WP-Safety

Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro Security & Risk Analysis

wordpress.org/plugins/back-in-stock-notifier-for-woocommerce

Notify subscribers automatically when products are restocked. Supports Simple, Variable, Grouped, and Subscription types.

20K active installs v7.1.0 PHP 7.4+ WP 4.7+ Updated Apr 15, 2026
emailnotificationoutofstockstockwaitlist
100
A · Safe
CVEs total1
Unpatched0
Last CVEMay 7, 2024
Plugin page Download
Safety Verdict

Is Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro Safe to Use in 2026?

Generally Safe

Score 100/100

Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: May 7, 2024Updated 1mo ago
Risk Assessment

The 'back-in-stock-notifier-for-woocommerce' plugin version 7.0.1 exhibits a generally good security posture with several strengths. The plugin effectively utilizes prepared statements for all its SQL queries and has a high percentage of properly escaped output, indicating a strong defense against common web vulnerabilities like SQL injection and XSS. The absence of critical or high-severity taint flows and dangerous functions is also reassuring. However, there are notable areas for improvement. The presence of two AJAX handlers without authentication checks represents a significant security concern, potentially allowing unauthorized users to trigger sensitive actions. While the vulnerability history shows only one medium-severity CVE, and it is currently patched, the fact that it was a 'Code Injection' vulnerability warrants attention and reinforces the importance of maintaining secure coding practices. Overall, the plugin is well-developed in many security aspects, but the unprotected AJAX endpoints introduce a tangible risk that needs to be addressed.

Key Concerns

  • AJAX handlers without authentication checks
  • One medium severity CVE (patched)
Vulnerabilities
1 published

Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2024-4038medium · 6.5Improper Control of Generation of Code ('Code Injection')

Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro <= 5.3.1 - Unauthenticated Arbitrary Shortcode Execution

May 7, 2024 Patched in 5.3.2 (3d)
Version History

Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro Release Timeline

v7.1.0Current
v7.0.1
v7.0.0
v6.3.3
v6.3.2
v6.3.1
v6.3.0
v6.2.4
v6.2.3
v6.2.2
v6.2.1
v6.2.0
v6.1.2
v6.1.1
v6.1.0
v6.0.9.2
v6.0.9.1
v6.0.9
v6.0.8
v6.0.7
Code Analysis
Analyzed Mar 16, 2026

Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
17 prepared
Unescaped Output
54
364 escaped
Nonce Checks
11
Capability Checks
8
File Operations
0
External Requests
3
Bundled Libraries
0

SQL Query Safety

100% prepared17 total queries

Output Escaping

87% escaped418 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

6 flows
send_manual_mail (includes\admin\class-post-type.php:449)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro Attack Surface

Entry Points10
Unprotected2

AJAX Handlers 8

authwp_ajax_cwginstock_test_emailincludes\admin\class-status.php:13
authwp_ajax_cwginstock_backend_uiincludes\admin\class-status.php:15
authwp_ajax_cwginstock_delete_all_postsincludes\admin\class-status.php:16
authwp_ajax_cwginstock_product_subscribeincludes\class-ajax.php:18
noprivwp_ajax_cwginstock_product_subscribeincludes\class-ajax.php:19
authwp_ajax_woocommerce_json_search_tagsincludes\class-ajax.php:22
authwp_ajax_cwg_trigger_popup_ajaxincludes\class-ajax.php:23
noprivwp_ajax_cwg_trigger_popup_ajaxincludes\class-ajax.php:24

REST API Routes 1

POST/wp-json/back-in-stock/v1/subscriber/create/includes\class-ajax.php:334

Shortcodes 1

[cwginstock_subscribe_form] includes\frontend\class-product.php:28
WordPress Hooks 156
actionwp_enqueue_scriptscwginstocknotifier.php:98
actionadmin_enqueue_scriptscwginstocknotifier.php:99
filterwoocommerce_screen_idscwginstocknotifier.php:100
filteradmin_headcwginstocknotifier.php:101
actionplugins_loadedcwginstocknotifier.php:102
actionbefore_woocommerce_initcwginstocknotifier.php:103
actionwp_dashboard_setupcwginstocknotifier.php:106
filterwoocommerce_email_from_addressincludes\abstract-mailer.php:131
filterwoocommerce_email_from_nameincludes\abstract-mailer.php:132
filterwp_mailincludes\abstract-mailer.php:137
actioninitincludes\admin\class-post-type.php:21
actioninitincludes\admin\class-post-type.php:22
filtermanage_cwginstocknotifier_posts_columnsincludes\admin\class-post-type.php:24
actionmanage_cwginstocknotifier_posts_custom_columnincludes\admin\class-post-type.php:25
filterlist_table_primary_columnincludes\admin\class-post-type.php:26
filtermanage_edit-cwginstocknotifier_sortable_columnsincludes\admin\class-post-type.php:28
actionadmin_headincludes\admin\class-post-type.php:30
filterpost_row_actionsincludes\admin\class-post-type.php:31
actionadmin_action_cwginstock-sendmailincludes\admin\class-post-type.php:33
filterbulk_actions-edit-cwginstocknotifierincludes\admin\class-post-type.php:35
filterhandle_bulk_actions-edit-cwginstocknotifierincludes\admin\class-post-type.php:37
actioncwginstocknotifier_handle_action_mark_status_sentincludes\admin\class-post-type.php:39
actioncwginstocknotifier_handle_action_mark_status_subscribedincludes\admin\class-post-type.php:41
actioncwginstocknotifier_handle_action_mark_status_unsubscribedincludes\admin\class-post-type.php:43
actioncwginstocknotifier_handle_action_send_mailincludes\admin\class-post-type.php:45
actionadmin_menuincludes\admin\class-post-type.php:46
actionrestrict_manage_postsincludes\admin\class-post-type.php:49
filterparse_queryincludes\admin\class-post-type.php:50
filtermanage_product_posts_columnsincludes\admin\class-post-type.php:53
actionmanage_product_posts_custom_columnincludes\admin\class-post-type.php:54
filtermanage_edit-product_sortable_columnsincludes\admin\class-post-type.php:55
actionpre_get_postsincludes\admin\class-post-type.php:56
filterpre_get_postsincludes\admin\class-post-type.php:57
filterwp_untrash_post_statusincludes\admin\class-post-type.php:58
actioncwginstock_manual_email_sentincludes\admin\class-post-type.php:59
filterpost_date_column_statusincludes\admin\class-post-type.php:60
filterpost_date_column_timeincludes\admin\class-post-type.php:61
filterpre_get_postsincludes\admin\class-post-type.php:62
filterposts_clausesincludes\admin\class-post-type.php:63
actionload-edit.phpincludes\admin\class-post-type.php:1007
actionall_admin_noticesincludes\admin\class-post-type.php:1016
actionadmin_menuincludes\admin\class-promotions.php:36
actionadmin_enqueue_scriptsincludes\admin\class-promotions.php:37
actionadmin_menuincludes\admin\class-settings.php:15
actionadmin_initincludes\admin\class-settings.php:16
actionadmin_initincludes\admin\class-settings.php:17
actionadmin_menuincludes\admin\class-status.php:11
actionadmin_headincludes\admin\class-status.php:12
actioncwginstock_send_test_emailincludes\admin\class-status.php:14
actionrest_api_initincludes\class-ajax.php:17
actioncwginstock_ajax_dataincludes\class-ajax.php:20
actioncwginstock_after_insert_subscriberincludes\class-ajax.php:21
actioncwginstock_register_settingsincludes\class-auto-delete.php:11
actioncwg_delete_subscribersincludes\class-auto-delete.php:12
actionbefore_delete_postincludes\class-auto-delete.php:13
actioncwg_instock_after_email_fieldincludes\class-bot-protection.php:17
filtercwgstock_submit_attrincludes\class-bot-protection.php:18
actionwp_enqueue_scriptsincludes\class-bot-protection.php:19
actioncwginstock_register_settingsincludes\class-bot-protection.php:21
filtercwginstock_localization_arrayincludes\class-bot-protection.php:22
actioncwginstock_after_submit_buttonincludes\class-bot-protection.php:23
filtercwginstock_cart_linkincludes\class-cache-buster.php:11
actioncwginstock_before_trigger_statusincludes\class-cache-control.php:13
actioncwginstock_register_settingsincludes\class-copy-mailer.php:14
actioncwginstock_copy_subscription_settingsincludes\class-copy-mailer.php:15
actioncwginstock_settings_defaultincludes\class-copy-mailer.php:16
actionplugins_loadedincludes\class-core.php:14
actionwoocommerce_product_set_stock_statusincludes\class-core.php:15
actionwoocommerce_variation_set_stock_statusincludes\class-core.php:16
actioncwginstock_trigger_statusincludes\class-core.php:17
actioncwg_instock_mail_send_as_copyincludes\class-core.php:18
actioncwg_instock_mail_sent_successincludes\class-core.php:19
actioncwg_instock_bulk_status_actionincludes\class-core.php:20
filtercwginstock_trigger_status_variationincludes\class-core.php:21
filtercwginstock_replace_shortcodeincludes\class-core.php:22
actioncwginstock_notify_processincludes\class-core.php:23
filtercwginstock_trigger_status_productincludes\class-core.php:24
filtercwginstock_trigger_status_variationincludes\class-core.php:25
filtercwg_before_process_instock_emailincludes\class-core.php:26
filtercwg_before_process_instock_emailincludes\class-core.php:27
actioncwginstock_auto_email_sentincludes\class-core.php:28
filterwoocommerce_email_classesincludes\class-email-manager.php:28
actionadmin_initincludes\class-email-manager.php:29
filterwoocommerce_email_from_nameincludes\class-email-manager.php:30
filterwoocommerce_email_from_addressincludes\class-email-manager.php:31
filterwoocommerce_email_headersincludes\class-email-manager.php:32
actiontransition_post_statusincludes\class-keep-status.php:12
filtercwginstock_display_subscribe_formincludes\class-popup.php:10
actioncwginstock_custom_formincludes\class-popup.php:11
actioncwginstock_register_settingsincludes\class-privacy-checkbox.php:16
actioncwginstock_settings_defaultincludes\class-privacy-checkbox.php:17
actioncwg_instock_after_email_fieldincludes\class-privacy-checkbox.php:19
filtercwginstock_localization_arrayincludes\class-privacy-checkbox.php:20
filterwp_privacy_personal_data_exportersincludes\class-privacy.php:12
filterwp_privacy_personal_data_erasersincludes\class-privacy.php:13
actioncwginstock_register_settingsincludes\class-quantity-field.php:15
filtercwginstocknotifier_columnsincludes\class-quantity-field.php:16
actioncwginstock_custom_columnsincludes\class-quantity-field.php:17
actioncwg_instock_after_email_fieldincludes\class-quantity-field.php:18
filtercwginstocknotifier_insert_custom_meta_dataincludes\class-quantity-field.php:19
filtercwginstock_replace_shortcodeincludes\class-quantity-field.php:20
filtercwginstock_cart_linkincludes\class-quantity-field.php:21
actioninitincludes\class-remote-feed.php:63
actionadmin_initincludes\class-remote-feed.php:69
actionrest_api_initincludes\class-rest-api.php:14
filtercwginstock_stop_emailincludes\class-site-checker.php:12
actioncwginstock_register_settingsincludes\class-stock-arrival-settings.php:11
actionadmin_menuincludes\class-stock-arrival.php:16
actioninitincludes\class-stock-arrival.php:17
actionadd_meta_boxesincludes\class-stock-arrival.php:18
actionsave_post_cwginstock_arrivalincludes\class-stock-arrival.php:19
filtermanage_cwginstock_arrival_posts_columnsincludes\class-stock-arrival.php:20
filterparent_fileincludes\class-stock-arrival.php:21
actionmanage_cwginstock_arrival_posts_custom_columnincludes\class-stock-arrival.php:22
filterpost_row_actionsincludes\class-stock-arrival.php:23
actionadmin_noticesincludes\class-stock-arrival.php:24
actioncwginstock_third_partyincludes\class-stock-third-party.php:11
actioncwg_backward_stock_checkincludes\class-stock-third-party.php:12
actioncwginstock_register_settingsincludes\class-troubleshoot.php:14
actiontrashed_postincludes\class-troubleshoot.php:15
actionwoocommerce_before_delete_product_variationincludes\class-troubleshoot.php:16
actioncwgbis_trash_subscriberincludes\class-troubleshoot.php:17
actionupdate_option_cwginstocksettingsincludes\class-troubleshoot.php:19
actionupdate_option_cwginstocksettingsincludes\class-troubleshoot.php:20
actionupgrader_process_completeincludes\class-upgrade.php:14
actioncwg_instock_upgradeincludes\class-upgrade.php:15
actioncwg_sync_instock_dataincludes\class-upgrade.php:16
filterwoocommerce_webhook_topic_hooksincludes\class-webhook.php:12
filterwoocommerce_webhook_topicsincludes\class-webhook.php:13
filterwoocommerce_valid_webhook_eventsincludes\class-webhook.php:14
filterwoocommerce_valid_webhook_resourcesincludes\class-webhook.php:15
filterwoocommerce_webhook_payloadincludes\class-webhook.php:16
actiontransition_post_statusincludes\class-webhook.php:17
actionwoocommerce_simple_add_to_cartincludes\frontend\class-product.php:12
actionwoocommerce_subscription_add_to_cartincludes\frontend\class-product.php:13
actionwoocommerce_bundle_add_to_cartincludes\frontend\class-product.php:14
actionwoocommerce_woosb_add_to_cartincludes\frontend\class-product.php:15
actionwoocommerce_composite_add_to_cartincludes\frontend\class-product.php:16
actionwoocommerce_after_variations_formincludes\frontend\class-product.php:17
filterwoocommerce_available_variationincludes\frontend\class-product.php:19
filterwoocommerce_variation_is_activeincludes\frontend\class-product.php:21
filteroption_woocommerce_hide_out_of_stock_itemsincludes\frontend\class-product.php:23
filterwoocommerce_grouped_product_columnsincludes\frontend\class-product.php:25
filterwoocommerce_grouped_product_list_column_priceincludes\frontend\class-product.php:26
actionwpto_column_bottomincludes\frontend\class-product.php:29
actionwoocommerce_after_shop_loop_itemincludes\frontend\class-product.php:30
filterwoovr_variation_availabilityincludes\frontend\class-product.php:32
actionwoocommerce_event_ticket_manager_add_to_cartincludes\frontend\class-product.php:33
filtercwginstock_locate_templateincludes\frontend\class-product.php:35
filtercwginstock_success_subscription_htmlincludes\frontend\class-product.php:36
filtercwginstock_error_subscription_htmlincludes\frontend\class-product.php:37
filterjet-wc-product-table/components/columns/get-column-contentincludes\frontend\class-product.php:39
filterpvtfw_row_cart_btn_oosincludes\frontend\class-product.php:40
actionwc_bulk_variations_before_cell_descriptionincludes\frontend\class-product.php:41
filterwoocommerce_ajax_variation_thresholdincludes\frontend\class-product.php:44
filtercwginstock_bypass_recaptchaincludes\frontend\class-product.php:409
Maintenance & Trust

Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 15, 2026
PHP min version7.4
Downloads1.0M

Community Trust

Rating94/100
Number of ratings121
Active installs20K
Alternatives

Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro Alternatives

Back In Stock Notifications

Back In Stock Notifications

back-in-stock-notifications

A
100

Notify customers when your products are restocked.

0 No CVEs
Ni WooCommerce Stock Alert Notification

Ni WooCommerce Stock Alert Notification

ni-woocommerce-stock

A
85

Boost customer retention with the Ni WooCommerce Stock Alert plugin, ensuring engagement even when your store products are out of stock.

0 No CVEs
Waitlist Woocommerce ( Back in stock notifier )

Waitlist Woocommerce ( Back in stock notifier )

waitlist-woocommerce

A
98

Build a waiting list for your products and notify customers by email based on product availability.

4K 3 CVEs
YITH WooCommerce Waitlist

YITH WooCommerce Waitlist

yith-woocommerce-waiting-list

A
99

This plugin enables registered users to request an email notification when an out-of-stock product comes back into stock.

3K 2 CVEs
AdMail – Multilingual Back in-Stock Notifier for WooCommerce

AdMail – Multilingual Back in-Stock Notifier for WooCommerce

admail

B
71

AdMail is a WooCommerce extension that enables your customers to subscribe to out-of-stock products and receive an email notification when the product &hellip;

100 1 unpatched
Developer Profile

Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro Developer Profile

ProPluginsLab

2 plugins · 20K total installs

100
trust score
Avg Security Score
100/100
Avg Patch Time
3 days
View full developer profile
Detection Fingerprints

How We Detect Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/back-in-stock-notifier-for-woocommerce/assets/css/frontend.min.css/wp-content/plugins/back-in-stock-notifier-for-woocommerce/assets/css/guest.min.css/wp-content/plugins/back-in-stock-notifier-for-woocommerce/assets/css/bootstrap.min.css/wp-content/plugins/back-in-stock-notifier-for-woocommerce/assets/js/jquery.blockUI.js/wp-content/plugins/back-in-stock-notifier-for-woocommerce/assets/js/frontend-dev.min.js/wp-content/plugins/back-in-stock-notifier-for-woocommerce/assets/js/sweetalert2.min.js/wp-content/plugins/back-in-stock-notifier-for-woocommerce/assets/js/cwg-popup.min.js
Version Parameters
back-in-stock-notifier-for-woocommerce/assets/css/frontend.min.css?ver=back-in-stock-notifier-for-woocommerce/assets/css/guest.min.css?ver=back-in-stock-notifier-for-woocommerce/assets/css/bootstrap.min.css?ver=back-in-stock-notifier-for-woocommerce/assets/js/jquery.blockUI.js?ver=back-in-stock-notifier-for-woocommerce/assets/js/frontend-dev.min.js?ver=back-in-stock-notifier-for-woocommerce/assets/js/sweetalert2.min.js?ver=back-in-stock-notifier-for-woocommerce/assets/js/cwg-popup.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
cwginstock-main-wrapper
HTML Comments
<!-- CWG Instock Notification Button Start --><!-- CWG Instock Notification Button End -->
Data Attributes
data-product_iddata-product_typedata-variant_iddata-swatch_iddata-product_image_urldata-product_title+1 more
JS Globals
cwginstock_frontend_data
REST Endpoints
/wp-json/cwginstocknotifier/v1/stock_notifier
FAQ

Frequently Asked Questions about Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro