WP-Safety

11za Chat and Notification Security & Risk Analysis

wordpress.org/plugins/11za-chat-and-notification

Recover your lost revenue by sending automatic cart abandonment messages on WhatsApp. Send transaction related updates on WhatsApp.

10 active installs v1.0.1 PHP 7.2+ WP 5.2+ Updated Jul 31, 2025
abandonedcart-recoverywhatsappwoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is 11za Chat and Notification Safe to Use in 2026?

Generally Safe

Score 100/100

11za Chat and Notification has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9mo ago
Risk Assessment

The "11za-chat-and-notification" plugin v1.0.1 exhibits a significantly concerning security posture due to a large number of unprotected entry points. All 4 AJAX handlers and 4 REST API routes lack proper authentication or permission checks, creating a substantial attack surface that is entirely open to unauthenticated users. This is further exacerbated by the presence of the `unserialize` function, a known source of vulnerabilities if used with untrusted input. While the plugin demonstrates good practices in other areas, such as using prepared statements for all SQL queries and a high percentage of properly escaped output, these strengths are overshadowed by the critical flaws in access control.

Key Concerns

  • Unprotected AJAX handlers
  • Unprotected REST API routes
  • Dangerous function (unserialize)
  • Taint flow with unsanitized path (high severity)
  • Taint flow with unsanitized path (high severity)
  • Missing nonce checks on AJAX handlers
  • Missing capability checks on entry points
Vulnerabilities
None known

11za Chat and Notification Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

11za Chat and Notification Release Timeline

v1.0.1Current
Code Analysis
Analyzed Mar 17, 2026

11za Chat and Notification Code Analysis

Dangerous Functions
4
Raw SQL Queries
0
16 prepared
Unescaped Output
4
43 escaped
Nonce Checks
0
Capability Checks
3
File Operations
0
External Requests
2
Bundled Libraries
0

Dangerous Functions Found

unserialize$cart_content = unserialize( $result->cart_contents );modules\cart-abandonment\class-11za-cart-abandonment.php:354
unserialize$other_fields = unserialize( $result->other_fields );modules\cart-abandonment\class-11za-cart-abandonment.php:386
unserialize$other_fields = unserialize( $checkoutDetails->other_fields );modules\cart-abandonment\class-11za-cart-abandonment.php:639
unserialize$cart_contents = unserialize( $checkoutDetails->cart_contents );modules\cart-abandonment\class-11za-cart-abandonment.php:641

SQL Query Safety

100% prepared16 total queries

Output Escaping

91% escaped47 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
getCheckoutInfo (modules\cart-abandonment\class-11za-cart-abandonment.php:776)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
8 unprotected

11za Chat and Notification Attack Surface

Entry Points8
Unprotected8

AJAX Handlers 4

authwp_ajax_11za_cartflows_save_cart_abandonment_datamodules\cart-abandonment\class-11za-cart-abandonment.php:46
noprivwp_ajax_11za_cartflows_save_cart_abandonment_datamodules\cart-abandonment\class-11za-cart-abandonment.php:47
authwp_ajax_engees_11za_set_wordpress_domain_to_integration_servicemodules\cart-abandonment\class-11za-cart-abandonment.php:49
noprivwp_ajax_engees_11za_set_wordpress_domain_to_integration_servicemodules\cart-abandonment\class-11za-cart-abandonment.php:50

REST API Routes 4

GET/wp-json/api/v1/getWoocommerceInfomodules\cart-abandonment\class-11za-cart-abandonment.php:53
GET/wp-json/api/v1/getAccessTokenmodules\cart-abandonment\class-11za-cart-abandonment.php:59
GET/wp-json/api/v1/getOrderInfomodules\cart-abandonment\class-11za-cart-abandonment.php:66
GET/wp-json/api/v1/getCheckoutInfomodules\cart-abandonment\class-11za-cart-abandonment.php:72
WordPress Hooks 13
actionplugins_loadedclasses\class-11za-loader.php:68
actionadmin_noticesclasses\class-11za-loader.php:100
actionadmin_initclasses\class-11za-settings.php:29
actionadmin_menumodules\cart-abandonment\class-11za-cart-abandonment.php:41
actionadmin_enqueue_scriptsmodules\cart-abandonment\class-11za-cart-abandonment.php:42
actionwoocommerce_after_checkout_formmodules\cart-abandonment\class-11za-cart-abandonment.php:43
actionrest_api_initmodules\cart-abandonment\class-11za-cart-abandonment.php:52
actionrest_api_initmodules\cart-abandonment\class-11za-cart-abandonment.php:58
actionrest_api_initmodules\cart-abandonment\class-11za-cart-abandonment.php:65
actionrest_api_initmodules\cart-abandonment\class-11za-cart-abandonment.php:71
filterjwt_auth_whitelistmodules\cart-abandonment\class-11za-cart-abandonment.php:78
filterwpmodules\cart-abandonment\class-11za-cart-abandonment.php:87
actionwoocommerce_order_status_changedmodules\cart-abandonment\class-11za-cart-abandonment.php:88
Maintenance & Trust

11za Chat and Notification Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJul 31, 2025
PHP min version7.2
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

11za Chat and Notification Alternatives

WATI Chat and Notification

WATI Chat and Notification

wati-chat-and-notification

A
91

Recover your lost revenue by sending automatic cart abandonment messages on WhatsApp. Send transaction related updates on WhatsApp.

700 1 CVE
CartSaver Chat Recovery

CartSaver Chat Recovery

cartsaver-chat-recovery

A
100

Recover WooCommerce abandoned carts automatically via Official WhatsApp API or one-click manual links.

0 No CVEs
MegaSend for WooCommerce

MegaSend for WooCommerce

megasend-for-woocommerce

A
100

Recover abandoned carts and boost sales with automated WhatsApp messages powered by MegaSend.

0 No CVEs
Quick Cart Recovery

Quick Cart Recovery

quick-cart-recovery

A
100

Recover lost WooCommerce sales instantly via WhatsApp chat. A lightweight and powerful abandoned cart recovery tool.

0 No CVEs
ShopNotify – Personalized Cart Recovery for WooCommerce

ShopNotify – Personalized Cart Recovery for WooCommerce

shopnotify

A
92

Track abandoned carts for logged-in and guest users in WooCommerce, send automated WhatsApp reminders, and gain insights into cart recovery and abando …

0 No CVEs
Developer Profile

11za Chat and Notification Developer Profile

Nirmitkumar Choraria

1 plugin · 10 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect 11za Chat and Notification

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/11za-chat-and-notification/modules/cart-abandonment/assets/js/admin-settings.js/wp-content/plugins/11za-chat-and-notification/modules/cart-abandonment/assets/js/cart-abandonment-tracking.js/wp-content/plugins/11za-chat-and-notification/modules/cart-abandonment/assets/css/admin-settings.css
Script Paths
/wp-content/plugins/11za-chat-and-notification/modules/cart-abandonment/assets/js/admin-settings.js/wp-content/plugins/11za-chat-and-notification/modules/cart-abandonment/assets/js/cart-abandonment-tracking.js

HTML / DOM Fingerprints

CSS Classes
engees-11za-chat-and-notification
HTML Comments
<!-- 11ZA Chat & Notification -->
Data Attributes
data-integration-service-urldata-site-iddata-wp-11za-domaindata-api-key
JS Globals
ENGEES_11ZA_CARTFLOWS_CART_ABANDONMENT_TRACKING_DIRENGEES_11ZA_CARTFLOWS_CART_ABANDONMENT_TRACKING_URLENGEES_11ZA_CART_ABANDONED_ORDERENGEES_11ZA_CART_COMPLETED_ORDERENGEES_11ZA_CART_LOST_ORDERENGEES_11ZA_CART_NORMAL_ORDER+14 more
REST Endpoints
/wp-json/api/v1/getWoocommerceInfo/wp-json/api/v1/getAccessToken/wp-json/api/v1/getOrderInfo/wp-json/api/v1/getCheckoutInfo
FAQ

Frequently Asked Questions about 11za Chat and Notification