Does WP Smart Wishlist have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Smart Wishlist have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Smart Wishlist compatible with WordPress 4.1.42?

According to WordPress.org data, WP Smart Wishlist 2.0 has been tested up to WordPress 4.1.42. Check the plugin's changelog for the latest compatibility information.

How often is WP Smart Wishlist updated?

WP Smart Wishlist was last updated on Jan 23, 2018. Frequent updates are generally a positive security signal.

What is WP Smart Wishlist's security score?

WP Smart Wishlist has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Smart Wishlist Security & Risk Analysis

wordpress.org/plugins/wp-smart-wishlist

This is Wish List Plugin for WP eCommerce Site.

10 active installs v2.0 PHP + WP 3.0+ Updated Jan 23, 2018

productssaved-productswishlistwp-ecommercewp-ecommerce-wishlist

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is WP Smart Wishlist Safe to Use in 2026?

Generally Safe

Score 85/100

WP Smart Wishlist has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The "wp-smart-wishlist" v2.0 plugin presents a significant security risk due to a lack of proper authentication and output escaping mechanisms. The static analysis reveals a concerningly large attack surface with three AJAX handlers, all of which lack authentication checks. This means any unauthenticated user could potentially trigger these functions, leading to unintended actions. Furthermore, none of the identified output points are properly escaped, opening the door to cross-site scripting (XSS) vulnerabilities. The presence of dangerous functions like `unserialize` and `create_function` also raises red flags, as these can be exploited if user-supplied data is not rigorously validated and sanitized. While the plugin demonstrates good practices by using prepared statements for SQL queries and has no recorded vulnerability history, these strengths are overshadowed by the critical flaws in its attack surface and output handling. The absence of nonce checks further exacerbates the risk associated with the unprotected AJAX endpoints.

Key Concerns

Unprotected AJAX handlers
Unescaped output
Missing nonce checks on AJAX
Presence of dangerous functions

Vulnerabilities

None known

WP Smart Wishlist Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

WP Smart Wishlist Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$array = unserialize ( $wishlist );install.php:88

unserialize$array = unserialize ( $wishlist );install.php:107

unserialize$array = unserialize ( $wishlist );install.php:126

create_functionadd_action( 'widgets_init', create_function('', 'return register_widget("WishlistWidget");') );install.php:217

Output Escaping

0% escaped14 total outputs

Attack Surface

3 unprotected

WP Smart Wishlist Attack Surface

Entry Points3

Unprotected3

AJAX Handlers 3

authwp_ajax_add_wish_listinstall.php:79

authwp_ajax_remove_wish_listinstall.php:98

authwp_ajax_load_wish_listinstall.php:118

WordPress Hooks 4

actionwpsc_product_form_fields_endinstall.php:27

actionwp_footerinstall.php:28

actionwp_headinstall.php:29

actionwidgets_initinstall.php:217

Maintenance & Trust

WP Smart Wishlist Maintenance & Trust

Maintenance Signals

WordPress version tested4.1.42

Last updatedJan 23, 2018

PHP min version

Downloads3K

Community Trust

Rating100/100

Number of ratings1

Active installs10

Alternatives

WP Smart Wishlist Alternatives

WCBoost – Wishlist

wcboost-wishlist

100

WCBoost - Wishlist lets shoppers create wishlists for later purchases, reminding them of desired items, driving repeat visits and boost sales.

30K No CVEs

Wishlist for WooCommerce

wt-woocommerce-wishlist

This WooCommerce wishlist plugin adds a wishlist feature to your WooCommerce store. Let the users easily add and manage products from their wishlist p …

800 1 CVE

Easy Wishlist

easy-wishlist

100

The Easy Wishlist Plugin provides a wishlist solution for ecommerce websites. Users can wishlist products and view them anytime.

100 No CVEs

Wishlist and Compare for WooCommerce

wishlist-and-compare

Enhance your WooCommerce store with our Wishlist & Compare Plugin. Let customers save favorite products and compare features for informed decisions.

100 1 CVE

Advanced Product Wishlist for Woocommerce

advanced-product-wishlist-for-woo

Advanced Product Wishlist add all Wishlist features to your website. Needs WooCommerce to work..

80 No CVEs

Developer Profile

WP Smart Wishlist Developer Profile

Rajan Vijayan

5 plugins · 130 total installs

trust score

Avg Security Score

81/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP Smart Wishlist

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-smart-wishlist/css/custom.css

HTML / DOM Fingerprints

CSS Classes

addWishlistwishlist-tableWishlistWidget

Data Attributes

proid

JS Globals

loadWishlistremoveWishlist

REST Endpoints

/wp-json/

Shortcode Output

<input type="button" value="Add to Wishlist " class="addWishlist"

FAQ