Does Cart Notify have any unpatched vulnerabilities?

No. All known vulnerabilities in Cart Notify have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Cart Notify compatible with WordPress 6.4.8?

According to WordPress.org data, Cart Notify 1.1.2 has been tested up to WordPress 6.4.8. Check the plugin's changelog for the latest compatibility information.

Is Cart Notify compatible with PHP 7.2+?

Cart Notify requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Cart Notify updated?

Cart Notify was last updated on Mar 19, 2024. Frequent updates are generally a positive security signal.

What is Cart Notify's security score?

Cart Notify has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Cart Notify Security & Risk Analysis

wordpress.org/plugins/cart-notify

When product is added to cart through Cart Notify plugin, popup notification will show on screen with product information.

0 active installs v1.1.2 PHP 7.2+ WP 4.0+ Updated Mar 19, 2024

cart-notifynotificationnotificationswoonotifywoonotifys

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Cart Notify Safe to Use in 2026?

Generally Safe

Score 85/100

Cart Notify has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The 'cart-notify' plugin version 1.1.2 exhibits a generally positive security posture, with several good practices observed. The complete absence of dangerous functions, all SQL queries utilizing prepared statements, and a lack of recorded vulnerability history are strong indicators of secure development. The presence of numerous nonce and capability checks further bolsters its defense against common WordPress attacks. However, a notable concern lies within its attack surface. Out of six AJAX handlers, one lacks any authentication checks. This unprotected entry point presents a clear avenue for potential exploitation, even if no specific high-severity taint flows were identified in the static analysis. The majority of output is properly escaped, but a significant portion (29%) is not, which could lead to cross-site scripting (XSS) vulnerabilities depending on the nature of the unescaped content.

Key Concerns

AJAX handler without authentication
Significant unescaped output

Vulnerabilities

None known

Cart Notify Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Cart Notify Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

211

508 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared2 total queries

Output Escaping

71% escaped719 total outputs

Data Flows

All sanitized

Data Flow Analysis

3 flows

csf_export (admin\framework\functions\actions.php:62)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Cart Notify Attack Surface

Entry Points6

Unprotected1

AJAX Handlers 6

authwp_ajax_csf-get-iconsadmin\framework\functions\actions.php:50

authwp_ajax_csf-exportadmin\framework\functions\actions.php:87

authwp_ajax_csf-importadmin\framework\functions\actions.php:123

authwp_ajax_csf-resetadmin\framework\functions\actions.php:150

authwp_ajax_csf-chosenadmin\framework\functions\actions.php:189

authwp_ajax_cartnotify_ajax_install_pluginincludes\Necessary.php:33

WordPress Hooks 51

actionwp_enqueue_scriptsadmin\framework\classes\abstract.class.php:20

actionadmin_menuadmin\framework\classes\admin-options.class.php:107

actionadmin_bar_menuadmin\framework\classes\admin-options.class.php:108

actionnetwork_admin_menuadmin\framework\classes\admin-options.class.php:112

filteradmin_footer_textadmin\framework\classes\admin-options.class.php:488

actionadd_meta_boxes_commentadmin\framework\classes\comment-options.class.php:38

actionedit_commentadmin\framework\classes\comment-options.class.php:39

actioncustomize_registeradmin\framework\classes\customize-options.class.php:43

actioncustomize_save_afteradmin\framework\classes\customize-options.class.php:44

actionwp_enqueue_scriptsadmin\framework\classes\customize-options.class.php:48

actionadd_meta_boxesadmin\framework\classes\metabox-options.class.php:50

actionsave_postadmin\framework\classes\metabox-options.class.php:51

actionedit_attachmentadmin\framework\classes\metabox-options.class.php:52

actionwp_nav_menu_item_custom_fieldsadmin\framework\classes\nav-menu-options.class.php:30

actionwp_update_nav_menu_itemadmin\framework\classes\nav-menu-options.class.php:31

filterwp_edit_nav_menu_walkeradmin\framework\classes\nav-menu-options.class.php:33

actionadmin_initadmin\framework\classes\profile-options.class.php:30

actionshow_user_profileadmin\framework\classes\profile-options.class.php:42

actionedit_user_profileadmin\framework\classes\profile-options.class.php:43

actionpersonal_options_updateadmin\framework\classes\profile-options.class.php:45

actionedit_user_profile_updateadmin\framework\classes\profile-options.class.php:46

actionafter_setup_themeadmin\framework\classes\setup.class.php:70

actioninitadmin\framework\classes\setup.class.php:71

actionswitch_themeadmin\framework\classes\setup.class.php:72

actionadmin_enqueue_scriptsadmin\framework\classes\setup.class.php:73

actionwp_enqueue_scriptsadmin\framework\classes\setup.class.php:74

actionwp_headadmin\framework\classes\setup.class.php:75

filteradmin_body_classadmin\framework\classes\setup.class.php:76

actionadmin_footeradmin\framework\classes\shortcode-options.class.php:47

actioncustomize_controls_print_footer_scriptsadmin\framework\classes\shortcode-options.class.php:48

actionelementor/editor/before_enqueue_scriptsadmin\framework\classes\shortcode-options.class.php:57

actionelementor/editor/footeradmin\framework\classes\shortcode-options.class.php:58

actionelementor/editor/footeradmin\framework\classes\shortcode-options.class.php:59

actionenqueue_block_editor_assetsadmin\framework\classes\shortcode-options.class.php:301

actionmedia_buttonsadmin\framework\classes\shortcode-options.class.php:305

actionadmin_initadmin\framework\classes\taxonomy-options.class.php:41

actionadmin_footeradmin\framework\fields\icon\icon.php:41

actioncustomize_controls_print_footer_scriptsadmin\framework\fields\icon\icon.php:42

actionadmin_print_footer_scriptsadmin\framework\fields\link\link.php:65

actionprint_default_editor_scriptsadmin\framework\fields\wp_editor\wp_editor.php:62

actionadmin_menuadmin\framework\views\welcome.php:19

filterplugin_action_linksadmin\framework\views\welcome.php:20

filterplugin_row_metaadmin\framework\views\welcome.php:21

actionplugins_loadedcartnotify.php:59

actionadmin_enqueue_scriptsincludes\Assets.php:15

actionwp_enqueue_scriptsincludes\Assets.php:16

actionadmin_enqueue_scriptsincludes\Assets.php:19

actionwp_enqueue_scriptsincludes\Assets.php:22

actionwp_enqueue_scriptsincludes\Assets.php:23

actionwp_enqueue_scriptsincludes\Frontend\Notify.php:18

actionadmin_noticesincludes\Necessary.php:25

Maintenance & Trust

Cart Notify Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8

Last updatedMar 19, 2024

PHP min version7.2

Downloads828

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Cart Notify Alternatives

Disable Admin Notices – Hide Dashboard Notifications

disable-admin-notices

Disable admin notices and hide dashboard notifications from plugins, themes and core. Hide all notices, selected ones, or show them in a single line.

100K 2 CVEs

OneSignal – Web Push Notifications

onesignal-free-web-push-notifications

Increase engagement and drive more repeat traffic to your WordPress site with push notifications. Now a WordPress VIP Gold Partner.

70K 2 CVEs

Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress

email-subscribers

Add subscription forms on the website and send newsletters & automatically send post notification about new blog posts once it gets published.

60K 42 CVEs

ActiveCampaign Postmark for WordPress

postmark-approved-wordpress-plugin

The officially-supported ActiveCampaign Postmark plugin for Wordpress.

50K No CVEs

WP Telegram (Auto Post and Notifications)

wptelegram

100

Integrate your WordPress site perfectly with Telegram with full control.

30K No CVEs

Developer Profile

Cart Notify Developer Profile

M Hemel Hasan

2 plugins · 0 total installs

trust score

Avg Security Score

93/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Cart Notify

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/cart-notify/assets/css/cart-notify.css/wp-content/plugins/cart-notify/assets/js/cart-notify.js

Script Paths

/wp-content/plugins/cart-notify/assets/js/cart-notify.js

Version Parameters

cart-notify/assets/css/cart-notify.css?ver=cart-notify/assets/js/cart-notify.js?ver=

HTML / DOM Fingerprints

FAQ