WP-Safety

Auto Mail – Abandoned Cart Recovery, Newsletter Builder & Marketing Automation for WooCommerce Security & Risk Analysis

wordpress.org/plugins/auto-mail

Auto Mail is an WordPress email plugin that make you can manage your customer relationships, build your email lists, send email campaigns, build funne …

10 active installs v1.2.31 PHP + WP 4.0+ Updated Apr 15, 2026
abandoned-cartcart-abandonmentcouponemail-marketing-automationwoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Auto Mail – Abandoned Cart Recovery, Newsletter Builder & Marketing Automation for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Auto Mail – Abandoned Cart Recovery, Newsletter Builder & Marketing Automation for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "auto-mail" v1.2.26 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices with a high percentage of SQL queries using prepared statements and a significant portion of outputs being properly escaped. The plugin also has a clean vulnerability history with no recorded CVEs, suggesting a history of responsible development. However, significant concerns arise from the attack surface analysis. Notably, one AJAX handler and one REST API route lack proper authentication checks, creating potential entry points for unauthorized actions. The presence of the `unserialize` function, even if only once, is a red flag, especially if it processes untrusted user input. The taint analysis revealing two high-severity flows with unsanitized paths further amplifies these concerns, indicating potential for attackers to manipulate data or execute malicious code. While the lack of historical vulnerabilities is encouraging, the static analysis highlights critical areas that require immediate attention to mitigate potential risks.

Key Concerns

  • Unprotected AJAX handler
  • Unprotected REST API route
  • High severity taint flows
  • Use of unserialize function
Vulnerabilities
None known

Auto Mail – Abandoned Cart Recovery, Newsletter Builder & Marketing Automation for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Auto Mail – Abandoned Cart Recovery, Newsletter Builder & Marketing Automation for WooCommerce Release Timeline

No version history available.
Code Analysis
Analyzed Mar 17, 2026

Auto Mail – Abandoned Cart Recovery, Newsletter Builder & Marketing Automation for WooCommerce Code Analysis

Dangerous Functions
1
Raw SQL Queries
1
24 prepared
Unescaped Output
144
622 escaped
Nonce Checks
22
Capability Checks
16
File Operations
16
External Requests
2
Bundled Libraries
2

Dangerous Functions Found

unserialize$meta_value = unserialize($meta[0]->meta_value);includes\helpers\helper-triggers.php:86

Bundled Libraries

Freemius1.0Guzzle

SQL Query Safety

96% prepared25 total queries

Output Escaping

81% escaped766 total outputs
Data Flows · Security
9 unsanitized

Data Flow Analysis

19 flows9 with unsanitized paths
do_export (admin\classes\class-admin-ajax.php:187)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Auto Mail – Abandoned Cart Recovery, Newsletter Builder & Marketing Automation for WooCommerce Attack Surface

Entry Points23
Unprotected2

AJAX Handlers 22

authwp_ajax_auto_mail_save_automationadmin\classes\class-admin-ajax.php:24
authwp_ajax_auto_mail_save_formadmin\classes\class-admin-ajax.php:25
authwp_ajax_auto_mail_load_formadmin\classes\class-admin-ajax.php:26
noprivwp_ajax_auto_mail_load_formadmin\classes\class-admin-ajax.php:27
authwp_ajax_am_form_submitadmin\classes\class-admin-ajax.php:28
noprivwp_ajax_am_form_submitadmin\classes\class-admin-ajax.php:29
authwp_ajax_auto_mail_save_designadmin\classes\class-admin-ajax.php:31
authwp_ajax_auto_mail_process_campaignadmin\classes\class-admin-ajax.php:32
authwp_ajax_auto_mail_save_subscriberadmin\classes\class-admin-ajax.php:33
authwp_ajax_auto_mail_save_listadmin\classes\class-admin-ajax.php:34
authwp_ajax_auto_mail_save_settingsadmin\classes\class-admin-ajax.php:35
authwp_ajax_auto_mail_test_emailadmin\classes\class-admin-ajax.php:36
authwp_ajax_am_send_test_emailadmin\classes\class-admin-ajax.php:37
authwp_ajax_auto_mail_import_handleradmin\classes\class-admin-ajax.php:40
authwp_ajax_auto_mail_show_import_dataadmin\classes\class-admin-ajax.php:41
authwp_ajax_auto_mail_do_importadmin\classes\class-admin-ajax.php:42
authwp_ajax_auto_mail_mailchimp_verifyadmin\classes\class-admin-ajax.php:43
authwp_ajax_auto_mail_do_exportadmin\classes\class-admin-ajax.php:46
authwp_ajax_auto_mail_download_export_fileadmin\classes\class-admin-ajax.php:49
authwp_ajax_am_save_cart_abandonment_dataadmin\classes\class-admin-ajax.php:52
noprivwp_ajax_am_save_cart_abandonment_dataadmin\classes\class-admin-ajax.php:53
authwp_ajax_auto_mail_generate_automationadmin\classes\class-admin-ajax.php:56

REST API Routes 1

GET/wp-json/automail/v1/templateauto-mail.php:436
WordPress Hooks 33
actionadmin_menuadmin\abstracts\class-admin-module.php:46
actionadmin_headadmin\abstracts\class-admin-module.php:47
actionadmin_menu_editor-menu_replacedadmin\abstracts\class-admin-module.php:50
filtersubmenu_fileadmin\abstracts\class-admin-module.php:52
actionadmin_enqueue_scriptsadmin\abstracts\class-admin-page.php:275
actioninitadmin\abstracts\class-admin-page.php:276
actionadmin_menuadmin\classes\class-admin.php:29
actionadmin_menuadmin\classes\class-admin.php:87
actionadmin_menuadmin\classes\class-admin.php:111
actionadmin_menuadmin\classes\class-admin.php:135
actionadmin_menuadmin\classes\class-admin.php:159
actionadmin_menuadmin\classes\class-admin.php:186
actionadmin_menuadmin\classes\class-admin.php:213
actionadmin_initauto-mail.php:101
actionadmin_initauto-mail.php:164
actionwp_enqueue_scriptsauto-mail.php:172
actionplugins_loadedauto-mail.php:399
actionplugins_loadedauto-mail.php:403
actionplugins_loadedauto-mail.php:404
actionrest_api_initauto-mail.php:433
actioninitauto-mail.php:460
actionwp_footerauto-mail.php:462
actionauto_mail_pre_initincludes\automations\integration-action.php:47
actionafter_setup_themeincludes\automations\integration-action.php:50
actionam_automation_execute_actionincludes\automations\integration-action.php:54
actionauto_mail_post_initincludes\automations\integration-trigger.php:46
actionafter_setup_themeincludes\automations\integration-trigger.php:49
actionwoocommerce_order_status_changedincludes\class-cart-tracking.php:47
filtercron_schedulesincludes\class-schedule.php:45
actionam_cron_hookincludes\class-schedule.php:125
actionam_automation_cron_hookincludes\class-schedule.php:160
filterwp_mail_content_typeincludes\helpers\helper-functions.php:91
filterfilesystem_methodincludes\helpers\helper-import.php:70

Scheduled Events 7

am_cron_hook
am_cron_hook
am_cron_hook
am_cron_hook
am_cron_hook
am_cron_hook
am_automation_cron_hook
Maintenance & Trust

Auto Mail – Abandoned Cart Recovery, Newsletter Builder & Marketing Automation for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 15, 2026
PHP min version
Downloads10K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Auto Mail – Abandoned Cart Recovery, Newsletter Builder & Marketing Automation for WooCommerce Alternatives

CartBounty – Save and recover abandoned carts for WooCommerce

CartBounty – Save and recover abandoned carts for WooCommerce

woo-save-abandoned-carts

A
99

Save abandoned carts and send automated abandoned cart recovery messages. Get more leads, reduce cart abandonment, and increase sales.

10K 1 CVE
Abandoned Cart Reports For WooCommerce

Abandoned Cart Reports For WooCommerce

wc-abandoned-carts-by-small-fish-analytics

A
85

A simple plugin to see how many carts and which products your customers are abandoning

2K No CVEs
Recapture for WooCommerce

Recapture for WooCommerce

recapture-for-woocommerce

A
99

Recapture is the easiest and most effective way to recover abandoned carts and do SMS and email marketing for your WooCommerce store in WordPress.

300 1 CVE
Benchmark Email for WooCommerce

Benchmark Email for WooCommerce

woo-benchmark-email

A
100

Connects WooCommerce with Benchmark Email - syncing customers and abandoned carts.

200 No CVEs
Recover Exit For WooCommerce

Recover Exit For WooCommerce

recoverexit-for-woocommerce

A
85

Stop cart and checkout abandonment in minutes with RecoverExit for WooCommerce, easily offer users an instant discount when exit intension is detected …

0 No CVEs
Developer Profile

Auto Mail – Abandoned Cart Recovery, Newsletter Builder & Marketing Automation for WooCommerce Developer Profile

wphobby

16 plugins · 220 total installs

86
trust score
Avg Security Score
88/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Auto Mail – Abandoned Cart Recovery, Newsletter Builder & Marketing Automation for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/auto-mail/assets/css/front.css/wp-content/plugins/auto-mail/assets/js/front/render-form.js/wp-content/plugins/auto-mail/assets/js/front/cart-abandonment-tracking.js
Script Paths
/wp-content/plugins/auto-mail/assets/js/front/render-form.js/wp-content/plugins/auto-mail/assets/js/front/cart-abandonment-tracking.js
Version Parameters
auto-mail/assets/css/front.css?ver=auto-mail/assets/js/front/render-form.js?ver=auto-mail/assets/js/front/cart-abandonment-tracking.js?ver=

HTML / DOM Fingerprints

JS Globals
auto_mail_ajax_urlauto-mail-form-frontam-cart-trackingauto_mail_activation_hookAuto_MailAUTO_MAIL_DIR+11 more
FAQ

Frequently Asked Questions about Auto Mail – Abandoned Cart Recovery, Newsletter Builder & Marketing Automation for WooCommerce