Wishlist Everywhere Security & Risk Analysis

wordpress.org/plugins/wishlist-everywhere

Short Description: A plugin that adds a wishlist feature for your website, allowing users to save and manage their favorite items.

0 active installs v1.1.6 PHP 7.4+ WP 5.0+ Updated Feb 19, 2026
custom-post-typepost-type-wishlistproduct-wishlistwishlistwoocommerce-wishlist
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Wishlist Everywhere Safe to Use in 2026?

Generally Safe

Score 100/100

Wishlist Everywhere has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago
Risk Assessment

The "wishlist-everywhere" v1.1.6 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by using prepared statements for all SQL queries and a high percentage of properly escaped outputs. The absence of known vulnerabilities in its history is also a strong indicator of past security diligence. However, several concerns arise from the static analysis. The presence of 8 AJAX handlers, with 4 lacking proper authentication checks, presents a significant attack surface that could be exploited by unauthenticated users.

Furthermore, the taint analysis revealed two high-severity flows with unsanitized paths, which, while not classified as critical, still pose a risk of code injection or unauthorized data access if these paths are reachable. The plugin also has a notable number of entry points (14 in total) with a quarter of them unprotected. The lack of critical or high vulnerabilities historically is encouraging, but the current findings of unprotected AJAX endpoints and high-severity taint flows warrant attention to mitigate potential risks before they are exploited.

Key Concerns

  • AJAX handlers without authentication
  • High severity taint flows with unsanitized paths
  • Unprotected entry points (AJAX)
Vulnerabilities
None known

Wishlist Everywhere Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Wishlist Everywhere Release Timeline

v1.1.6Current
v1.1.5
v1.1.4
v1.1.3
v1.1.2
v1.1.1
v1.1.0
v1.0.9
v1.0.8
v1.0.6
v1.0.5
v1.0.4
Code Analysis
Analyzed Apr 16, 2026

Wishlist Everywhere Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
19 prepared
Unescaped Output
34
184 escaped
Nonce Checks
7
Capability Checks
6
File Operations
0
External Requests
2
Bundled Libraries
0

SQL Query Safety

100% prepared19 total queries

Output Escaping

84% escaped218 total outputs
Data Flows · Security
6 unsanitized

Data Flow Analysis

9 flows6 with unsanitized paths
add_wishlist_icon_to_product_archive (includes/partials/wishlist-everywhere-archive-product.php:12)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

Wishlist Everywhere Attack Surface

Entry Points14
Unprotected4

AJAX Handlers 8

authwp_ajax_wishev_add_to_wishlistincludes/partials/wishlist-everywhere-ajax-add-remove.php:3
noprivwp_ajax_wishev_add_to_wishlistincludes/partials/wishlist-everywhere-ajax-add-remove.php:4
authwp_ajax_wishev_remove_from_wishlistincludes/partials/wishlist-everywhere-ajax-add-remove.php:80
noprivwp_ajax_wishev_remove_from_wishlistincludes/partials/wishlist-everywhere-ajax-add-remove.php:81
authwp_ajax_wishev_get_wishlist_countincludes/partials/wishlist-everywhere-ajax-add-remove.php:131
noprivwp_ajax_wishev_get_wishlist_countincludes/partials/wishlist-everywhere-ajax-add-remove.php:132
authwp_ajax_wishlist_bulk_add_to_cartincludes/partials/wishlist-everywhere-display-wishlist-page.php:323
noprivwp_ajax_wishlist_bulk_add_to_cartincludes/partials/wishlist-everywhere-display-wishlist-page.php:324

Shortcodes 6

[wishlist_everywhere_archive] includes/partials/wishlist-everywhere-archive-product.php:8
[wishlist_everywhere_counter] includes/partials/wishlist-everywhere-counter.php:67
[wishlist_everywhere] includes/partials/wishlist-everywhere-display-wishlist-page.php:56
[wishlist_share] includes/partials/wishlist-everywhere-sharing-wishlist.php:14
[wishlist_post] includes/partials/wishlist-everywhere-single-post.php:11
[wishlist_everywhere_single] includes/partials/wishlist-everywhere-single-product.php:15
WordPress Hooks 36
actionadmin_menuadmin/class-wishlist-everywhere-plugin-admin.php:62
filteradmin_body_classadmin/class-wishlist-everywhere-plugin-admin.php:65
actioninitadmin/partials/wishlist-everywhere-plugin-admin-gutenberg-block.php:24
actionswitch_themeincludes/appsero/src/Insights.php:135
actionswitch_themeincludes/appsero/src/Insights.php:136
actionadmin_footerincludes/appsero/src/Insights.php:146
actionadmin_noticesincludes/appsero/src/Insights.php:161
actionadmin_initincludes/appsero/src/Insights.php:164
filtercron_schedulesincludes/appsero/src/Insights.php:168
actionadmin_menuincludes/appsero/src/License.php:219
actionafter_switch_themeincludes/appsero/src/License.php:781
actionswitch_themeincludes/appsero/src/License.php:782
filterwoocommerce_login_redirectincludes/class-wishlist-everywhere-plugin.php:92
filterinitincludes/class-wishlist-everywhere-plugin.php:93
filterwp_loginincludes/class-wishlist-everywhere-plugin.php:94
actionadmin_enqueue_scriptsincludes/class-wishlist-everywhere-plugin.php:96
filterthe_contentincludes/class-wishlist-everywhere-plugin.php:97
filterthe_contentincludes/class-wishlist-everywhere-plugin.php:98
actionwp_enqueue_scriptsincludes/class-wishlist-everywhere-plugin.php:99
actionwp_footerincludes/class-wishlist-everywhere-plugin.php:100
actionwp_footerincludes/class-wishlist-everywhere-plugin.php:101
actionadmin_enqueue_scriptsincludes/class-wishlist-everywhere-plugin.php:184
actionadmin_enqueue_scriptsincludes/class-wishlist-everywhere-plugin.php:185
actionwp_enqueue_scriptsincludes/class-wishlist-everywhere-plugin.php:202
actionwp_enqueue_scriptsincludes/class-wishlist-everywhere-plugin.php:203
actionwoocommerce_before_shop_loop_itemincludes/partials/wishlist-everywhere-archive-product.php:4
actionwoocommerce_after_shop_loop_itemincludes/partials/wishlist-everywhere-archive-product.php:6
filterwp_nav_menu_itemsincludes/partials/wishlist-everywhere-counter.php:42
actionwpincludes/partials/wishlist-everywhere-display-wishlist-page.php:5
actioninitincludes/partials/wishlist-everywhere-my-account-tab.php:3
filterwoocommerce_account_menu_itemsincludes/partials/wishlist-everywhere-my-account-tab.php:6
actionwoocommerce_account_wishlist-everywhere_endpointincludes/partials/wishlist-everywhere-my-account-tab.php:7
filterthe_contentincludes/partials/wishlist-everywhere-single-post.php:7
actionwoocommerce_before_add_to_cart_buttonincludes/partials/wishlist-everywhere-single-product.php:9
actionwoocommerce_after_add_to_cart_formincludes/partials/wishlist-everywhere-single-product.php:11
actionwoocommerce_product_thumbnailsincludes/partials/wishlist-everywhere-single-product.php:13
Maintenance & Trust

Wishlist Everywhere Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 19, 2026
PHP min version7.4
Downloads887

Community Trust

Rating0/100
Number of ratings0
Active installs0
Developer Profile

Wishlist Everywhere Developer Profile

abdullahart

2 plugins · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Wishlist Everywhere

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wishlist-everywhere/admin/css/wishlist-everywhere-plugin-admin.css/wp-content/plugins/wishlist-everywhere/admin/fontawesome/css/all.min.css/wp-content/plugins/wishlist-everywhere/admin/js/wishlist-everywhere-plugin-admin.js/wp-content/plugins/wishlist-everywhere/public/css/wishlist-everywhere-plugin-public.css/wp-content/plugins/wishlist-everywhere/public/js/wishlist-everywhere-plugin-public.js/wp-content/plugins/wishlist-everywhere/public/js/wishlist-everywhere-public-ajax.js
Script Paths
/wp-content/plugins/wishlist-everywhere/admin/js/wishlist-everywhere-plugin-admin.js/wp-content/plugins/wishlist-everywhere/public/js/wishlist-everywhere-plugin-public.js/wp-content/plugins/wishlist-everywhere/public/js/wishlist-everywhere-public-ajax.js
Version Parameters
wishlist-everywhere/admin/css/wishlist-everywhere-plugin-admin.css?ver=wishlist-everywhere/admin/fontawesome/css/all.min.css?ver=wishlist-everywhere/admin/js/wishlist-everywhere-plugin-admin.js?ver=wishlist-everywhere/public/css/wishlist-everywhere-plugin-public.css?ver=wishlist-everywhere/public/js/wishlist-everywhere-plugin-public.js?ver=wishlist-everywhere/public/js/wishlist-everywhere-public-ajax.js?ver=

HTML / DOM Fingerprints

CSS Classes
wishev-buttonwishev-add-to-wishlist-buttonwishev-remove-from-wishlist-buttonwishev-wishlist-countwishev-admin-menu-slugwishev-add-to-wishlistwishev-remove-from-wishlistwishev-product-link+19 more
HTML Comments
<!-- Wishlist Everywhere --><!-- Powered by Wishlist Everywhere --><!-- Wishlist Everywhere Admin Menu --><!-- Wishlist Everywhere Settings -->+3 more
Data Attributes
data-wishev-post-iddata-wishev-actiondata-wishev-noncedata-wishev-button-textdata-wishev-button-classdata-wishev-icon-class+3 more
JS Globals
wishlist_everywhere_params
REST Endpoints
/wp-json/wishlist-everywhere/v1/add-to-wishlist/wp-json/wishlist-everywhere/v1/remove-from-wishlist/wp-json/wishlist-everywhere/v1/get-wishlist
Shortcode Output
[wishlist_everywhere_button][wishlist_everywhere_list][wishlist_everywhere_count][wishlist_everywhere_add_to_wishlist]
FAQ

Frequently Asked Questions about Wishlist Everywhere