Does Cart recovery for WordPress have any unpatched vulnerabilities?

No. All known vulnerabilities in Cart recovery for WordPress have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Cart recovery for WordPress compatible with WordPress 6.9.4?

According to WordPress.org data, Cart recovery for WordPress 3.4.4 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Cart recovery for WordPress compatible with PHP 7.4+?

Cart recovery for WordPress requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Cart recovery for WordPress updated?

Cart recovery for WordPress was last updated on Dec 2, 2025. Frequent updates are generally a positive security signal.

What is Cart recovery for WordPress's security score?

Cart recovery for WordPress has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Cart recovery for WordPress Security & Risk Analysis

wordpress.org/plugins/cart-recovery

Cart recovery for WordPress brings abandoned cart recovery and tracking to your WordPress store.

100 active installs v3.4.4 PHP 7.4+ WP 6.4+ Updated Dec 2, 2025

abanadonedcartecommercemarketingwoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Cart recovery for WordPress Safe to Use in 2026?

Generally Safe

Score 100/100

Cart recovery for WordPress has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago

Risk Assessment

The cart-recovery plugin v3.4.4 presents a mixed security posture. On the positive side, it demonstrates good practices in areas like SQL query sanitization, with 100% using prepared statements, and a high rate of output escaping (93%). The plugin also has a clean vulnerability history with no known CVEs, indicating a generally stable and secure codebase over time. However, there are significant concerns related to its attack surface. With two AJAX handlers, both lacking authentication checks, there's a clear risk of unauthorized actions being performed if these entry points can be accessed by unauthenticated users. The presence of the `unserialize` function, while not explicitly flagged as a taint flow issue in this analysis, is a known vector for deserialization vulnerabilities and should be treated with caution, especially when processing external or untrusted data.

Key Concerns

AJAX handlers without auth checks
Dangerous function 'unserialize' present

Vulnerabilities

None known

Cart recovery for WordPress Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Cart recovery for WordPress Code Analysis

Dangerous Functions

Raw SQL Queries

30 prepared

Unescaped Output

80 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$this->cart_details = unserialize( $results->cart_details );classes\Cart.php:565

unserialize$cart_details = unserialize( $cart->cart_details );classes\GdprExporter.php:95

SQL Query Safety

100% prepared30 total queries

Output Escaping

93% escaped86 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

save_licence (CRFW-Plugin-Updater.php:103)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Cart recovery for WordPress Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

noprivwp_ajax_crfw_record_cartclasses\Engines\AbstractEngine.php:33

authwp_ajax_crfw_record_cartclasses\Engines\AbstractEngine.php:34

WordPress Hooks 51

actionadmin_initcart-recovery-for-wordpress.php:45

actionadmin_noticescart-recovery-for-wordpress.php:46

actionbefore_woocommerce_initcart-recovery-for-wordpress.php:137

actioninitclasses\Campaigns\AbstractCampaign.php:39

actioncrfw_run_campaignsclasses\Campaigns\AbstractCampaign.php:40

filtercrfw_settings_tabsclasses\Campaigns\SimpleCampaign.php:28

actioncrfw_settings_formclasses\Campaigns\SimpleCampaign.php:29

actionwp_enqueue_scriptsclasses\Engines\AbstractEngine.php:30

actioninitclasses\Engines\AbstractEngine.php:43

actionwp_footerclasses\Engines\AbstractEngine.php:92

filterwp_mail_fromclasses\Engines\AbstractEngine.php:406

filterwp_mail_from_nameclasses\Engines\AbstractEngine.php:407

actionedd_complete_purchaseclasses\Engines\Edd.php:316

actionedd_post_add_to_cartclasses\Engines\Edd.php:326

actionedd_post_remove_from_cartclasses\Engines\Edd.php:327

actionedd_after_set_cart_item_quantityclasses\Engines\Edd.php:328

filtercrfw_js_infoclasses\Engines\RestrictContentPro.php:23

actionrcp_form_processingclasses\Engines\RestrictContentPro.php:319

filtercrfw_log_cart_clickthroughclasses\Engines\RestrictContentPro.php:330

actionadmin_menuclasses\Engines\Woocommerce.php:27

filterwoocommerce_navigation_pages_with_tabsclasses\Engines\Woocommerce.php:28

actionwp_loadedclasses\Engines\Woocommerce.php:205

filterwoocommerce_product_data_store_cpt_get_products_queryclasses\Engines\Woocommerce.php:397

actionwoocommerce_checkout_order_processedclasses\Engines\Woocommerce.php:458

actionwoocommerce_store_api_checkout_order_processedclasses\Engines\Woocommerce.php:459

actionwoocommerce_cart_updatedclasses\Engines\Woocommerce.php:467

actionwoocommerce_store_api_cart_update_customer_from_requestclasses\Engines\Woocommerce.php:469

actionwpsc_purchase_log_saveclasses\Engines\Wpecommerce.php:282

actionwpsc_edit_itemclasses\Engines\Wpecommerce.php:289

actionwpsc_add_itemclasses\Engines\Wpecommerce.php:290

actionwpsc_remove_itemclasses\Engines\Wpecommerce.php:291

filterwp_privacy_personal_data_erasersclasses\GdprEraser.php:13

filterwp_privacy_personal_data_exportersclasses\GdprExporter.php:13

actionplugins_loadedclasses\Main.php:51

actioninitclasses\Main.php:54

actionadmin_initclasses\Main.php:55

actionwp_enqueue_scriptsclasses\Main.php:56

filtercron_schedulesclasses\Main.php:57

filtercrfw_campaign_classesclasses\Main.php:58

actioncrfw_cronclasses\Main.php:159

actionadmin_noticesclasses\Main.php:177

actioncrfw_after_complete_cartclasses\RecoveredCartNotificationEmails.php:41

actioninitclasses\Settings.php:73

actionadmin_menuclasses\Settings.php:76

actionadmin_initclasses\Settings.php:81

actionadmin_initCRFW-Plugin-Updater.php:41

actionadmin_menuCRFW-Plugin-Updater.php:42

filterpre_set_site_transient_update_pluginsEDD_SL_Plugin_Updater.php:58

filterplugins_apiEDD_SL_Plugin_Updater.php:59

actionadmin_initEDD_SL_Plugin_Updater.php:62

filterpre_set_site_transient_update_pluginsEDD_SL_Plugin_Updater.php:174

Scheduled Events 1

crfw_cron

Maintenance & Trust

Cart recovery for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 2, 2025

PHP min version7.4

Downloads22K

Community Trust

Rating100/100

Number of ratings6

Active installs100

Alternatives

Cart recovery for WordPress Alternatives

Campaigner Email Marketing

campaigner-email-marketing

100

An easy-to-use email marketing plugin to recover abandoned carts, notify customers about back-in-stock items, and grow your contact list.

0 No CVEs

Cart Rescue – Abandoned Cart Recovery for WooCommerce

cart-rescue-abandoned-cart-recovery

100

A complete abandoned cart recovery solution to grow your business. Features a premium UI, email templates, and detailed reports.

0 No CVEs

MailerLite – WooCommerce integration

woo-mailerlite

Powerful e-commerce email marketing tools that are easy to use. Grow your store with automated emails, pop-ups, product blocks, sales tracking + more.

30K 4 CVEs

MWB HubSpot for WooCommerce – CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics

makewebbetter-hubspot-for-woocommerce

Integrate WooCommerce with HubSpot’s free CRM, abandoned cart tracking, email marketing, marketing automation, analytics & more.

7K 1 CVE

ActiveCampaign for WooCommerce

activecampaign-for-woocommerce

100

https://youtu.be/wHPrLFXQTgQ

6K 1 CVE

Developer Profile

Cart recovery for WordPress Developer Profile

Lee Willis

4 plugins · 41K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Cart recovery for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/cart-recovery/css/remodal.css/wp-content/plugins/cart-recovery/css/remodal-default-theme.css/wp-content/plugins/cart-recovery/js/remodal.min.js

Script Paths

/wp-content/plugins/cart-recovery/js/frontend.js

Version Parameters

cart-recovery/css/remodal.css?ver=cart-recovery/css/remodal-default-theme.css?ver=cart-recovery/js/remodal.min.js?ver=cart-recovery/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

crfw-remodal-closecrfw-remodal-wrappercrfw-unsubscribe-message-wrapper

Data Attributes

data-remodal-target

JS Globals

crfw_settings

FAQ