WishSuite – Wishlist for WooCommerce Security & Risk Analysis
wordpress.org/plugins/wishsuiteWishSuite integrates wishlist functionality into your WooCommerce store, so customers can easily add products to their wishlists for later purchases.
Is WishSuite – Wishlist for WooCommerce Safe to Use in 2026?
Generally Safe
Score 92/100WishSuite – Wishlist for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.
The "wishsuite" v1.5.3 plugin exhibits a mixed security posture. While it demonstrates good practices by implementing nonce checks and capability checks on all identified entry points, and largely utilizes prepared statements for SQL queries, there are notable areas of concern. The static analysis reveals a significant percentage of improperly escaped output, which presents a risk of Cross-Site Scripting (XSS) vulnerabilities, especially given the plugin's history of XSS CVEs. Furthermore, the taint analysis indicates flows with unsanitized paths, which could potentially lead to file inclusion or path traversal vulnerabilities if not handled carefully in the application logic. The plugin's history of 5 known CVEs, including high and medium severity issues like XSS, PHP Remote File Inclusion, and CSRF, suggests a recurring pattern of vulnerabilities related to input handling and authentication. The most recent vulnerability was reported in December 2025, which is concerning if the current version is v1.5.3. While the current version has no *unpatched* CVEs, the historical pattern and the output escaping and taint analysis findings warrant caution.
Key Concerns
- Significant percentage of unescaped output
- Taint analysis found unsanitized paths
- History of medium and high severity CVEs
- Recent vulnerability reported in 2025
WishSuite – Wishlist for WooCommerce Security Vulnerabilities
CVEs by Year
Severity Breakdown
5 total CVEs
WishSuite <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'button_text' Shortcode Attribute
WishSuite <= 1.4.4 - Authenticated (Contributor+) Local File Inclusion
WishSuite <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
WishSuite <= 1.3.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
WishSuite <= 1.3.3 - Cross-Site Request Forgery via plugin_activation()
WishSuite – Wishlist for WooCommerce Release Timeline
WishSuite – Wishlist for WooCommerce Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
WishSuite – Wishlist for WooCommerce Attack Surface
AJAX Handlers 8
Shortcodes 3
WordPress Hooks 27
Scheduled Events 1
Maintenance & Trust
WishSuite – Wishlist for WooCommerce Maintenance & Trust
Maintenance Signals
Community Trust
WishSuite – Wishlist for WooCommerce Alternatives
QODE Wishlist for WooCommerce
qode-wishlist-for-woocommerce
Qode Wishlist for WooCommerce plugin is the ideal toolkit for letting your visitors save & share comprehensive lists with their products of interest.
Wishlist for WooCommerce: Multi Wishlists Per Customer
wish-list-for-woocommerce
Increase loyalty & sales by letting customers create, manage & share multiple wishlists on your WooCommerce store.
Addonify – WooCommerce Wishlist
addonify-wishlist
Addonify WooCommerce Wishlist is a light-weight yet powerful tool that adds a wishlist functionality to your e-commerce shop.
Flexible Wishlist for WooCommerce – Ecommerce Wishlist & Save for later
flexible-wishlist
Lightweight and simple WooCommerce wishlist. Increases sales. Fits any theme. Customizes texts and icons. Add to ecommerce wishlist with just 1 click.
Wishlist
wishlist
Add wishlist feature to your WooCommerce product or any post types.
WishSuite – Wishlist for WooCommerce Developer Profile
25 plugins · 64K total installs
How We Detect WishSuite – Wishlist for WooCommerce
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/wishsuite/assets/css/frontend.css/wp-content/plugins/wishsuite/assets/js/wishsuite-frontend.js/wp-content/plugins/wishsuite/assets/js/wishsuite-vendor.js/wp-content/plugins/wishsuite/assets/css/admin.css/wp-content/plugins/wishsuite/assets/js/wishsuite-admin.js/wp-content/plugins/wishsuite/assets/js/wishsuite-vendor.js/wp-content/plugins/wishsuite/assets/js/wishsuite-frontend.js/wp-content/plugins/wishsuite/assets/js/wishsuite-vendor.js/wp-content/plugins/wishsuite/assets/js/wishsuite-admin.jswishsuite/assets/css/frontend.css?ver=wishsuite/assets/js/wishsuite-frontend.js?ver=wishsuite/assets/js/wishsuite-vendor.js?ver=wishsuite/assets/css/admin.css?ver=wishsuite/assets/js/wishsuite-admin.js?ver=HTML / DOM Fingerprints
wishsuite-wrapwishsuite-add-to-wishlistwishsuite-iconwishsuite-buttonwishsuite-header-meta<!-- Start Wishsuite Front End --><!-- End Wishsuite Front End --><!-- Start Wishsuite Admin Dashboard --><!-- End Wishsuite Admin Dashboard -->+5 moredata-wishsuite-product-iddata-wishsuite-user-iddata-wishsuite-added-textdata-wishsuite-remove-textdata-wishsuite-exists-textdata-wishsuite-add-text+1 morewishsuite_frontend_params/wp-json/wishsuite/v1/add_to_wishlist/wp-json/wishsuite/v1/remove_from_wishlist[wishsuite_wishlist_table][wishsuite_wishlist_button][wishsuite_wishlist_count]