Carts Guru Security & Risk Analysis
wordpress.org/plugins/carts-guruChase up every lead, convert every sale, and grow your e-commerce business fast with an advanced marketing automation software designed specifically f …
Is Carts Guru Safe to Use in 2026?
Mostly Safe
Score 83/100Carts Guru is generally safe to use though it hasn't been updated recently. 1 past CVE were resolved.
The "carts-guru" plugin v1.4.7 exhibits a mixed security posture. On the positive side, the static analysis reveals a very small attack surface with no exposed AJAX handlers, REST API routes, shortcodes, or cron events that are not protected. Furthermore, a high percentage of SQL queries are prepared, and output is generally properly escaped. However, significant concerns arise from the presence of the `unserialize` function, a known vector for "Deserialization of Untrusted Data" vulnerabilities. The taint analysis, while not reporting critical or high severity flows in this specific analysis, still shows a concerning number of flows with unsanitized paths, suggesting potential for vulnerabilities if data is not handled meticulously. The vulnerability history is particularly worrying, with a past critical vulnerability related to Deserialization of Untrusted Data. While there are no currently unpatched CVEs, the historical pattern of critical deserialization flaws indicates a recurring risk that requires ongoing vigilance. The lack of nonce and capability checks across the board, combined with the use of `unserialize`, leaves the plugin vulnerable if an attacker can control the input to these dangerous functions.
Key Concerns
- Dangerous function unserialize used
- 0 Nonce checks found
- 0 Capability checks found
- Flows with unsanitized paths found
- Past critical vulnerability (Deserialization)
- 6 SQL queries without prepared statements
- 10 Output variables not properly escaped
Carts Guru Security Vulnerabilities
CVEs by Year
Severity Breakdown
1 total CVE
Carts Guru <= 1.4.5 - PHP Object Injection
Carts Guru Release Timeline
Carts Guru Code Analysis
Dangerous Functions Found
SQL Query Safety
Output Escaping
Data Flow Analysis
Carts Guru Attack Surface
WordPress Hooks 26
Maintenance & Trust
Carts Guru Maintenance & Trust
Maintenance Signals
Community Trust
Carts Guru Alternatives
FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce
wp-marketing-automations
Recover lost revenue with Cart Abandonment Recovery for WooCommerce. Increase retention with Post Purchase Follow-Up Emails.
WP Flashy Marketing Automation
wp-flashy-marketing-automation
Flashy is an all-in-one marketing platform for e-commerce websites to grow sales.
Moosend Website Connector
moosend-email-marketing
Improve your conversion rates with cart abandonment and product recommendations emails with a click of a button. Track website behaviour of all visito …
Auto Mail – Abandoned Cart Recovery, Newsletter Builder & Marketing Automation for WooCommerce
auto-mail
Auto Mail is an WordPress email plugin that make you can manage your customer relationships, build your email lists, send email campaigns, build funne …
Gist for WooCommerce
gist-for-woocommerce
Connect your store to your Gist audience to track sales, create targeted emails, send abandoned cart emails, and more.
Carts Guru Developer Profile
1 plugin · 90 total installs
How We Detect Carts Guru
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/carts-guru/assets/css/cartsguru.css/wp-content/plugins/carts-guru/assets/js/cartsguru.js/wp-content/plugins/carts-guru/assets/js/cartsguru.jscarts-guru/assets/css/cartsguru.css?ver=carts-guru/assets/js/cartsguru.js?ver=HTML / DOM Fingerprints
cartsguru_data