WP-Safety

CartSaver Chat Recovery Security & Risk Analysis

wordpress.org/plugins/cartsaver-chat-recovery

Recover WooCommerce abandoned carts automatically via Official WhatsApp API or one-click manual links.

0 active installs v1.0.4 PHP 7.4+ WP 5.0+ Updated Jan 28, 2026
abandoned-cartcart-recoverymeta-apiwhatsappwoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is CartSaver Chat Recovery Safe to Use in 2026?

Generally Safe

Score 100/100

CartSaver Chat Recovery has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The cartsaver-chat-recovery plugin v1.0.4 exhibits a generally good security posture based on the provided static analysis. The absence of unprotected AJAX handlers, REST API routes, and shortcodes significantly limits the plugin's attack surface. The majority of SQL queries use prepared statements, and a high percentage of output is properly escaped, indicating good coding practices in these critical areas. There are no recorded vulnerabilities (CVEs) for this plugin, and the taint analysis shows no critical or high-severity flows with unsanitized paths.

Despite the positive indicators, there are a few areas that warrant attention. The plugin makes an external HTTP request, which, if not handled securely, could introduce risks. While there are nonce checks present, there are no explicit capability checks on any entry points. The presence of a bundled library (Freemius v1.0) also implies a potential dependency that could introduce risks if outdated or vulnerable.

In conclusion, the plugin appears to be developed with security in mind, particularly regarding common web vulnerabilities. The lack of historical vulnerabilities is a strong positive sign. However, the absence of capability checks and the single external HTTP request are minor concerns that could be addressed to further harden the plugin's security.

Key Concerns

  • No capability checks on entry points
  • External HTTP request without clear auth context
  • Bundled Freemius v1.0 library, potential for outdated issues
Vulnerabilities
None known

CartSaver Chat Recovery Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

CartSaver Chat Recovery Code Analysis

Dangerous Functions
0
Raw SQL Queries
4
6 prepared
Unescaped Output
5
23 escaped
Nonce Checks
2
Capability Checks
0
File Operations
0
External Requests
1
Bundled Libraries
1

Bundled Libraries

Freemius1.0

SQL Query Safety

60% prepared10 total queries

Output Escaping

82% escaped28 total outputs
Data Flows
All sanitized

Data Flow Analysis

1 flows
<cartsaver-chat-recovery> (cartsaver-chat-recovery.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

CartSaver Chat Recovery Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 6
filtercron_schedulescartsaver-chat-recovery.php:42
actioncartsaver_mark_abandoned_eventcartsaver-chat-recovery.php:78
actioncartsaver_mark_abandoned_eventcartsaver-chat-recovery.php:86
actionwoocommerce_cart_updatedcartsaver-chat-recovery.php:149
actionwoocommerce_checkout_update_order_metacartsaver-chat-recovery.php:156
actionadmin_menucartsaver-chat-recovery.php:168

Scheduled Events 1

cartsaver_mark_abandoned_event
Maintenance & Trust

CartSaver Chat Recovery Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJan 28, 2026
PHP min version7.4
Downloads122

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

CartSaver Chat Recovery Alternatives

MegaSend for WooCommerce

MegaSend for WooCommerce

megasend-for-woocommerce

A
100

Recover abandoned carts and boost sales with automated WhatsApp messages powered by MegaSend.

0 No CVEs
Quick Cart Recovery

Quick Cart Recovery

quick-cart-recovery

A
100

Recover lost WooCommerce sales instantly via WhatsApp chat. A lightweight and powerful abandoned cart recovery tool.

0 No CVEs
ShopNotify – Personalized Cart Recovery for WooCommerce

ShopNotify – Personalized Cart Recovery for WooCommerce

shopnotify

A
100

Track abandoned carts for logged-in and guest users in WooCommerce, send automated WhatsApp reminders, and gain insights into cart recovery and abando &hellip;

0 No CVEs
Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools

Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools

woocommerce-jetpack

B
82

Supercharge WooCommerce with FREE Abandoned Cart Recovery, Product Variation Swatches, PDF Invoices & 100+ tools. Boost sales & save time.

30K 31 CVEs
Abandoned Cart Recovery for WooCommerce

Abandoned Cart Recovery for WooCommerce

woo-abandoned-cart-recovery

A
100

A simple, effective solution to capture abandoned carts and auto-send reminders. Track logs and generate reports on carts, emails, and more

4K 1 CVE
Developer Profile

CartSaver Chat Recovery Developer Profile

cartplugins

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect CartSaver Chat Recovery

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/cartsaver-chat-recovery/assets/css/style.css/wp-content/plugins/cartsaver-chat-recovery/assets/js/script.js
Script Paths
/wp-content/plugins/cartsaver-chat-recovery/assets/js/script.js
Version Parameters
cartsaver-chat-recovery/assets/css/style.css?ver=cartsaver-chat-recovery/assets/js/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
cartsaver-admin-wrapcartsaver-overview-cardcartsaver-settings-cardcartsaver-tablecartsaver-table-headercartsaver-table-row
HTML Comments
<!-- Main CartSaver Admin Wrap --><!-- Settings Form --><!-- Table of Carts -->
Data Attributes
data-cartsaver-tab
JS Globals
cartsaver_admin_ajax_object
FAQ

Frequently Asked Questions about CartSaver Chat Recovery