WP-Safety

AdMail – Multilingual Back in-Stock Notifier for WooCommerce Security & Risk Analysis

wordpress.org/plugins/admail

AdMail is a WooCommerce extension that enables your customers to subscribe to out-of-stock products and receive an email notification when the product …

100 active installs v1.7.0 PHP 7.2+ WP 5.9+ Updated Mar 3, 2025
multilingualproduct-availabilitystock-notificationswaitlistwoocommerce
71
B · Generally Safe
CVEs total1
Unpatched1
Last CVEApr 4, 2025
Plugin page Download
Safety Verdict

Is AdMail – Multilingual Back in-Stock Notifier for WooCommerce Safe to Use in 2026?

Mostly Safe

Score 71/100

AdMail – Multilingual Back in-Stock Notifier for WooCommerce is generally safe to use though it hasn't been updated recently. 1 past CVE were resolved.

1 known CVE 1 unpatched Last CVE: Apr 4, 2025Updated 1yr ago
Risk Assessment

The 'admail' plugin v1.7.0 exhibits a mixed security posture. While it demonstrates good practices in output escaping and the use of prepared statements for SQL queries, significant concerns arise from its extensive attack surface and lack of robust authorization checks. A large proportion of its AJAX handlers, which represent potential entry points for attackers, are not protected by authentication, posing a substantial risk of unauthorized actions. The presence of multiple unsanitized taint flows, particularly those categorized as high severity, further amplifies these concerns, indicating potential for data manipulation or execution of unintended code. The plugin's history of a medium-severity vulnerability, although recently patched, alongside the persistent issue of missing authorization, suggests a recurring weakness in how user privileges and access are managed. The plugin's strengths lie in its careful handling of output and database interactions, but these are overshadowed by significant vulnerabilities in its access control mechanisms. Users should proceed with caution and consider disabling or thoroughly auditing the plugin.

Key Concerns

  • Unprotected AJAX handlers
  • High severity unsanitized taint flows
  • Missing capability checks
  • Unpatched CVE
  • Use of unserialize function
  • Multiple flows with unsanitized paths
  • Low number of nonce checks
Vulnerabilities
1 published

AdMail – Multilingual Back in-Stock Notifier for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-32234medium · 4.3Missing Authorization

AdMail – Multilingual Back in-Stock Notifier for WooCommerce <= 1.7.0 - Missing Authorization

Apr 4, 2025Unpatched
Version History

AdMail – Multilingual Back in-Stock Notifier for WooCommerce Release Timeline

v1.7.0Current1 CVE
CVE-2025-32234
v1.6.91 CVE
CVE-2025-32234
v1.6.81 CVE
CVE-2025-32234
v1.6.71 CVE
CVE-2025-32234
v1.6.61 CVE
CVE-2025-32234
v1.6.51 CVE
CVE-2025-32234
v1.6.41 CVE
CVE-2025-32234
v1.6.31 CVE
CVE-2025-32234
v1.6.11 CVE
CVE-2025-32234
v1.6.01 CVE
CVE-2025-32234
v1.5.61 CVE
CVE-2025-32234
v1.5.51 CVE
CVE-2025-32234
v1.5.41 CVE
CVE-2025-32234
Code Analysis
Analyzed Mar 16, 2026

AdMail – Multilingual Back in-Stock Notifier for WooCommerce Code Analysis

Dangerous Functions
10
Raw SQL Queries
13
41 prepared
Unescaped Output
54
569 escaped
Nonce Checks
2
Capability Checks
0
File Operations
5
External Requests
1
Bundled Libraries
0

Dangerous Functions Found

unserialize$existing_settings = unserialize($existing_settings);includes\admin.php:232
unserialize$value = unserialize($wpdb->get_col($sql)[0]);includes\functions.php:569
unserialize$data = unserialize($wpdb->get_col($sql)[0]);includes\functions.php:589
unserialize$unserialized_item = unserialize($item);includes\functions.php:617
unserialize$data = unserialize($result[0]);includes\functions.php:640
unserialize$data_array = unserialize($existing_row->value);includes\functions.php:666
unserialize$social_media_links = unserialize(ambisn_get_setting('social_icons'));includes\mail_templates\email_parent_template.php:26
unserialize$existing_settings = unserialize($existing_settings);includes\on_plugin_activate.php:115
unserialize$social_media_links = unserialize(ambisn_get_setting('social_icons'));includes\settings_page.php:454
unserialize$social_media_links = unserialize(ambisn_get_setting('social_icons'));includes\template_preview.php:57

SQL Query Safety

76% prepared54 total queries

Output Escaping

91% escaped623 total outputs
Data Flows · Security
9 unsanitized

Data Flow Analysis

11 flows9 with unsanitized paths
ambisn_update_items_per_page (includes\admin.php:722)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
12 unprotected

AdMail – Multilingual Back in-Stock Notifier for WooCommerce Attack Surface

Entry Points18
Unprotected12

AJAX Handlers 16

authwp_ajax_ambisn_load_most_wanted_productsincludes\admin.php:720
authwp_ajax_ambisn_update_items_per_pageincludes\admin.php:743
authwp_ajax_ambisn_update_emails_per_pageincludes\admin.php:764
authwp_ajax_ambisn_load_table_pagination_rowsincludes\admin.php:801
authwp_ajax_ambisn_load_tab_contentincludes\admin.php:842
authwp_ajax_ajax_dev_form_submissionincludes\dev-functions.php:77
authwp_ajax_ambisn_snooze_feedback_popupincludes\dev-functions.php:140
authwp_ajax_ambisn_popup_improve_feedbackincludes\dev-functions.php:160
authwp_ajax_ajax_ambisn_subscribeincludes\functions.php:1190
noprivwp_ajax_ajax_ambisn_subscribeincludes\functions.php:1191
authwp_ajax_ajax_ambisn_unsubscribeincludes\functions.php:1390
noprivwp_ajax_ajax_ambisn_unsubscribeincludes\functions.php:1391
authwp_ajax_ambisn_manage_subscriptionincludes\functions.php:1525
authwp_ajax_ajax_ambisn_settingsincludes\functions.php:1584
authwp_ajax_ambisn_search_productincludes\functions.php:1831
authwp_ajax_ambisn_get_migration_progressincludes\to_subscriptions_table_migration.php:385

Shortcodes 2

[admail_subscription_form] includes\functions.php:1869
[admail_product_subscriptions_page] includes\functions.php:1921
WordPress Hooks 34
actionadmin_menuincludes\admin.php:7
actioncurrent_screenincludes\admin.php:863
actioninitincludes\dev-functions.php:80
filterwoocommerce_single_product_summaryincludes\functions.php:7
actiontemplate_redirectincludes\functions.php:90
actionwp_headincludes\functions.php:210
filterwoocommerce_grouped_product_list_column_labelincludes\functions.php:421
actiontemplate_redirectincludes\functions.php:509
actiontemplate_redirectincludes\functions.php:721
filterbody_classincludes\functions.php:727
actionwp_headincludes\functions.php:728
filterbody_classincludes\functions.php:751
actionwp_headincludes\functions.php:752
actionwoocommerce_simple_add_to_cartincludes\functions.php:900
actionwoocommerce_simple_add_to_cartincludes\functions.php:902
actionwoocommerce_after_add_to_cart_formincludes\functions.php:922
actionwoocommerce_after_add_to_cart_formincludes\functions.php:924
actionwoocommerce_after_variations_formincludes\functions.php:930
actionwoocommerce_after_variations_formincludes\functions.php:932
actionwoocommerce_single_variationincludes\functions.php:936
actionwoocommerce_after_add_to_cart_buttonincludes\functions.php:938
actionwoocommerce_update_productincludes\functions.php:1683
filterquery_varsincludes\functions.php:1904
filterwoocommerce_account_menu_itemsincludes\functions.php:1905
actionwoocommerce_account_product-subscriptions_endpointincludes\functions.php:1906
actionwp_insert_postincludes\functions.php:1966
actionambisn_subscription_migration_eventincludes\to_subscriptions_table_migration.php:64
actionambisn_subscription_migration_eventincludes\to_subscriptions_table_migration.php:68
actionambisn_migrate_subscriptions_end_eventincludes\to_subscriptions_table_migration.php:368
actionadmin_noticesincludes\to_subscriptions_table_migration.php:444
actioninitindex.php:67
actionadmin_enqueue_scriptsindex.php:90
actionwp_enqueue_scriptsindex.php:95
actioninitindex.php:153

Scheduled Events 6

ambisn_subscription_migration_event
ambisn_migrate_subscriptions_end_event
ambisn_migration_get_product_ids_task
ambisn_migrate_subscriptions_end_event
ambisn_migrate_subscriptions_end_event
ambisn_migrate_subscriptions_task
Maintenance & Trust

AdMail – Multilingual Back in-Stock Notifier for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedMar 3, 2025
PHP min version7.2
Downloads9K

Community Trust

Rating100/100
Number of ratings8
Active installs100
Alternatives

AdMail – Multilingual Back in-Stock Notifier for WooCommerce Alternatives

WPML Multilingual & Multicurrency for WooCommerce

WPML Multilingual & Multicurrency for WooCommerce

woocommerce-multilingual

A
94

Make your store multilingual and enable multiple currencies.

100K 5 CVEs
MoreConvert Wishlist for WooCommerce

MoreConvert Wishlist for WooCommerce

smart-wishlist-for-more-convert

A
94

Free: WooCommerce Wishlist, Email automation, Elementor and Premium: Back-in-Stock Notifier, Save For Later, Multi-lists, reports, Email Marketing

9K 6 CVEs
Hyyan WooCommerce Polylang Integration

Hyyan WooCommerce Polylang Integration

woo-poly-integration

C
63

Given that I am not using Wordpress these days and I haven't really been using WooPoly for a while. I am looking for maintainers to take over thi &hellip;

9K 1 unpatched
Linguise – AI Automatic Multilingual Translation

Linguise – AI Automatic Multilingual Translation

linguise

A
100

Linguise is a top-quality automatic AI translation with a front-end translation editor. 5' install, SEO-optimized translations, 85+ languages

1K No CVEs
MultilingualPress

MultilingualPress

multilingual-press

A
92

Create a fast translation network on WordPress multisite.

200 No CVEs
Developer Profile

AdMail – Multilingual Back in-Stock Notifier for WooCommerce Developer Profile

aleswebs

3 plugins · 100 total installs

80
trust score
Avg Security Score
80/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect AdMail – Multilingual Back in-Stock Notifier for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/admail/assets/css/wp_styles.css/wp-content/plugins/admail/assets/css/admin.css/wp-content/plugins/admail/assets/css/admin_overview.css/wp-content/plugins/admail/assets/js/admin_table.js/wp-content/plugins/admail/assets/js/admin_scripts.js/wp-content/plugins/admail/assets/js/settings.js/wp-content/plugins/admail/assets/css/styles.css
Script Paths
/wp-content/plugins/admail/assets/js/admin_table.js/wp-content/plugins/admail/assets/js/admin_scripts.js/wp-content/plugins/admail/assets/js/settings.js
Version Parameters
admail/assets/css/wp_styles.css?ver=admail/assets/css/admin.css?ver=admail/assets/css/admin_overview.css?ver=admail/assets/js/admin_table.js?ver=admail/assets/js/admin_scripts.js?ver=admail/assets/css/styles.css?ver=admail/assets/js/settings.js?ver=

HTML / DOM Fingerprints

CSS Classes
ambisn-subscription-formambisn-wrapperambisn-button-disabled
Data Attributes
data-plugin-urldata-admin-url
JS Globals
ambisn_script_vars
FAQ

Frequently Asked Questions about AdMail – Multilingual Back in-Stock Notifier for WooCommerce