WP-Safety

Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro Security & Risk Analysis

wordpress.org/plugins/back-in-stock-notifier-for-woocommerce

Notify subscribers automatically when products are restocked. Supports Simple, Variable, Grouped, and Subscription types.

20K active installs v7.0.1 PHP 7.4+ WP 4.7+ Updated Mar 4, 2026
emailnotificationoutofstockstockwaitlist
99
A · Safe
CVEs total1
Unpatched0
Last CVEMay 7, 2024
Plugin page Download
Safety Verdict

Is Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro Safe to Use in 2026?

Generally Safe

Score 99/100

Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: May 7, 2024Updated 1mo ago
Risk Assessment

The 'back-in-stock-notifier-for-woocommerce' plugin version 7.0.1 exhibits a generally good security posture with several strengths. The plugin effectively utilizes prepared statements for all its SQL queries and has a high percentage of properly escaped output, indicating a strong defense against common web vulnerabilities like SQL injection and XSS. The absence of critical or high-severity taint flows and dangerous functions is also reassuring. However, there are notable areas for improvement. The presence of two AJAX handlers without authentication checks represents a significant security concern, potentially allowing unauthorized users to trigger sensitive actions. While the vulnerability history shows only one medium-severity CVE, and it is currently patched, the fact that it was a 'Code Injection' vulnerability warrants attention and reinforces the importance of maintaining secure coding practices. Overall, the plugin is well-developed in many security aspects, but the unprotected AJAX endpoints introduce a tangible risk that needs to be addressed.

Key Concerns

  • AJAX handlers without authentication checks
  • One medium severity CVE (patched)
Vulnerabilities
1

Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2024-4038medium · 6.5Improper Control of Generation of Code ('Code Injection')

Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro <= 5.3.1 - Unauthenticated Arbitrary Shortcode Execution

May 7, 2024 Patched in 5.3.2 (3d)
Code Analysis
Analyzed Mar 16, 2026

Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
17 prepared
Unescaped Output
54
364 escaped
Nonce Checks
11
Capability Checks
8
File Operations
0
External Requests
3
Bundled Libraries
0

SQL Query Safety

100% prepared17 total queries

Output Escaping

87% escaped418 total outputs
Data Flows
All sanitized

Data Flow Analysis

6 flows
send_manual_mail (includes\admin\class-post-type.php:449)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro Attack Surface

Entry Points10
Unprotected2

AJAX Handlers 8

authwp_ajax_cwginstock_test_emailincludes\admin\class-status.php:13
authwp_ajax_cwginstock_backend_uiincludes\admin\class-status.php:15
authwp_ajax_cwginstock_delete_all_postsincludes\admin\class-status.php:16
authwp_ajax_cwginstock_product_subscribeincludes\class-ajax.php:18
noprivwp_ajax_cwginstock_product_subscribeincludes\class-ajax.php:19
authwp_ajax_woocommerce_json_search_tagsincludes\class-ajax.php:22
authwp_ajax_cwg_trigger_popup_ajaxincludes\class-ajax.php:23
noprivwp_ajax_cwg_trigger_popup_ajaxincludes\class-ajax.php:24

REST API Routes 1

POST/wp-json/back-in-stock/v1/subscriber/create/includes\class-ajax.php:334

Shortcodes 1

[cwginstock_subscribe_form] includes\frontend\class-product.php:28
WordPress Hooks 156
actionwp_enqueue_scriptscwginstocknotifier.php:98
actionadmin_enqueue_scriptscwginstocknotifier.php:99
filterwoocommerce_screen_idscwginstocknotifier.php:100
filteradmin_headcwginstocknotifier.php:101
actionplugins_loadedcwginstocknotifier.php:102
actionbefore_woocommerce_initcwginstocknotifier.php:103
actionwp_dashboard_setupcwginstocknotifier.php:106
filterwoocommerce_email_from_addressincludes\abstract-mailer.php:131
filterwoocommerce_email_from_nameincludes\abstract-mailer.php:132
filterwp_mailincludes\abstract-mailer.php:137
actioninitincludes\admin\class-post-type.php:21
actioninitincludes\admin\class-post-type.php:22
filtermanage_cwginstocknotifier_posts_columnsincludes\admin\class-post-type.php:24
actionmanage_cwginstocknotifier_posts_custom_columnincludes\admin\class-post-type.php:25
filterlist_table_primary_columnincludes\admin\class-post-type.php:26
filtermanage_edit-cwginstocknotifier_sortable_columnsincludes\admin\class-post-type.php:28
actionadmin_headincludes\admin\class-post-type.php:30
filterpost_row_actionsincludes\admin\class-post-type.php:31
actionadmin_action_cwginstock-sendmailincludes\admin\class-post-type.php:33
filterbulk_actions-edit-cwginstocknotifierincludes\admin\class-post-type.php:35
filterhandle_bulk_actions-edit-cwginstocknotifierincludes\admin\class-post-type.php:37
actioncwginstocknotifier_handle_action_mark_status_sentincludes\admin\class-post-type.php:39
actioncwginstocknotifier_handle_action_mark_status_subscribedincludes\admin\class-post-type.php:41
actioncwginstocknotifier_handle_action_mark_status_unsubscribedincludes\admin\class-post-type.php:43
actioncwginstocknotifier_handle_action_send_mailincludes\admin\class-post-type.php:45
actionadmin_menuincludes\admin\class-post-type.php:46
actionrestrict_manage_postsincludes\admin\class-post-type.php:49
filterparse_queryincludes\admin\class-post-type.php:50
filtermanage_product_posts_columnsincludes\admin\class-post-type.php:53
actionmanage_product_posts_custom_columnincludes\admin\class-post-type.php:54
filtermanage_edit-product_sortable_columnsincludes\admin\class-post-type.php:55
actionpre_get_postsincludes\admin\class-post-type.php:56
filterpre_get_postsincludes\admin\class-post-type.php:57
filterwp_untrash_post_statusincludes\admin\class-post-type.php:58
actioncwginstock_manual_email_sentincludes\admin\class-post-type.php:59
filterpost_date_column_statusincludes\admin\class-post-type.php:60
filterpost_date_column_timeincludes\admin\class-post-type.php:61
filterpre_get_postsincludes\admin\class-post-type.php:62
filterposts_clausesincludes\admin\class-post-type.php:63
actionload-edit.phpincludes\admin\class-post-type.php:1007
actionall_admin_noticesincludes\admin\class-post-type.php:1016
actionadmin_menuincludes\admin\class-promotions.php:36
actionadmin_enqueue_scriptsincludes\admin\class-promotions.php:37
actionadmin_menuincludes\admin\class-settings.php:15
actionadmin_initincludes\admin\class-settings.php:16
actionadmin_initincludes\admin\class-settings.php:17
actionadmin_menuincludes\admin\class-status.php:11
actionadmin_headincludes\admin\class-status.php:12
actioncwginstock_send_test_emailincludes\admin\class-status.php:14
actionrest_api_initincludes\class-ajax.php:17
actioncwginstock_ajax_dataincludes\class-ajax.php:20
actioncwginstock_after_insert_subscriberincludes\class-ajax.php:21
actioncwginstock_register_settingsincludes\class-auto-delete.php:11
actioncwg_delete_subscribersincludes\class-auto-delete.php:12
actionbefore_delete_postincludes\class-auto-delete.php:13
actioncwg_instock_after_email_fieldincludes\class-bot-protection.php:17
filtercwgstock_submit_attrincludes\class-bot-protection.php:18
actionwp_enqueue_scriptsincludes\class-bot-protection.php:19
actioncwginstock_register_settingsincludes\class-bot-protection.php:21
filtercwginstock_localization_arrayincludes\class-bot-protection.php:22
actioncwginstock_after_submit_buttonincludes\class-bot-protection.php:23
filtercwginstock_cart_linkincludes\class-cache-buster.php:11
actioncwginstock_before_trigger_statusincludes\class-cache-control.php:13
actioncwginstock_register_settingsincludes\class-copy-mailer.php:14
actioncwginstock_copy_subscription_settingsincludes\class-copy-mailer.php:15
actioncwginstock_settings_defaultincludes\class-copy-mailer.php:16
actionplugins_loadedincludes\class-core.php:14
actionwoocommerce_product_set_stock_statusincludes\class-core.php:15
actionwoocommerce_variation_set_stock_statusincludes\class-core.php:16
actioncwginstock_trigger_statusincludes\class-core.php:17
actioncwg_instock_mail_send_as_copyincludes\class-core.php:18
actioncwg_instock_mail_sent_successincludes\class-core.php:19
actioncwg_instock_bulk_status_actionincludes\class-core.php:20
filtercwginstock_trigger_status_variationincludes\class-core.php:21
filtercwginstock_replace_shortcodeincludes\class-core.php:22
actioncwginstock_notify_processincludes\class-core.php:23
filtercwginstock_trigger_status_productincludes\class-core.php:24
filtercwginstock_trigger_status_variationincludes\class-core.php:25
filtercwg_before_process_instock_emailincludes\class-core.php:26
filtercwg_before_process_instock_emailincludes\class-core.php:27
actioncwginstock_auto_email_sentincludes\class-core.php:28
filterwoocommerce_email_classesincludes\class-email-manager.php:28
actionadmin_initincludes\class-email-manager.php:29
filterwoocommerce_email_from_nameincludes\class-email-manager.php:30
filterwoocommerce_email_from_addressincludes\class-email-manager.php:31
filterwoocommerce_email_headersincludes\class-email-manager.php:32
actiontransition_post_statusincludes\class-keep-status.php:12
filtercwginstock_display_subscribe_formincludes\class-popup.php:10
actioncwginstock_custom_formincludes\class-popup.php:11
actioncwginstock_register_settingsincludes\class-privacy-checkbox.php:16
actioncwginstock_settings_defaultincludes\class-privacy-checkbox.php:17
actioncwg_instock_after_email_fieldincludes\class-privacy-checkbox.php:19
filtercwginstock_localization_arrayincludes\class-privacy-checkbox.php:20
filterwp_privacy_personal_data_exportersincludes\class-privacy.php:12
filterwp_privacy_personal_data_erasersincludes\class-privacy.php:13
actioncwginstock_register_settingsincludes\class-quantity-field.php:15
filtercwginstocknotifier_columnsincludes\class-quantity-field.php:16
actioncwginstock_custom_columnsincludes\class-quantity-field.php:17
actioncwg_instock_after_email_fieldincludes\class-quantity-field.php:18
filtercwginstocknotifier_insert_custom_meta_dataincludes\class-quantity-field.php:19
filtercwginstock_replace_shortcodeincludes\class-quantity-field.php:20
filtercwginstock_cart_linkincludes\class-quantity-field.php:21
actioninitincludes\class-remote-feed.php:63
actionadmin_initincludes\class-remote-feed.php:69
actionrest_api_initincludes\class-rest-api.php:14
filtercwginstock_stop_emailincludes\class-site-checker.php:12
actioncwginstock_register_settingsincludes\class-stock-arrival-settings.php:11
actionadmin_menuincludes\class-stock-arrival.php:16
actioninitincludes\class-stock-arrival.php:17
actionadd_meta_boxesincludes\class-stock-arrival.php:18
actionsave_post_cwginstock_arrivalincludes\class-stock-arrival.php:19
filtermanage_cwginstock_arrival_posts_columnsincludes\class-stock-arrival.php:20
filterparent_fileincludes\class-stock-arrival.php:21
actionmanage_cwginstock_arrival_posts_custom_columnincludes\class-stock-arrival.php:22
filterpost_row_actionsincludes\class-stock-arrival.php:23
actionadmin_noticesincludes\class-stock-arrival.php:24
actioncwginstock_third_partyincludes\class-stock-third-party.php:11
actioncwg_backward_stock_checkincludes\class-stock-third-party.php:12
actioncwginstock_register_settingsincludes\class-troubleshoot.php:14
actiontrashed_postincludes\class-troubleshoot.php:15
actionwoocommerce_before_delete_product_variationincludes\class-troubleshoot.php:16
actioncwgbis_trash_subscriberincludes\class-troubleshoot.php:17
actionupdate_option_cwginstocksettingsincludes\class-troubleshoot.php:19
actionupdate_option_cwginstocksettingsincludes\class-troubleshoot.php:20
actionupgrader_process_completeincludes\class-upgrade.php:14
actioncwg_instock_upgradeincludes\class-upgrade.php:15
actioncwg_sync_instock_dataincludes\class-upgrade.php:16
filterwoocommerce_webhook_topic_hooksincludes\class-webhook.php:12
filterwoocommerce_webhook_topicsincludes\class-webhook.php:13
filterwoocommerce_valid_webhook_eventsincludes\class-webhook.php:14
filterwoocommerce_valid_webhook_resourcesincludes\class-webhook.php:15
filterwoocommerce_webhook_payloadincludes\class-webhook.php:16
actiontransition_post_statusincludes\class-webhook.php:17
actionwoocommerce_simple_add_to_cartincludes\frontend\class-product.php:12
actionwoocommerce_subscription_add_to_cartincludes\frontend\class-product.php:13
actionwoocommerce_bundle_add_to_cartincludes\frontend\class-product.php:14
actionwoocommerce_woosb_add_to_cartincludes\frontend\class-product.php:15
actionwoocommerce_composite_add_to_cartincludes\frontend\class-product.php:16
actionwoocommerce_after_variations_formincludes\frontend\class-product.php:17
filterwoocommerce_available_variationincludes\frontend\class-product.php:19
filterwoocommerce_variation_is_activeincludes\frontend\class-product.php:21
filteroption_woocommerce_hide_out_of_stock_itemsincludes\frontend\class-product.php:23
filterwoocommerce_grouped_product_columnsincludes\frontend\class-product.php:25
filterwoocommerce_grouped_product_list_column_priceincludes\frontend\class-product.php:26
actionwpto_column_bottomincludes\frontend\class-product.php:29
actionwoocommerce_after_shop_loop_itemincludes\frontend\class-product.php:30
filterwoovr_variation_availabilityincludes\frontend\class-product.php:32
actionwoocommerce_event_ticket_manager_add_to_cartincludes\frontend\class-product.php:33
filtercwginstock_locate_templateincludes\frontend\class-product.php:35
filtercwginstock_success_subscription_htmlincludes\frontend\class-product.php:36
filtercwginstock_error_subscription_htmlincludes\frontend\class-product.php:37
filterjet-wc-product-table/components/columns/get-column-contentincludes\frontend\class-product.php:39
filterpvtfw_row_cart_btn_oosincludes\frontend\class-product.php:40
actionwc_bulk_variations_before_cell_descriptionincludes\frontend\class-product.php:41
filterwoocommerce_ajax_variation_thresholdincludes\frontend\class-product.php:44
filtercwginstock_bypass_recaptchaincludes\frontend\class-product.php:409
Maintenance & Trust

Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 4, 2026
PHP min version7.4
Downloads1.0M

Community Trust

Rating94/100
Number of ratings121
Active installs20K
Alternatives

Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro Alternatives

Back In Stock Notifications

Back In Stock Notifications

back-in-stock-notifications

A
100

Notify customers when your products are restocked.

0 No CVEs
Ni WooCommerce Stock Alert Notification

Ni WooCommerce Stock Alert Notification

ni-woocommerce-stock

A
85

Boost customer retention with the Ni WooCommerce Stock Alert plugin, ensuring engagement even when your store products are out of stock.

0 No CVEs
Waitlist Woocommerce ( Back in stock notifier )

Waitlist Woocommerce ( Back in stock notifier )

waitlist-woocommerce

A
98

Build a waiting list for your products and notify customers by email based on product availability.

4K 3 CVEs
YITH WooCommerce Waitlist

YITH WooCommerce Waitlist

yith-woocommerce-waiting-list

A
99

This plugin enables registered users to request an email notification when an out-of-stock product comes back into stock.

3K 2 CVEs
AdMail – Multilingual Back in-Stock Notifier for WooCommerce

AdMail – Multilingual Back in-Stock Notifier for WooCommerce

admail

B
70

AdMail is a WooCommerce extension that enables your customers to subscribe to out-of-stock products and receive an email notification when the product &hellip;

100 1 unpatched
Developer Profile

Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro Developer Profile

ProPluginsLab

2 plugins · 20K total installs

100
trust score
Avg Security Score
100/100
Avg Patch Time
3 days
View full developer profile
Detection Fingerprints

How We Detect Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/back-in-stock-notifier-for-woocommerce/assets/css/frontend.min.css/wp-content/plugins/back-in-stock-notifier-for-woocommerce/assets/css/guest.min.css/wp-content/plugins/back-in-stock-notifier-for-woocommerce/assets/css/bootstrap.min.css/wp-content/plugins/back-in-stock-notifier-for-woocommerce/assets/js/jquery.blockUI.js/wp-content/plugins/back-in-stock-notifier-for-woocommerce/assets/js/frontend-dev.min.js/wp-content/plugins/back-in-stock-notifier-for-woocommerce/assets/js/sweetalert2.min.js/wp-content/plugins/back-in-stock-notifier-for-woocommerce/assets/js/cwg-popup.min.js
Version Parameters
back-in-stock-notifier-for-woocommerce/assets/css/frontend.min.css?ver=back-in-stock-notifier-for-woocommerce/assets/css/guest.min.css?ver=back-in-stock-notifier-for-woocommerce/assets/css/bootstrap.min.css?ver=back-in-stock-notifier-for-woocommerce/assets/js/jquery.blockUI.js?ver=back-in-stock-notifier-for-woocommerce/assets/js/frontend-dev.min.js?ver=back-in-stock-notifier-for-woocommerce/assets/js/sweetalert2.min.js?ver=back-in-stock-notifier-for-woocommerce/assets/js/cwg-popup.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
cwginstock-main-wrapper
HTML Comments
<!-- CWG Instock Notification Button Start --><!-- CWG Instock Notification Button End -->
Data Attributes
data-product_iddata-product_typedata-variant_iddata-swatch_iddata-product_image_urldata-product_title+1 more
JS Globals
cwginstock_frontend_data
REST Endpoints
/wp-json/cwginstocknotifier/v1/stock_notifier
FAQ

Frequently Asked Questions about Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro