WP-Safety

YITH WooCommerce Waitlist Security & Risk Analysis

wordpress.org/plugins/yith-woocommerce-waiting-list

This plugin enables registered users to request an email notification when an out-of-stock product comes back into stock.

3K active installs v2.33.0 PHP 7.4+ WP 6.7+ Updated Feb 26, 2026
out-of-stockstock-notificationwaiting-email-listwaiting-listwoocommerce-waiting
99
A · Safe
CVEs total2
Unpatched0
Last CVEAug 10, 2023
Plugin page Download
Safety Verdict

Is YITH WooCommerce Waitlist Safe to Use in 2026?

Generally Safe

Score 99/100

YITH WooCommerce Waitlist has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Aug 10, 2023Updated 1mo ago
Risk Assessment

The 'yith-woocommerce-waiting-list' plugin version 2.33.0 exhibits a generally good security posture with several strengths. The code analysis shows a strong adherence to secure coding practices, with 100% of SQL queries utilizing prepared statements and a high rate (93%) of properly escaped output. The presence of 16 nonce checks and 19 capability checks further indicates an effort to secure against common web vulnerabilities. There are no identified critical or high severity taint flows, which is a positive sign. Furthermore, there are currently no unpatched CVEs, suggesting prompt vendor response to past vulnerabilities.

However, there are areas of concern that slightly elevate the risk. The plugin exposes 15 total entry points, with 3 of these (AJAX handlers) lacking explicit authentication checks. This is a significant risk as it could allow unauthenticated users to interact with potentially sensitive functionalities. The vulnerability history, while not showing current unpatched issues, does reveal a past high severity vulnerability and a medium one, both of which were of the 'Missing Authorization' type. This pattern suggests that authorization checks are a recurring area of weakness and require continued vigilance. The presence of 2 flows with unsanitized paths in the taint analysis, although not critical or high severity, also warrants attention.

In conclusion, while the plugin demonstrates good core security practices, the unauthenticated AJAX handlers and the historical pattern of missing authorization vulnerabilities represent the most significant risks. The vendor should prioritize addressing the unauthenticated entry points and continue to rigorously audit for authorization bypasses. The current lack of unpatched CVEs and strong SQL/output escaping practices are commendable strengths.

Key Concerns

  • Unauthenticated AJAX handlers
  • Historical high severity vulnerability (Missing Auth)
  • Historical medium severity vulnerability (Missing Auth)
  • Taint flows with unsanitized paths
Vulnerabilities
2

YITH WooCommerce Waitlist Security Vulnerabilities

CVEs by Year

1 CVE in 2022
2022
1 CVE in 2023
2023
Patched Has unpatched

Severity Breakdown

High
1
Medium
1

2 total CVEs

CVE-2023-36506medium · 4.3Missing Authorization

YITH WooCommerce Waiting List <= 2.6.0 - Cross-Site Request forgery via 'save_mail_status'

Aug 10, 2023 Patched in 2.6.1 (166d)
WF-b948574a-0aab-4596-83e6-04be21f78bc1-yith-woocommerce-waiting-listhigh · 7.1Missing Authorization

YITH plugins by YITHEMES <= (Various Versions) - Missing Authorization

Nov 11, 2022 Patched in 1.21.1 (438d)
Code Analysis
Analyzed Mar 16, 2026

YITH WooCommerce Waitlist Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
7 prepared
Unescaped Output
120
1664 escaped
Nonce Checks
16
Capability Checks
19
File Operations
0
External Requests
7
Bundled Libraries
2

Bundled Libraries

TinyMCESelect2

SQL Query Safety

100% prepared7 total queries

Output Escaping

93% escaped1784 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

18 flows2 with unsanitized paths
waiting_submit_ajax (includes\class.yith-wcwtl-frontend.php:379)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

YITH WooCommerce Waitlist Attack Surface

Entry Points15
Unprotected3

AJAX Handlers 13

authwp_ajax_yith_wcwtl_save_email_settingsincludes\class.yith-wcwtl-admin.php:130
noprivwp_ajax_yith_wcwtl_save_email_settingsincludes\class.yith-wcwtl-admin.php:131
authwp_ajax_yith_wcwtl_save_mail_statusincludes\class.yith-wcwtl-admin.php:133
noprivwp_ajax_yith_wcwtl_save_mail_statusincludes\class.yith-wcwtl-admin.php:134
authwp_ajax_yith_wcwtl_submitincludes\class.yith-wcwtl-frontend.php:87
noprivwp_ajax_yith_wcwtl_submitincludes\class.yith-wcwtl-frontend.php:88
authwp_ajax_yith_waitlist_send_mailincludes\class.yith-wcwtl-meta.php:67
noprivwp_ajax_yith_waitlist_send_mailincludes\class.yith-wcwtl-meta.php:68
authwp_ajax_yith_plugin_fw_gutenberg_do_shortcodeplugin-fw\includes\builders\gutenberg\class-yith-gutenberg.php:63
authwp_ajax_yith_plugin_fw_save_toggle_element_metaboxplugin-fw\includes\class-yit-metabox.php:86
authwp_ajax_yith_plugin_fw_save_toggle_elementplugin-fw\includes\class-yit-plugin-panel.php:138
authwp_ajax_yith_bh_onboardingplugin-fw\includes\class-yith-bh-onboarding.php:37
authwp_ajax_yith_create_log_fileplugin-fw\includes\class-yith-system-status.php:101

Shortcodes 2

[ywcwtl_waitlist_table] includes\class.yith-wcwtl-frontend.php:103
[ywcwtl_form] includes\class.yith-wcwtl-frontend.php:105
WordPress Hooks 137
actionadmin_menuincludes\class.yith-wcwtl-admin.php:107
actionadmin_enqueue_scriptsincludes\class.yith-wcwtl-admin.php:109
filteryith_show_plugin_row_metaincludes\class.yith-wcwtl-admin.php:116
actionyith_waiting_list_premiumincludes\class.yith-wcwtl-admin.php:119
actionafter_setup_themeincludes\class.yith-wcwtl-admin.php:122
actionyith_waiting_list_premiumincludes\class.yith-wcwtl-admin.php:124
actionyith_wcwtl_email_settingsincludes\class.yith-wcwtl-admin.php:127
actionyith_wcwtl_print_email_settingsincludes\class.yith-wcwtl-admin.php:128
actionwoocommerce_simple_add_to_cartincludes\class.yith-wcwtl-frontend.php:78
actionwoocommerce_variable_add_to_cartincludes\class.yith-wcwtl-frontend.php:79
actionjck_qv_summaryincludes\class.yith-wcwtl-frontend.php:81
actionyith_wcqv_before_product_summaryincludes\class.yith-wcwtl-frontend.php:82
actioninitincludes\class.yith-wcwtl-frontend.php:84
actiontemplate_redirectincludes\class.yith-wcwtl-frontend.php:90
filterwoocommerce_account_menu_itemsincludes\class.yith-wcwtl-frontend.php:93
actionwoocommerce_account_waiting-list_endpointincludes\class.yith-wcwtl-frontend.php:94
actionwp_enqueue_scriptsincludes\class.yith-wcwtl-frontend.php:97
actionwoocommerce_created_customerincludes\class.yith-wcwtl-frontend.php:100
filterwoocommerce_get_stock_htmlincludes\class.yith-wcwtl-frontend.php:231
actionwoocommerce_stock_htmlincludes\class.yith-wcwtl-frontend.php:234
actionwoocommerce_stock_htmlincludes\class.yith-wcwtl-frontend.php:236
filterwoocommerce_get_stock_htmlincludes\class.yith-wcwtl-frontend.php:266
actionwoocommerce_stock_htmlincludes\class.yith-wcwtl-frontend.php:268
actionyith_wcwtl_schedule_email_sendincludes\class.yith-wcwtl-mailer.php:57
actionyith_waitlist_mail_instock_send_completedincludes\class.yith-wcwtl-mailer.php:58
actionadmin_enqueue_scriptsincludes\class.yith-wcwtl-meta.php:62
actionadd_meta_boxesincludes\class.yith-wcwtl-meta.php:64
filterwoocommerce_email_classesincludes\class.yith-wcwtl.php:72
actionwoocommerce_initincludes\class.yith-wcwtl.php:73
filterwoocommerce_email_stylesincludes\class.yith-wcwtl.php:74
filterinitincludes\class.yith-wcwtl.php:77
filterwp_privacy_personal_data_exportersincludes\class.yith-wcwtl.php:80
filterwp_privacy_personal_data_erasersincludes\class.yith-wcwtl.php:81
actionwoocommerce_checkout_order_processedincludes\class.yith-wcwtl.php:84
actionbefore_woocommerce_initincludes\class.yith-wcwtl.php:92
actionsend_yith_waitlist_mail_instock_notificationincludes\email\class.yith-wcwtl-mail-instock.php:45
filteryith_wcwtl_email_custom_placeholdersincludes\email\class.yith-wcwtl-mail-instock.php:47
filterwoocommerce_email_footer_textincludes\email\class.yith-wcwtl-mail.php:211
actionyith_wcwtl_initinit.php:161
actionadmin_noticesinit.php:173
actionadmin_noticesinit.php:175
actionplugins_loadedinit.php:182
actionelementor/elements/categories_registeredplugin-fw\includes\builders\elementor\class-yith-elementor.php:50
actionelementor/editor/after_enqueue_stylesplugin-fw\includes\builders\elementor\class-yith-elementor.php:52
actionelementor/frontend/after_enqueue_stylesplugin-fw\includes\builders\elementor\class-yith-elementor.php:53
actioninitplugin-fw\includes\builders\gutenberg\class-yith-gutenberg.php:60
actioninitplugin-fw\includes\builders\gutenberg\class-yith-gutenberg.php:61
actioninitplugin-fw\includes\builders\gutenberg\class-yith-gutenberg.php:62
actionwc_ajax_yith_plugin_fw_gutenberg_do_shortcodeplugin-fw\includes\builders\gutenberg\class-yith-gutenberg.php:64
actioninitplugin-fw\includes\class-yit-assets.php:47
actionelementor/editor/before_enqueue_stylesplugin-fw\includes\class-yit-assets.php:48
actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-assets.php:50
actioninitplugin-fw\includes\class-yit-assets.php:52
actionshould_load_block_editor_scripts_and_stylesplugin-fw\includes\class-yit-assets.php:53
actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-icons.php:970
actionwp_enqueue_scriptsplugin-fw\includes\class-yit-icons.php:971
actionadd_meta_boxesplugin-fw\includes\class-yit-metabox.php:80
actionsave_postplugin-fw\includes\class-yit-metabox.php:81
actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-metabox.php:82
filteryit_icons_screen_idsplugin-fw\includes\class-yit-metabox.php:84
filteradmin_body_classplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:93
actionadmin_initplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:94
actionadmin_menuplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:95
actionadmin_menuplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:96
actionadmin_bar_menuplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:97
actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:98
actionadmin_initplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:99
filterwoocommerce_screen_idsplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:100
filterwoocommerce_admin_settings_sanitize_optionplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:102
actionyith_plugin_fw_get_field_afterplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:104
actionadmin_action_yith_plugin_fw_save_toggle_elementplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:105
filterwoocommerce_admin_settings_sanitize_optionplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:106
actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:108
actionadmin_initplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:109
filteryith_plugin_fw_premium_landing_uriplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:112
actionwoocommerce_admin_field_boxinfoplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:126
actionwoocommerce_admin_field_yith-fieldplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:127
filterwoocommerce_admin_settings_sanitize_optionplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:129
actionadmin_menuplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:132
filteradd_menu_classesplugin-fw\includes\class-yit-plugin-panel-woocommerce.php:134
filteradmin_body_classplugin-fw\includes\class-yit-plugin-panel.php:121
actionadmin_initplugin-fw\includes\class-yit-plugin-panel.php:122
actionadmin_menuplugin-fw\includes\class-yit-plugin-panel.php:123
actionadmin_menuplugin-fw\includes\class-yit-plugin-panel.php:124
actionadmin_bar_menuplugin-fw\includes\class-yit-plugin-panel.php:125
actionadmin_initplugin-fw\includes\class-yit-plugin-panel.php:126
actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-plugin-panel.php:128
actionadmin_initplugin-fw\includes\class-yit-plugin-panel.php:129
filteryith_plugin_fw_premium_landing_uriplugin-fw\includes\class-yit-plugin-panel.php:132
actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-plugin-panel.php:137
actionall_admin_noticesplugin-fw\includes\class-yit-plugin-panel.php:242
actionadmin_footerplugin-fw\includes\class-yit-plugin-panel.php:243
filterparent_fileplugin-fw\includes\class-yit-plugin-panel.php:245
filtersubmenu_fileplugin-fw\includes\class-yit-plugin-panel.php:246
actionadmin_menuplugin-fw\includes\class-yit-plugin-panel.php:259
filteradd_menu_classesplugin-fw\includes\class-yit-plugin-panel.php:260
filterremovable_query_argsplugin-fw\includes\class-yit-plugin-panel.php:261
actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-plugin-panel.php:1081
actionadmin_initplugin-fw\includes\class-yit-plugin-panel.php:1082
actionadmin_footerplugin-fw\includes\class-yit-plugin-panel.php:1213
actionadmin_initplugin-fw\includes\class-yit-plugin-subpanel.php:44
actionadmin_menuplugin-fw\includes\class-yit-plugin-subpanel.php:45
actionadmin_bar_menuplugin-fw\includes\class-yit-plugin-subpanel.php:46
actionadmin_initplugin-fw\includes\class-yit-plugin-subpanel.php:47
actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-plugin-subpanel.php:48
actionadmin_enqueue_scriptsplugin-fw\includes\class-yit-pointers.php:118
actionadmin_initplugin-fw\includes\class-yit-pointers.php:119
actionyith_bh_onboardingplugin-fw\includes\class-yith-bh-onboarding.php:36
actionwp_dashboard_setupplugin-fw\includes\class-yith-dashboard.php:146
actionadmin_enqueue_scriptsplugin-fw\includes\class-yith-dashboard.php:147
actionadmin_initplugin-fw\includes\class-yith-post-type-admin.php:65
actioncurrent_screenplugin-fw\includes\class-yith-post-type-admin.php:67
actionedit_form_topplugin-fw\includes\class-yith-post-type-admin.php:70
actionmanage_posts_extra_tablenavplugin-fw\includes\class-yith-post-type-admin.php:119
actionmanage_posts_extra_tablenavplugin-fw\includes\class-yith-post-type-admin.php:120
actionrestrict_manage_postsplugin-fw\includes\class-yith-post-type-admin.php:122
filterrequestplugin-fw\includes\class-yith-post-type-admin.php:123
filterlist_table_primary_columnplugin-fw\includes\class-yith-post-type-admin.php:125
filterpost_row_actionsplugin-fw\includes\class-yith-post-type-admin.php:126
filterpage_row_actionsplugin-fw\includes\class-yith-post-type-admin.php:127
filterdefault_hidden_columnsplugin-fw\includes\class-yith-post-type-admin.php:129
actiondisable_months_dropdownplugin-fw\includes\class-yith-post-type-admin.php:137
filteradmin_body_classplugin-fw\includes\class-yith-system-status.php:95
actionadmin_menuplugin-fw\includes\class-yith-system-status.php:96
actionadmin_initplugin-fw\includes\class-yith-system-status.php:97
actionadmin_noticesplugin-fw\includes\class-yith-system-status.php:98
actionadmin_enqueue_scriptsplugin-fw\includes\class-yith-system-status.php:99
actioninitplugin-fw\includes\class-yith-system-status.php:100
filteryith_plugin_fw_privacy_guide_contentplugin-fw\includes\privacy\class-yith-privacy-plugin-abstract.php:39
actionadmin_initplugin-fw\includes\privacy\class-yith-privacy.php:50
actionplugins_loadedplugin-fw\init.php:94
filterextra_theme_headersplugin-fw\yit-functions.php:602
filteryit_title_special_charactersplugin-fw\yit-functions.php:726
filterplugin_row_metaplugin-fw\yit-plugin.php:56
actionadmin_noticesplugin-fw\yit-plugin.php:298
actionplugins_loadedplugin-fw\yit-plugin.php:300
actionshutdownplugin-fw\yit-woocommerce-compatibility.php:765
Maintenance & Trust

YITH WooCommerce Waitlist Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 26, 2026
PHP min version7.4
Downloads243K

Community Trust

Rating64/100
Number of ratings26
Active installs3K
Alternatives

YITH WooCommerce Waitlist Alternatives

Waitlist Woocommerce ( Back in stock notifier )

Waitlist Woocommerce ( Back in stock notifier )

waitlist-woocommerce

A
98

Build a waiting list for your products and notify customers by email based on product availability.

4K 3 CVEs
Ni WooCommerce Stock Alert Notification

Ni WooCommerce Stock Alert Notification

ni-woocommerce-stock

A
85

Boost customer retention with the Ni WooCommerce Stock Alert plugin, ensuring engagement even when your store products are out of stock.

0 No CVEs
MoreConvert Wishlist for WooCommerce

MoreConvert Wishlist for WooCommerce

smart-wishlist-for-more-convert

A
94

Free: WooCommerce Wishlist, Email automation, Elementor and Premium: Back-in-Stock Notifier, Save For Later, Multi-lists, reports, Email Marketing

9K 6 CVEs
Sold Out Badge for WooCommerce

Sold Out Badge for WooCommerce

sold-out-badge-for-woocommerce

A
85

Display a "Sold Out!" badge on out-of-stock products. Show the text and colors you want. Perfect for artists, artisans, real estate professionals...

9K No CVEs
Out of Stock Message Manager for WooCommerce

Out of Stock Message Manager for WooCommerce

wc-out-of-stock-message

A
100

Out of Stock Message Manager is an official plugin maintained by the Coderstime that add features on the woocommerce product stock out.

3K No CVEs
Developer Profile

YITH WooCommerce Waitlist Developer Profile

YITHEMES

33 plugins · 1.1M total installs

77
trust score
Avg Security Score
97/100
Avg Patch Time
411 days
View full developer profile
Detection Fingerprints

How We Detect YITH WooCommerce Waitlist

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/yith-woocommerce-waiting-list/assets/css/yith_wcwtl_admin.css/wp-content/plugins/yith-woocommerce-waiting-list/assets/js/yith_wcwtl_admin.js/wp-content/plugins/yith-woocommerce-waiting-list/assets/js/yith-wcwtl-user-products-list.js/wp-content/plugins/yith-woocommerce-waiting-list/assets/js/yith-wcwtl-waiting-list.js/wp-content/plugins/yith-woocommerce-waiting-list/assets/js/yith-wcwtl-frontend.js
Script Paths
/wp-content/plugins/yith-woocommerce-waiting-list/plugin-fw/js/plugin-fw.js
Version Parameters
yith-woocommerce-waiting-list/assets/css/yith_wcwtl_admin.css?ver=yith-woocommerce-waiting-list/assets/js/yith_wcwtl_admin.js?ver=yith-woocommerce-waiting-list/assets/js/yith-wcwtl-user-products-list.js?ver=yith-woocommerce-waiting-list/assets/js/yith-wcwtl-waiting-list.js?ver=yith-woocommerce-waiting-list/assets/js/yith-wcwtl-frontend.js?ver=yith-woocommerce-waiting-list/plugin-fw/js/plugin-fw.js?ver=

HTML / DOM Fingerprints

CSS Classes
yith-wcwtl-add-to-waiting-listyith-wcwtl-form-waiting-listywcwtl-already-on-waiting-listyith-wcwtl-waiting-list-formyith-wcwtl-waiting-list-buttonyith-wcwtl-waitlist-buttonyith-wcwtl-added-to-waitinglist
HTML Comments
YITH WooCommerce Waitlist - Admin Settings
Data Attributes
data-plugin-id="yith-woocommerce-waiting-list"data-plugin-version="2.33.0"
JS Globals
yith_wcwtl_frontend_params
FAQ

Frequently Asked Questions about YITH WooCommerce Waitlist