WP-Safety

Wishlist with hearts Security & Risk Analysis

wordpress.org/plugins/wishlist-with-hearts

Click on heart(icon)/button to add/delete the product in wishlist in a Woocommerce store

10 active installs v2.0.0 PHP 7.0+ WP 4.0+ Updated Unknown
shopping-listshortlistwc-wishlistwishlistwoocommerce-wishlist
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Wishlist with hearts Safe to Use in 2026?

Generally Safe

Score 100/100

Wishlist with hearts has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The "wishlist-with-hearts" v2.0.0 plugin exhibits a mixed security posture. On the positive side, it demonstrates excellent practices regarding SQL queries, ensuring all are prepared statements, and all output is properly escaped. It also has a clean vulnerability history with no recorded CVEs. However, there are significant concerns stemming from the static analysis. The plugin exposes 3 REST API routes that lack permission callbacks, creating a substantial attack surface that could be exploited without proper authorization. Furthermore, the presence of 6 dangerous functions, specifically `unserialize`, is a critical red flag. The taint analysis reveals 10 flows with unsanitized paths, all of which are classified as high severity. This combination of insecure deserialization and high-severity unsanitized flows is particularly worrying and suggests a potential for remote code execution or data manipulation if these paths are triggered by malicious input.

Key Concerns

  • REST API routes without permission callbacks
  • Dangerous function 'unserialize' used
  • High severity taint flows with unsanitized paths
Vulnerabilities
None known

Wishlist with hearts Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Wishlist with hearts Code Analysis

Dangerous Functions
6
Raw SQL Queries
0
0 prepared
Unescaped Output
0
58 escaped
Nonce Checks
1
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$array_val = unserialize($prev_val);includes\wlwhplugin-create-button.php:40
unserialize$array_val = unserialize($prev_val);includes\wlwhplugin-show-hearts.php:60
unserialize$array_val = unserialize($prev_val);includes\wlwhplugin-wish-route.php:111
unserialize$array_val = unserialize($prev_val);includes\wlwhplugin-wish-route.php:172
unserialize$wishListIds = unserialize($prev_val);includes\wlwhplugin-wishlist.php:60
unserialize$wishListIds = unserialize($prev_val);templates\frontend\page-wishlist.php:58

Output Escaping

100% escaped58 total outputs
Data Flows
10 unsanitized

Data Flow Analysis

10 flows10 with unsanitized paths
check_wish_status (includes\wlwhplugin-create-button.php:16)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

Wishlist with hearts Attack Surface

Entry Points7
Unprotected3

REST API Routes 3

POST/wp-json/wlwh/v1sendemailincludes\wlwhplugin-email-route.php:9
POST/wp-json/wlwh/v1manageWishincludes\wlwhplugin-wish-route.php:11
DELETE/wp-json/wlwh/v1manageWishincludes\wlwhplugin-wish-route.php:16

Shortcodes 4

[rvp_show] includes\rvp_shortcodes_view.php:6
[wlwh_showheart] shortcodes\wlwh_shortcode_view.php:8
[wlwh_showbutton] shortcodes\wlwh_shortcode_view.php:24
[wlwh_the_wishlist] shortcodes\wlwh_shortcode_view.php:39
WordPress Hooks 17
actionwoocommerce_before_add_to_cart_buttonincludes\wlwhplugin-create-button.php:157
actionwoocommerce_product_meta_startincludes\wlwhplugin-create-button.php:159
actionadmin_initincludes\wlwhplugin-create-metabox.php:153
actionsave_postincludes\wlwhplugin-create-metabox.php:154
filterpage_templateincludes\wlwhplugin-create-page.php:62
actionrest_api_initincludes\wlwhplugin-email-route.php:16
actionadmin_initincludes\wlwhplugin-email-settings-fields.php:75
actionadmin_menuincludes\wlwhplugin-menus.php:57
actioninitincludes\wlwhplugin-post-types.php:47
actionadmin_enqueue_scriptsincludes\wlwhplugin-scripts.php:21
actionwp_enqueue_scriptsincludes\wlwhplugin-scripts.php:38
actionadmin_initincludes\wlwhplugin-settings-fields.php:292
actionwoocommerce_before_shop_loop_item_titleincludes\wlwhplugin-show-hearts.php:131
actionwoocommerce_before_single_product_summaryincludes\wlwhplugin-show-hearts.php:137
actionwp_enqueue_scriptsincludes\wlwhplugin-styles.php:15
actionadmin_enqueue_scriptsincludes\wlwhplugin-styles.php:24
actionrest_api_initincludes\wlwhplugin-wish-route.php:22
Maintenance & Trust

Wishlist with hearts Maintenance & Trust

Maintenance Signals

WordPress version tested5.8.13
Last updatedUnknown
PHP min version7.0
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Wishlist with hearts Alternatives

YITH WooCommerce Wishlist

YITH WooCommerce Wishlist

yith-woocommerce-wishlist

A
92

YITH WooCommerce Wishlist add all Wishlist features to your website. Needs WooCommerce to work. WooCommerce 10.6.x compatible.

500K 6 CVEs
TI WooCommerce Wishlist

TI WooCommerce Wishlist

ti-woocommerce-wishlist

B
77

Boost your sales with a free WooCommerce Wishlist feature. Let your customers save and share their favorite products!

100K 9 CVEs
WCBoost – Wishlist

WCBoost – Wishlist

wcboost-wishlist

A
100

WCBoost - Wishlist lets shoppers create wishlists for later purchases, reminding them of desired items, driving repeat visits and boost sales.

30K No CVEs
QODE Wishlist for WooCommerce

QODE Wishlist for WooCommerce

qode-wishlist-for-woocommerce

A
99

Qode Wishlist for WooCommerce plugin is the ideal toolkit for letting your visitors save & share comprehensive lists with their products of interest.

10K 1 CVE
MoreConvert Wishlist for WooCommerce

MoreConvert Wishlist for WooCommerce

smart-wishlist-for-more-convert

A
94

Free: WooCommerce Wishlist, Email automation, Elementor and Premium: Back-in-Stock Notifier, Save For Later, Multi-lists, reports, Email Marketing

9K 6 CVEs
Developer Profile

Wishlist with hearts Developer Profile

rajarora795

1 plugin · 10 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Wishlist with hearts

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wishlist-with-hearts/frontend/css/wlwhplugin-frontend-style.css/wp-content/plugins/wishlist-with-hearts/frontend/css/page-wishlist.css/wp-content/plugins/wishlist-with-hearts/assets/font-awesome-4.7.0/css/font-awesome.min.css/wp-content/plugins/wishlist-with-hearts/admin/css/metabox.css/wp-content/plugins/wishlist-with-hearts/admin/js/wlwhplugin-admin.js/wp-content/plugins/wishlist-with-hearts/admin/js/wlwhplugin-colpicker.js/wp-content/plugins/wishlist-with-hearts/frontend/js/wlwhplugin-wishlist.js
Script Paths
admin/js/wlwhplugin-admin.jsadmin/js/wlwhplugin-colpicker.jsfrontend/js/wlwhplugin-wishlist.js
Version Parameters
wlwhplugin-adminmy-script-handlewlwhplugin-frontendload-fawlwhplugin-frontendwlwhplugin-frontend-wishlistwlwhplugin-admin

HTML / DOM Fingerprints

CSS Classes
wlwhplugin-admin-stylewlwhplugin-frontend-stylewlwhplugin-frontend-wishlist-style
Data Attributes
data-plugin-urldata-site-url
JS Globals
wlwhData
REST Endpoints
/wlwh/v1/sendemail/wlwh/v1/manageWish
Shortcode Output
[wlwh_shortcode_view]
FAQ

Frequently Asked Questions about Wishlist with hearts