WP-Safety

SMS Abandoned Cart Recovery ✦ CartBoss Security & Risk Analysis

wordpress.org/plugins/cartboss

Boost your sales by recovering abandoned carts with pre-prepared & translated text messages!

400 active installs v4.2.1 PHP 7.2+ WP 5.0+ Updated Dec 5, 2025
abandoned-cartcart-abandonmentcart-recoverysmstext-messages
99
A · Safe
CVEs total1
Unpatched0
Last CVEApr 1, 2025
Plugin page Download
Safety Verdict

Is SMS Abandoned Cart Recovery ✦ CartBoss Safe to Use in 2026?

Generally Safe

Score 99/100

SMS Abandoned Cart Recovery ✦ CartBoss has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Apr 1, 2025Updated 4mo ago
Risk Assessment

The CartBoss v4.2.1 plugin demonstrates several strong security practices, notably its exclusive use of prepared statements for all SQL queries and a high percentage of properly escaped output. The complete absence of direct file operations and a well-managed attack surface with no unprotected entry points are also positive indicators. However, the presence of two unsanitized taint flows, even though not reaching critical or high severity in this analysis, suggests a potential for unexpected data handling that could be exploited in specific scenarios. The plugin's vulnerability history, while showing no currently unpatched CVEs, includes a past medium-severity vulnerability related to missing authorization. This historical pattern, combined with a single capability check in the code, might indicate a need for more robust authorization checks across all potentially sensitive functionalities.

Key Concerns

  • Unsanitized taint flows found (2)
  • Past medium vulnerability (Missing Authorization)
  • Low number of capability checks (1)
Vulnerabilities
1

SMS Abandoned Cart Recovery ✦ CartBoss Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-31865medium · 4.3Missing Authorization

SMS Abandoned Cart Recovery ✦ CartBoss <= 4.1.2 - Missing Authorization

Apr 1, 2025 Patched in 4.1.3 (18d)
Code Analysis
Analyzed Mar 16, 2026

SMS Abandoned Cart Recovery ✦ CartBoss Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
29 prepared
Unescaped Output
2
111 escaped
Nonce Checks
3
Capability Checks
1
File Operations
0
External Requests
2
Bundled Libraries
0

SQL Query Safety

100% prepared29 total queries

Output Escaping

98% escaped113 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
handle (classes\handlers\class-cartboss-handler-order-restore.php:33)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

SMS Abandoned Cart Recovery ✦ CartBoss Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 27
actionbefore_woocommerce_initcartboss.php:19
actionparse_requestclasses\class-cartboss-custom-routes.php:65
filterquery_varsclasses\class-cartboss-custom-routes.php:66
filterrewrite_rules_arrayclasses\class-cartboss-custom-routes.php:67
actionwp_loadedclasses\class-cartboss-custom-routes.php:68
filterhttp_request_timeoutclasses\cron\class-cartboss-cron.php:30
actioncron_schedulesclasses\cron\class-cartboss-cron.php:31
actioninitclasses\cron\class-cartboss-cron.php:32
filterwoocommerce_checkout_fieldsclasses\handlers\class-cartboss-handler-customize-checkout-fields.php:12
actionwoocommerce_new_orderclasses\handlers\class-cartboss-handler-order-create.php:15
actionwoocommerce_before_checkout_processclasses\handlers\class-cartboss-handler-order-duplicate.php:12
actionwoocommerce_order_status_changedclasses\handlers\class-cartboss-handler-order-purchase.php:13
actioninitclasses\managers\class-cartboss-attribution-manager.php:18
actioninitclasses\managers\class-cartboss-better-session-manager.php:15
actioninitclasses\managers\class-cartboss-discount-manager.php:29
actionwoocommerce_cart_calculate_feesclasses\managers\class-cartboss-discount-manager.php:30
actioncb_send_eventclasses\managers\class-cartboss-event-sender.php:12
actioninitclasses\managers\class-cartboss-session-manager.php:17
actionplugins_loadedincludes\class-cartboss.php:144
actionadmin_enqueue_scriptsincludes\class-cartboss.php:149
actionadmin_enqueue_scriptsincludes\class-cartboss.php:150
actionadmin_noticesincludes\class-cartboss.php:152
actionnetwork_admin_noticesincludes\class-cartboss.php:153
actionadmin_menuincludes\class-cartboss.php:155
actionadmin_post_cartboss_form_saveincludes\class-cartboss.php:156
actionwp_enqueue_scriptsincludes\class-cartboss.php:172
actionwp_enqueue_scriptsincludes\class-cartboss.php:173
Maintenance & Trust

SMS Abandoned Cart Recovery ✦ CartBoss Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedDec 5, 2025
PHP min version7.2
Downloads17K

Community Trust

Rating98/100
Number of ratings29
Active installs400
Alternatives

SMS Abandoned Cart Recovery ✦ CartBoss Alternatives

CartStack for WooCommerce

CartStack for WooCommerce

cartstack-for-woocommerce

A
92

CartStack is the leading abandoned cart & customer recovery software for the WooCommerce platform.

80 No CVEs
ShopMagic Abandoned Cart Recovery for WooCommerce

ShopMagic Abandoned Cart Recovery for WooCommerce

shopmagic-abandoned-carts

A
100

Allows saving customer details on partial WooCommerce purchases and sending abandoned cart emails.

3K No CVEs
WinCarts

WinCarts

wincarts

A
100

AI-powered abandoned cart recovery via SMS for WooCommerce stores. Recover lost sales on autopilot.

0 No CVEs
Cart Abandonment Recovery for WooCommerce – Recover Lost Sales with Automated Emails

Cart Abandonment Recovery for WooCommerce – Recover Lost Sales with Automated Emails

woo-cart-abandonment-recovery

A
100

Every store loses sales to cart abandonment. But with Cart Abandonment Recovery for WooCommerce, you can win them back—automatically.

300K 1 CVE
Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools

Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools

woocommerce-jetpack

B
82

Supercharge WooCommerce with FREE Abandoned Cart Recovery, Product Variation Swatches, PDF Invoices & 100+ tools. Boost sales & save time.

30K 32 CVEs
Developer Profile

SMS Abandoned Cart Recovery ✦ CartBoss Developer Profile

CartBoss

1 plugin · 400 total installs

93
trust score
Avg Security Score
99/100
Avg Patch Time
18 days
View full developer profile
Detection Fingerprints

How We Detect SMS Abandoned Cart Recovery ✦ CartBoss

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/cartboss/admin/css/bootstrap-grid.min.css/wp-content/plugins/cartboss/admin/css/cartboss-admin.css/wp-content/plugins/cartboss/admin/js/cartboss-admin.js
Script Paths
https://cdn.jsdelivr.net/npm/gasparesganga-jquery-loading-overlay@2.1.7/dist/loadingoverlay.min.js
Version Parameters
cartboss-bootstrap-gridcartboss-stylecartboss-js

HTML / DOM Fingerprints

CSS Classes
cartboss-admin-wrapper
HTML Comments
<!-- CartBoss: admin wrapper --><!-- CartBoss: settings form --><!-- CartBoss: Notices --><!-- CartBoss: Settings Page -->
Data Attributes
data-cb-phone-at-topdata-cb-marketing-checkbox-enableddata-cb-marketing-checkbox-labeldata-cb-roles
JS Globals
cartboss_params
FAQ

Frequently Asked Questions about SMS Abandoned Cart Recovery ✦ CartBoss