WP-Safety

WPC Smart Wishlist for WooCommerce Security & Risk Analysis

wordpress.org/plugins/woo-smart-wishlist

WPC Smart Wishlist is a simple but powerful tool that can help your customer save products for buying later.

100K active installs v5.1.0 PHP + WP 4.0+ Updated Mar 14, 2026
wait-listwishlistwoocommercewpc
95
A · Safe
CVEs total5
Unpatched0
Last CVEOct 17, 2025
Plugin page Download
Safety Verdict

Is WPC Smart Wishlist for WooCommerce Safe to Use in 2026?

Generally Safe

Score 95/100

WPC Smart Wishlist for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

5 known CVEsLast CVE: Oct 17, 2025Updated 20d ago
Risk Assessment

The "woo-smart-wishlist" v5.1.0 plugin presents a mixed security posture. On the positive side, the static analysis indicates a robust approach to securing its entry points, with all AJAX handlers, REST API routes, and shortcodes appearing to have authorization checks. The heavy reliance on prepared statements for SQL queries and a high percentage of properly escaped output are also encouraging signs. The absence of file operations and taint analysis revealing no unsanitized paths further bolster its security.

However, the presence of three instances of the `unserialize` function is a significant concern, as it can lead to deserialization vulnerabilities if not handled with extreme care and if untrusted data is processed. While the taint analysis did not reveal immediate critical or high severity issues related to this, it remains a potential attack vector. The vulnerability history, with 5 medium severity CVEs primarily related to missing authorization, authorization bypass, CSRF, and XSS, suggests a pattern of past weaknesses in input validation and authorization, even though none are currently unpatched.

In conclusion, while the current version shows improvements in securing entry points and handling SQL and output, the continued presence of `unserialize` and the historical pattern of authorization and XSS vulnerabilities warrant caution. A thorough review of how serialized data is handled and ensuring robust input sanitization across all potential vectors would be advisable to strengthen its overall security.

Key Concerns

  • Dangerous function 'unserialize' detected
  • 5 medium severity CVEs in history
  • Historical vulnerabilities: Missing Authorization
  • Historical vulnerabilities: CSRF
  • Historical vulnerabilities: XSS
Vulnerabilities
5

WPC Smart Wishlist for WooCommerce Security Vulnerabilities

CVEs by Year

2 CVEs in 2022
2022
1 CVE in 2023
2023
2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
5

5 total CVEs

CVE-2025-11742medium · 4.3Missing Authorization

WPC Smart Wishlist for WooCommerce <= 5.0.4 - Missing Authorization to Authenticated (Subscriber+) Information Exposure

Oct 17, 2025 Patched in 5.0.5 (1d)
CVE-2025-11518medium · 5.3Authorization Bypass Through User-Controlled Key

WPC Smart Wishlist for WooCommerce <= 5.0.3 - Insecure Direct Object Reference to Unauthenticated Wishlist Manipulation

Oct 10, 2025 Patched in 5.0.4 (1d)
CVE-2023-34386medium · 4.3Cross-Site Request Forgery (CSRF)

WPC Smart Wishlist for WooCommerce <= 4.7.1 - Cross-Site Request Forgery via wishlist_add and wishlist_remove

Jun 3, 2023 Patched in 4.7.2 (234d)
CVE-2022-1465medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WPC Smart Wishlist for WooCommerce <= 2.9.8 - Reflected Cross-Site Scripting

Apr 25, 2022 Patched in 2.9.9 (638d)
CVE-2022-0397medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WPC Smart Wishlist for WooCommerce <= 2.9.3 - Reflected Cross-Site Scripting

Mar 1, 2022 Patched in 2.9.4 (693d)
Code Analysis
Analyzed Mar 16, 2026

WPC Smart Wishlist for WooCommerce Code Analysis

Dangerous Functions
3
Raw SQL Queries
0
8 prepared
Unescaped Output
91
358 escaped
Nonce Checks
21
Capability Checks
3
File Operations
0
External Requests
3
Bundled Libraries
1

Dangerous Functions Found

unserialize$plugins = unserialize( $response['body'] );includes\dashboard\wpc-dashboard.php:101
unserialize$plugins = unserialize( $response['body'] );includes\dashboard\wpc-dashboard.php:179
unserialize$plugins = unserialize( $response['body'] );includes\kit\wpc-kit.php:98

Bundled Libraries

jQuery

SQL Query Safety

100% prepared8 total queries

Output Escaping

80% escaped449 total outputs
Data Flows
All sanitized

Data Flow Analysis

10 flows
ajax_export (includes\dashboard\wpc-dashboard.php:215)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

WPC Smart Wishlist for WooCommerce Attack Surface

Entry Points11
Unprotected0

AJAX Handlers 6

authwp_ajax_wpc_get_pluginsincludes\dashboard\wpc-dashboard.php:9
authwp_ajax_wpc_get_suggestionincludes\dashboard\wpc-dashboard.php:10
authwp_ajax_wpc_exportincludes\dashboard\wpc-dashboard.php:11
authwp_ajax_wpc_importincludes\dashboard\wpc-dashboard.php:12
authwp_ajax_wpc_get_essential_kitincludes\kit\wpc-kit.php:22
authwp_ajax_wishlist_quickviewwpc-smart-wishlist.php:137

Shortcodes 5

[woosw] wpc-smart-wishlist.php:197
[woosw_btn] wpc-smart-wishlist.php:198
[woosw_link] wpc-smart-wishlist.php:199
[woosw_list] wpc-smart-wishlist.php:200
[woosw_table] wpc-smart-wishlist.php:201
WordPress Hooks 49
actionadmin_enqueue_scriptsincludes\dashboard\wpc-dashboard.php:7
actionadmin_menuincludes\dashboard\wpc-dashboard.php:8
actionbefore_woocommerce_initincludes\hpos.php:7
actionadmin_enqueue_scriptsincludes\kit\wpc-kit.php:20
actionadmin_menuincludes\kit\wpc-kit.php:21
actionplugins_loadedwpc-smart-wishlist.php:42
actionadmin_noticeswpc-smart-wishlist.php:46
filterquery_varswpc-smart-wishlist.php:71
actioninitwpc-smart-wishlist.php:72
actionadmin_initwpc-smart-wishlist.php:75
filterpre_update_optionwpc-smart-wishlist.php:76
actionadmin_menuwpc-smart-wishlist.php:77
filterwoocommerce_account_menu_itemswpc-smart-wishlist.php:81
actionwoocommerce_account_wishlist_endpointwpc-smart-wishlist.php:82
actionwp_enqueue_scriptswpc-smart-wishlist.php:86
actionadmin_enqueue_scriptswpc-smart-wishlist.php:89
actiontemplate_redirectwpc-smart-wishlist.php:92
actionwoocommerce_add_to_cartwpc-smart-wishlist.php:96
actionwc_ajax_woosw_addwpc-smart-wishlist.php:100
actionwc_ajax_woosw_removewpc-smart-wishlist.php:103
actionwc_ajax_woosw_emptywpc-smart-wishlist.php:106
actionwc_ajax_woosw_loadwpc-smart-wishlist.php:109
actionwc_ajax_woosw_load_countwpc-smart-wishlist.php:112
actionwc_ajax_woosw_load_listwpc-smart-wishlist.php:115
actionwc_ajax_woosw_get_datawpc-smart-wishlist.php:118
filterplugin_action_linkswpc-smart-wishlist.php:121
filterplugin_row_metawpc-smart-wishlist.php:122
filterwp_nav_menu_itemswpc-smart-wishlist.php:125
actionwp_footerwpc-smart-wishlist.php:128
filtermanage_edit-product_columnswpc-smart-wishlist.php:131
actionmanage_product_posts_custom_columnwpc-smart-wishlist.php:132
filtermanage_edit-product_sortable_columnswpc-smart-wishlist.php:133
filterrequestwpc-smart-wishlist.php:134
filterdisplay_post_stateswpc-smart-wishlist.php:140
actionwp_loginwpc-smart-wishlist.php:143
actionwp_logoutwpc-smart-wishlist.php:144
filtermanage_users_columnswpc-smart-wishlist.php:147
filtermanage_users_custom_columnwpc-smart-wishlist.php:148
filterwp_dropdown_catswpc-smart-wishlist.php:151
filterwcml_multi_currency_ajax_actionswpc-smart-wishlist.php:154
filterwpcsm_locationswpc-smart-wishlist.php:157
filterwoosw_disable_nonce_checkwpc-smart-wishlist.php:160
actionwoocommerce_shop_loop_item_titlewpc-smart-wishlist.php:209
actionwoocommerce_shop_loop_item_titlewpc-smart-wishlist.php:212
actionwoocommerce_after_shop_loop_item_titlewpc-smart-wishlist.php:215
actionwoocommerce_after_shop_loop_item_titlewpc-smart-wishlist.php:218
actionwoocommerce_after_shop_loop_itemwpc-smart-wishlist.php:224
actionwoocommerce_after_shop_loop_itemwpc-smart-wishlist.php:227
actionwoocommerce_single_product_summarywpc-smart-wishlist.php:242
Maintenance & Trust

WPC Smart Wishlist for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 14, 2026
PHP min version
Downloads2.6M

Community Trust

Rating96/100
Number of ratings34
Active installs100K
Alternatives

WPC Smart Wishlist for WooCommerce Alternatives

YITH WooCommerce Wishlist

YITH WooCommerce Wishlist

yith-woocommerce-wishlist

A
92

YITH WooCommerce Wishlist add all Wishlist features to your website. Needs WooCommerce to work. WooCommerce 10.6.x compatible.

500K 6 CVEs
TI WooCommerce Wishlist

TI WooCommerce Wishlist

ti-woocommerce-wishlist

B
77

Boost your sales with a free WooCommerce Wishlist feature. Let your customers save and share their favorite products!

100K 9 CVEs
WPC Smart Quick View for WooCommerce

WPC Smart Quick View for WooCommerce

woo-smart-quick-view

A
96

WPC Smart Quick View allows users to get a quick look at products without opening the product page.

100K 3 CVEs
WPC Smart Compare for WooCommerce

WPC Smart Compare for WooCommerce

woo-smart-compare

A
98

It helps customers compare products with mighty AJAX, doesn't require opening a new page or iframe, and allows drag-and-drop functionality.

80K 2 CVEs
WCBoost – Wishlist

WCBoost – Wishlist

wcboost-wishlist

A
100

WCBoost - Wishlist lets shoppers create wishlists for later purchases, reminding them of desired items, driving repeat visits and boost sales.

30K No CVEs
Developer Profile

WPC Smart Wishlist for WooCommerce Developer Profile

WPClever

71 plugins · 441K total installs

87
trust score
Avg Security Score
99/100
Avg Patch Time
68 days
View full developer profile
Detection Fingerprints

How We Detect WPC Smart Wishlist for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/woo-smart-wishlist/assets/css/frontend.css/wp-content/plugins/woo-smart-wishlist/assets/js/frontend.js/wp-content/plugins/woo-smart-wishlist/assets/js/wishlist.js/wp-content/plugins/woo-smart-wishlist/assets/css/admin.css/wp-content/plugins/woo-smart-wishlist/assets/js/admin.js
Script Paths
/wp-content/plugins/woo-smart-wishlist/assets/js/frontend.js/wp-content/plugins/woo-smart-wishlist/assets/js/wishlist.js/wp-content/plugins/woo-smart-wishlist/assets/js/admin.js
Version Parameters
/wp-content/plugins/woo-smart-wishlist/assets/css/frontend.css?ver=/wp-content/plugins/woo-smart-wishlist/assets/js/frontend.js?ver=/wp-content/plugins/woo-smart-wishlist/assets/js/wishlist.js?ver=/wp-content/plugins/woo-smart-wishlist/assets/css/admin.css?ver=/wp-content/plugins/woo-smart-wishlist/assets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
woosw-wishlistwoosw-add-to-wishlistwoosw-buttonwoosw-wishlist-countwoosw-remove-wishlistwoosw-move-to-cart
Data Attributes
data-woosw-iddata-product-id
JS Globals
woosw_params
REST Endpoints
/wp-json/woosw/v1/add/wp-json/woosw/v1/remove/wp-json/woosw/v1/empty/wp-json/woosw/v1/load/wp-json/woosw/v1/load_count/wp-json/woosw/v1/load_list/wp-json/woosw/v1/get_data/wp-json/woosw/v1/wishlist_quickview
FAQ

Frequently Asked Questions about WPC Smart Wishlist for WooCommerce