Points36

Unprotected2

AJAX Handlers 29

authwp_ajax_thwwc_deactivation_reasoninc\base\class-thwwc-settings-links.php:34

authwp_ajax_add_compareinc\thpublic\class-thwwc-public-compare.php:74

noprivwp_ajax_add_compareinc\thpublic\class-thwwc-public-compare.php:75

authwp_ajax_update_compare_on_backinc\thpublic\class-thwwc-public-compare.php:77

noprivwp_ajax_update_compare_on_backinc\thpublic\class-thwwc-public-compare.php:78

authwp_ajax_remove_compareinc\thpublic\class-thwwc-public-compare.php:80

noprivwp_ajax_remove_compareinc\thpublic\class-thwwc-public-compare.php:81

authwp_ajax_compare_addtocartinc\thpublic\class-thwwc-public-compare.php:83

noprivwp_ajax_compare_addtocartinc\thpublic\class-thwwc-public-compare.php:84

authwp_ajax_hide_showinc\thpublic\class-thwwc-public-compare.php:86

noprivwp_ajax_hide_showinc\thpublic\class-thwwc-public-compare.php:87

authwp_ajax_add_all_to_cartinc\thpublic\class-thwwc-public-wishlist-page.php:38

noprivwp_ajax_add_all_to_cartinc\thpublic\class-thwwc-public-wishlist-page.php:39

authwp_ajax_multiple_actioninc\thpublic\class-thwwc-public-wishlist-page.php:41

noprivwp_ajax_multiple_actioninc\thpublic\class-thwwc-public-wishlist-page.php:42

authwp_ajax_add_to_cart_removeinc\thpublic\class-thwwc-public-wishlist-page.php:44

noprivwp_ajax_add_to_cart_removeinc\thpublic\class-thwwc-public-wishlist-page.php:45

authwp_ajax_get_product_detailsinc\thpublic\class-thwwc-public-wishlist-page.php:47

noprivwp_ajax_get_product_detailsinc\thpublic\class-thwwc-public-wishlist-page.php:48

authwp_ajax_filter_wishlisted_productsinc\thpublic\class-thwwc-public-wishlist-page.php:49

noprivwp_ajax_filter_wishlisted_productsinc\thpublic\class-thwwc-public-wishlist-page.php:50

authwp_ajax_add_wishlistinc\thpublic\class-thwwc-public-wishlist.php:63

noprivwp_ajax_add_wishlistinc\thpublic\class-thwwc-public-wishlist.php:64

authwp_ajax_remove_wishlistinc\thpublic\class-thwwc-public-wishlist.php:66

noprivwp_ajax_remove_wishlistinc\thpublic\class-thwwc-public-wishlist.php:67

authwp_ajax_selected_variation_actioninc\thpublic\class-thwwc-public-wishlist.php:69

noprivwp_ajax_selected_variation_actioninc\thpublic\class-thwwc-public-wishlist.php:70

authwp_ajax_update_on_back_pressinc\thpublic\class-thwwc-public-wishlist.php:72

noprivwp_ajax_update_on_back_pressinc\thpublic\class-thwwc-public-wishlist.php:73

REST API Routes 2

GET/wp-json/thwwac/v1compareinc\admin\class-thwwc-vue-api-compare.php:34

GET/wp-json/thwwac/v1datainc\admin\class-thwwc-vue-api-wishlist.php:34

Shortcodes 5

[thwwac_compare_list] inc\thpublic\class-thwwc-public-compare.php:89

[thwwac_addtowishlist] inc\thpublic\class-thwwc-public-product-page.php:44

[thwwac_wishlist_count] inc\thpublic\class-thwwc-public-wishlist-counter.php:34

[thwwac_wishlist] inc\thpublic\class-thwwc-public-wishlist-page.php:36

[thwwac_addtowishlist_loop] inc\thpublic\class-thwwc-public-wishlist.php:60

WordPress Hooks 44

actionadmin_menuinc\admin\class-thwwc-admin-pages.php:32

actionadmin_headinc\admin\class-thwwc-admin-settings.php:41

actionadmin_footerinc\admin\class-thwwc-admin-settings.php:42

actionadmin_initinc\admin\class-thwwc-admin-settings.php:43

actionadmin_noticesinc\admin\class-thwwc-admin-settings.php:44

actionrest_api_initinc\admin\class-thwwc-vue-api-compare.php:32

actionrest_api_initinc\admin\class-thwwc-vue-api-wishlist.php:32

actionplugins_loadedinc\base\class-thwwc-base-controller.php:52

actionadmin_enqueue_scriptsinc\base\class-thwwc-enqueue.php:33

actionwp_enqueue_scriptsinc\base\class-thwwc-enqueue.php:34

actionadmin_footer-plugins.phpinc\base\class-thwwc-settings-links.php:33

actionwoocommerce_after_shop_loop_iteminc\thpublic\class-thwwc-public-compare.php:51

filterwoocommerce_loop_add_to_cart_linkinc\thpublic\class-thwwc-public-compare.php:55

actionwoocommerce_after_shop_loop_iteminc\thpublic\class-thwwc-public-compare.php:57

actionwoocommerce_after_shop_loop_iteminc\thpublic\class-thwwc-public-compare.php:59

actionwoocommerce_after_add_to_cart_forminc\thpublic\class-thwwc-public-compare.php:67

actionwoocommerce_before_add_to_cart_forminc\thpublic\class-thwwc-public-compare.php:71

filterthe_contentinc\thpublic\class-thwwc-public-compare.php:91

actionwoocommerce_after_add_to_cart_forminc\thpublic\class-thwwc-public-product-page.php:38

actionwoocommerce_before_add_to_cart_forminc\thpublic\class-thwwc-public-product-page.php:40

actionwoocommerce_before_single_product_summaryinc\thpublic\class-thwwc-public-product-page.php:42

actionwpinc\thpublic\class-thwwc-public-settings.php:34

filterwoocommerce_login_redirectinc\thpublic\class-thwwc-public-settings.php:35

filterwoocommerce_registration_redirectinc\thpublic\class-thwwc-public-settings.php:36

actionwoocommerce_before_shop_loopinc\thpublic\class-thwwc-public-settings.php:39

actionwoocommerce_after_main_contentinc\thpublic\class-thwwc-public-settings.php:41

actionwp_footerinc\thpublic\class-thwwc-public-settings.php:44

actionwoocommerce_after_shop_loop_iteminc\thpublic\class-thwwc-public-settings.php:61

actionwoocommerce_after_shop_loop_iteminc\thpublic\class-thwwc-public-settings.php:62

actionwoocommerce_after_shop_loop_iteminc\thpublic\class-thwwc-public-settings.php:64

actionwoocommerce_after_shop_loop_iteminc\thpublic\class-thwwc-public-settings.php:65

actionwoocommerce_after_add_to_cart_forminc\thpublic\class-thwwc-public-settings.php:69

actionwoocommerce_after_add_to_cart_forminc\thpublic\class-thwwc-public-settings.php:70

actionwoocommerce_before_add_to_cart_forminc\thpublic\class-thwwc-public-settings.php:72

actionwoocommerce_before_add_to_cart_forminc\thpublic\class-thwwc-public-settings.php:73

filterwp_nav_menu_itemsinc\thpublic\class-thwwc-public-wishlist-counter.php:39

actionwoocommerce_after_shop_loop_iteminc\thpublic\class-thwwc-public-wishlist.php:46

filterwoocommerce_loop_add_to_cart_linkinc\thpublic\class-thwwc-public-wishlist.php:49

actionwoocommerce_after_shop_loop_iteminc\thpublic\class-thwwc-public-wishlist.php:51

actionwoocommerce_after_shop_loop_iteminc\thpublic\class-thwwc-public-wishlist.php:53

filterwoocommerce_account_menu_itemsinc\thpublic\class-thwwc-public-wishlist.php:78

filterwoocommerce_get_endpoint_urlinc\thpublic\class-thwwc-public-wishlist.php:79

filterthe_contentinc\thpublic\class-thwwc-public-wishlist.php:81

actionbefore_woocommerce_initwishlist-and-compare.php:79

Maintenance & Trust

Wishlist and Compare for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5

Last updatedAug 10, 2024

PHP min version7.0.0

Downloads8K

Community Trust

Rating94/100

Number of ratings7

Active installs100

Alternatives

Wishlist and Compare for WooCommerce Alternatives

Productive Commerce – Wishlist, Compare, Quick View, & MiniCart

productive-commerce

Integrate Wishlists, Product Comparison, Quick View, and Mini-Cart on your WooCommerce sites.

40 1 unpatched

YITH WooCommerce Wishlist

yith-woocommerce-wishlist

YITH WooCommerce Wishlist add all Wishlist features to your website. Needs WooCommerce to work. WooCommerce 10.6.x compatible.

500K 6 CVEs

TI WooCommerce Wishlist

ti-woocommerce-wishlist

Boost your sales with a free WooCommerce Wishlist feature. Let your customers save and share their favorite products!

100K 9 CVEs

WCBoost – Wishlist

wcboost-wishlist

100

WCBoost - Wishlist lets shoppers create wishlists for later purchases, reminding them of desired items, driving repeat visits and boost sales.

30K No CVEs

QODE Wishlist for WooCommerce

qode-wishlist-for-woocommerce

Qode Wishlist for WooCommerce plugin is the ideal toolkit for letting your visitors save & share comprehensive lists with their products of interest.

10K 1 CVE

Developer Profile

Wishlist and Compare for WooCommerce Developer Profile

ThemeHigh

16 plugins · 579K total installs

trust score

Avg Security Score

97/100

Avg Patch Time

245 days

View full developer profile

Detection Fingerprints

How We Detect Wishlist and Compare for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wishlist-and-compare/assets/admin/css/thwwac-admin.css/wp-content/plugins/wishlist-and-compare/assets/admin/css/thwwac-admin.min.css/wp-content/plugins/wishlist-and-compare/assets/admin/js/thwwac-vue.js/wp-content/plugins/wishlist-and-compare/assets/admin/js/thwwac-vue.min.js/wp-content/plugins/wishlist-and-compare/assets/admin/js/thwwac-axios.js/wp-content/plugins/wishlist-and-compare/assets/admin/js/thwwac-axios.min.js/wp-content/plugins/wishlist-and-compare/assets/admin/js/thwwac-sortable.js/wp-content/plugins/wishlist-and-compare/assets/admin/js/thwwac-sortable.min.js+6 more

Script Paths

assets/admin/js/thwwac-vue.jsassets/admin/js/thwwac-axios.jsassets/admin/js/thwwac-sortable.jsassets/admin/js/thwwac-vuedraggable.jsassets/admin/js/thwwac-vueqs.jsassets/admin/js/thwwac-admin.js

Version Parameters

wishlist-and-compare/assets/admin/css/thwwac-admin.css?ver=wishlist-and-compare/assets/admin/js/thwwac-vue.js?ver=wishlist-and-compare/assets/admin/js/thwwac-axios.js?ver=wishlist-and-compare/assets/admin/js/thwwac-sortable.js?ver=wishlist-and-compare/assets/admin/js/thwwac-vuedraggable.js?ver=wishlist-and-compare/assets/admin/js/thwwac-vueqs.js?ver=wishlist-and-compare/assets/admin/js/thwwac-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

thwwac-admin-style

Data Attributes

thwwac_var

JS Globals