Does Cart Notices for WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in Cart Notices for WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Cart Notices for WooCommerce compatible with WordPress 6.9.4?

According to WordPress.org data, Cart Notices for WooCommerce 3.6.2.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Cart Notices for WooCommerce compatible with PHP 7.0+?

Cart Notices for WooCommerce requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Cart Notices for WooCommerce updated?

Cart Notices for WooCommerce was last updated on Mar 12, 2026. Frequent updates are generally a positive security signal.

What is Cart Notices for WooCommerce's security score?

Cart Notices for WooCommerce has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Cart Notices for WooCommerce Security & Risk Analysis

wordpress.org/plugins/cart-notices-for-woocommerce

Display on cart page notices based on products and product categories in cart, cart cost, current day and time, customer referrer.

2K active installs v3.6.2.3 PHP 7.0+ WP 5.0+ Updated Mar 12, 2026

cart-adcart-alertscart-messagecart-noticecheckout-notice

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Cart Notices for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Cart Notices for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 22d ago

Risk Assessment

The plugin "cart-notices-for-woocommerce" v3.6.2.3 exhibits a generally strong security posture based on the provided static analysis. A significant strength is the complete absence of unprotected entry points (AJAX, REST API, shortcodes, cron events). All identified AJAX handlers and REST API routes appear to have appropriate authentication and permission checks in place. Furthermore, the plugin exclusively uses prepared statements for SQL queries, which is an excellent practice to prevent SQL injection vulnerabilities. Nonce checks and capability checks are also implemented across the identified entry points, contributing to a robust defense against common web attacks.

Despite these strengths, there are a few areas that warrant attention. The presence of the `unserialize` function is a potential risk if it processes untrusted user input without proper sanitization or validation. While the taint analysis shows no unsanitized flows, this function remains a sensitive operation. Additionally, the output escaping is only at 42%, indicating a significant number of outputs are not properly escaped. This could lead to Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is reflected in the output without sufficient escaping. The plugin's vulnerability history is clean, with no recorded CVEs, suggesting good past development practices, but the potential risks from `unserialize` and low output escaping should not be overlooked.

In conclusion, the plugin demonstrates good adherence to fundamental security principles like robust authentication, prepared SQL statements, and nonce usage. However, the identified use of `unserialize` and the low percentage of properly escaped outputs present potential attack vectors. The absence of past vulnerabilities is a positive indicator, but proactive mitigation of the identified code signals is recommended to maintain a high level of security.

Key Concerns

Unescaped output (42% properly escaped)
Dangerous function used (unserialize)

Vulnerabilities

None known

Cart Notices for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Cart Notices for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

133

98 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$error_log = unserialize(preg_replace('/R:\d+/', 's:18:"RECURSION DETECTED"', serialize(self::$errorberocket\includes\updater.php:128

Output Escaping

42% escaped231 total outputs

Data Flows

All sanitized

Data Flow Analysis

8 flows

<framework> (berocket\framework.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Cart Notices for WooCommerce Attack Surface

Entry Points14

Unprotected0

AJAX Handlers 13

authwp_ajax_brfr_get_export_settingsberocket\includes\admin\import_export.php:5

authwp_ajax_brfr_set_import_settingsberocket\includes\admin\import_export.php:6

authwp_ajax_brfr_get_import_backupsberocket\includes\admin\import_export.php:7

authwp_ajax_brfr_restore_import_backupsberocket\includes\admin\import_export.php:8

authwp_ajax_berocket_admin_close_noticeberocket\includes\admin_notices.php:1199

authwp_ajax_berocket_subscribe_emailberocket\includes\admin_notices.php:1200

authwp_ajax_berocket_rate_stars_closeberocket\includes\admin_notices.php:1208

authwp_ajax_berocket_feature_request_sendberocket\includes\admin_notices.php:1209

authwp_ajax_berocket_error_notices_getberocket\includes\error_notices.php:5

authwp_ajax_berocket_information_close_noticeberocket\includes\information_notices.php:198

authwp_ajax_br_test_keyberocket\includes\updater.php:46

authwp_ajax_br_test_keysberocket\includes\updater.php:47

authwp_ajax_brcn_cart_noticedivi\includes\CartNoticeExtension.php:13

Shortcodes 1

[br_cart_notices] main.php:82

WordPress Hooks 108

filterplugins_listberocket\framework.php:84

filterBeRocket_updater_add_pluginberocket\framework.php:105

filterberocket_admin_notices_rate_stars_pluginsberocket\framework.php:106

actioninitberocket\framework.php:107

actioninitberocket\framework.php:110

actionwp_headberocket\framework.php:111

actionwp_footerberocket\framework.php:112

actionadmin_initberocket\framework.php:113

actionadmin_menuberocket\framework.php:114

actionadmin_enqueue_scriptsberocket\framework.php:115

actionberocket_enqueue_mediaberocket\framework.php:116

filterplugin_row_metaberocket\framework.php:122

filteris_berocket_settings_pageberocket\framework.php:123

actionplugins_loadedberocket\framework.php:128

actionsanitize_comment_cookiesberocket\framework.php:129

actioninstall_plugins_pre_plugin-informationberocket\framework.php:130

filterberocket_admin_notices_subscribe_pluginsberocket\framework.php:132

filterBeRocket_admin_init_user_capabilitiesberocket\framework.php:135

filterberocket_sanitize_array_predefineberocket\framework.php:136

filterberocket_sanitize_array_ksesberocket\framework.php:137

filterberocket_sanitize_array_ksesberocket\framework.php:140

actionbefore_woocommerce_initberocket\framework.php:150

filterloop_shop_per_pageberocket\framework.php:391

actionupgrader_process_completeberocket\framework.php:499

actionadmin_footerberocket\framework.php:1158

actionwp_footerberocket\framework.php:1159

actionadmin_initberocket\framework.php:1273

actionadmin_bar_menuberocket\includes\admin\admin_bar.php:8

actionwp_footerberocket\includes\admin\admin_bar.php:9

filterberocket_admin_bar_plugins_databerocket\includes\admin\admin_bar.php:149

actionBeRocket_framework_updater_account_form_afterberocket\includes\admin\import_export.php:4

filterberocket_admin_notice_is_display_noticeberocket\includes\admin_notices.php:75

filterberocket_admin_notice_is_display_notice_priorityberocket\includes\admin_notices.php:76

actionadmin_noticesberocket\includes\admin_notices.php:1198

actionadmin_noticesberocket\includes\admin_notices.php:1207

actionberocket_rate_plugin_windowberocket\includes\admin_notices.php:1210

actionberocket_related_plugins_windowberocket\includes\admin_notices.php:1211

actionberocket_above_admin_settingsberocket\includes\admin_notices.php:1212

actionberocket_feature_request_windowberocket\includes\admin_notices.php:1213

actionadmin_footerberocket\includes\admin_notices.php:1285

actionadmin_footerberocket\includes\admin_notices.php:1493

actionadmin_footerberocket\includes\admin_notices.php:1922

actionadmin_footerberocket\includes\admin_notices.php:2079

actioninitberocket\includes\custom_post\enable_disable.php:9

actionadmin_initberocket\includes\custom_post\enable_disable.php:10

actionpost_action_enableberocket\includes\custom_post\enable_disable.php:13

actionpost_action_disableberocket\includes\custom_post\enable_disable.php:14

filterpost_classberocket\includes\custom_post\enable_disable.php:16

filterpre_get_postsberocket\includes\custom_post\enable_disable.php:18

actionpre_get_postsberocket\includes\custom_post\sortable.php:22

actionin_admin_footerberocket\includes\custom_post\sortable.php:117

actioninitberocket\includes\custom_post.php:58

filterinitberocket\includes\custom_post.php:59

filteradmin_initberocket\includes\custom_post.php:60

filterwp_insert_post_databerocket\includes\custom_post.php:61

filterBeRocket_admin_init_user_capabilitiesberocket\includes\custom_post.php:71

actionadd_meta_boxesberocket\includes\custom_post.php:128

actionsave_postberocket\includes\custom_post.php:129

filterpost_row_actionsberocket\includes\custom_post.php:130

filterlist_table_primary_columnberocket\includes\custom_post.php:131

actionadmin_enqueue_scriptsberocket\includes\custom_post.php:133

filteris_berocket_settings_pageberocket\includes\custom_post.php:135

actionadmin_footerberocket\includes\custom_post.php:162

actionadmin_noticesberocket\includes\information_notices.php:197

actionadmin_initberocket\includes\updater.php:18

filterwoocommerce_addons_sectionsberocket\includes\updater.php:27

filteris_berocket_settings_pageberocket\includes\updater.php:28

actionadmin_footerberocket\includes\updater.php:30

actionadmin_headberocket\includes\updater.php:39

actionadmin_menuberocket\includes\updater.php:40

actionadmin_menuberocket\includes\updater.php:41

actionnetwork_admin_menuberocket\includes\updater.php:42

actionadmin_initberocket\includes\updater.php:43

filterpre_set_site_transient_update_pluginsberocket\includes\updater.php:44

filterplugins_api_resultberocket\includes\updater.php:45

filterhttp_request_host_is_externalberocket\includes\updater.php:48

actionadmin_footerberocket\includes\updater.php:51

actionwp_footerberocket\includes\updater.php:52

filterberocket_display_additional_noticesberocket\includes\updater.php:92

filtercustom_menu_orderberocket\includes\updater.php:98

filterberocket_admin_notice_is_display_noticeberocket\includes\updater.php:102

filterberocket_admin_notice_is_display_notice_priorityberocket\includes\updater.php:103

filterplugins_api_resultberocket\includes\updater.php:109

actioninitberocket\includes\updater.php:1413

actionadmin_enqueue_scriptsberocket\sale\sale.php:4

filterBeRocket_cart_notice_custom_post_after_conditionsincludes\custom_post.php:506

actioninitincludes\paid.php:19

filterbrfr_data_berocket_cart_notice_custom_postincludes\paid.php:20

actionadmin_initincludes\paid.php:21

filterberocket_cart_notice_group_limitations_filterincludes\paid.php:59

filterBeRocket_cart_notice_custom_post_after_conditionsincludes\paid.php:98

filterberocket_br_notice_get_optionincludes\paid.php:99

filterberocket_cart_notice_custom_post_conditions_listincludes\tripwire.php:8

actionadmin_enqueue_scriptsmain.php:80

actionwoocommerce_initmain.php:81

actionwidgets_initmain.php:83

filterwoocommerce_before_main_contentmain.php:86

filterthe_contentmain.php:87

actionwp_headmain.php:91

actionwp_headmain.php:92

actionwoocommerce_add_to_cart_fragmentsmain.php:94

actionwp_footermain.php:97

filterBeRocket_updater_menu_order_custom_postmain.php:98

actiondivi_extensions_initmain.php:99

actionwoocommerce_before_cart_contentsmain.php:179

actionwoocommerce_before_checkout_formmain.php:182

filterberocket_cart_notice_group_limitations_filtermain.php:185

filterberocket_cart_notice_check_product_errormain.php:186

Maintenance & Trust

Cart Notices for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 12, 2026

PHP min version7.0

Downloads93K

Community Trust

Rating100/100

Number of ratings41

Active installs2K

Alternatives

Cart Notices for WooCommerce Alternatives

Custom cart page notices for WooCommerce

custom-cart-page-notices-for-woocommerce

100

This plugin lets you customize the default cart page notices for WooCommerce.

0 No CVEs

NS Custom Cart Message for WooCoomerce

ns-custom-message-cart

Add a custom message in cart page! No code required!

30 No CVEs

Developer Profile

Cart Notices for WooCommerce Developer Profile

BeRocket

22 plugins · 139K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

381 days

View full developer profile

Detection Fingerprints

How We Detect Cart Notices for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/cart-notices-for-woocommerce/cart-notices-for-woocommerce.css/wp-content/plugins/cart-notices-for-woocommerce/cart-notices-for-woocommerce.js/wp-content/plugins/cart-notices-for-woocommerce/js/notice.js/wp-content/plugins/cart-notices-for-woocommerce/js/admin.js

Script Paths

/wp-content/plugins/cart-notices-for-woocommerce/cart-notices-for-woocommerce.js/wp-content/plugins/cart-notices-for-woocommerce/js/notice.js/wp-content/plugins/cart-notices-for-woocommerce/js/admin.js

Version Parameters

cart-notices-for-woocommerce/cart-notices-for-woocommerce.css?ver=cart-notices-for-woocommerce/cart-notices-for-woocommerce.js?ver=cart-notices-for-woocommerce/js/notice.js?ver=cart-notices-for-woocommerce/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

berocket_cart_notices_notice

Data Attributes

data-br-cart-notices-id

JS Globals

br_cart_notices_options

FAQ