WP eCommerce Wishlist Security & Risk Analysis
wordpress.org/plugins/wp-e-commerce-whish-listAn amazing WP eCommerce plugin to implement Wishlist Plugin for WP eCommerce Site.
Is WP eCommerce Wishlist Safe to Use in 2026?
Generally Safe
Score 92/100WP eCommerce Wishlist has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "wp-e-commerce-whish-list" v1.1.7 plugin exhibits several concerning security practices despite a clean vulnerability history. The static analysis reveals a significant attack surface consisting of three AJAX handlers, all of which lack authentication checks. This is a major concern, as it potentially exposes these handlers to unauthorized access and malicious exploitation. Furthermore, the presence of dangerous functions like `unserialize` and `create_function`, coupled with only 20% of output being properly escaped, indicates potential vulnerabilities related to code injection and cross-site scripting (XSS). The lack of nonce checks on AJAX handlers exacerbates these risks, allowing attackers to forge requests. While the plugin does not appear to have any known CVEs and uses prepared statements for its SQL queries, the absence of these fundamental security measures in its entry points and output handling are critical weaknesses. The plugin's vulnerability history is notably absent, which could indicate either diligent security development or simply a lack of past discoveries. However, the static analysis findings present a clear and present danger that requires immediate attention.
Key Concerns
- AJAX handlers without auth checks
- Dangerous functions (unserialize, create_function)
- Low percentage of properly escaped output
- Missing nonce checks on AJAX handlers
- No capability checks on entry points
WP eCommerce Wishlist Security Vulnerabilities
WP eCommerce Wishlist Release Timeline
WP eCommerce Wishlist Code Analysis
Dangerous Functions Found
SQL Query Safety
Output Escaping
WP eCommerce Wishlist Attack Surface
AJAX Handlers 3
WordPress Hooks 4
Maintenance & Trust
WP eCommerce Wishlist Maintenance & Trust
Maintenance Signals
Community Trust
WP eCommerce Wishlist Alternatives
Categorize your Wishlist for Woocomerce,Posts & Custom Post Types
categorize-your-wishlist-for-woocomerceposts-custom-post-types
With this WooCommerce wishlist you can add any product to your wish list. Why should such an amazing feature only be restricted to the eCommerce websi …
YITH WooCommerce Wishlist
yith-woocommerce-wishlist
YITH WooCommerce Wishlist add all Wishlist features to your website. Needs WooCommerce to work. WooCommerce 10.7.x compatible.
WCBoost – Wishlist
wcboost-wishlist
WCBoost - Wishlist lets shoppers create wishlists for later purchases, reminding them of desired items, driving repeat visits and boost sales.
QODE Wishlist for WooCommerce
qode-wishlist-for-woocommerce
Qode Wishlist for WooCommerce plugin is the ideal toolkit for letting your visitors save & share comprehensive lists with their products of interest.
Wishlist for WooCommerce: Multi Wishlists Per Customer
wish-list-for-woocommerce
Increase loyalty & sales by letting customers create, manage & share multiple wishlists on your WooCommerce store.
WP eCommerce Wishlist Developer Profile
44 plugins · 33K total installs
How We Detect WP eCommerce Wishlist
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/wp-e-commerce-whish-list/css/style.css/wp-content/plugins/wp-e-commerce-whish-list/images/heart-icon.png/wp-content/plugins/wp-e-commerce-whish-list/images/notfound.pngwp-e-commerce-whish-list/css/style.css?ver=HTML / DOM Fingerprints
wpecwl_addwpecwl_removeproidloadWishlistajaxurl/wp-json/wp-e-commerce-whish-list/<input type="image" title="Add to Wishlist" src="class="wpecwl_add"proid="" value=" " />