Does Come Back! have any unpatched vulnerabilities?

No. All known vulnerabilities in Come Back! have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Come Back! compatible with WordPress 6.0.11?

According to WordPress.org data, Come Back! 1.3.4 has been tested up to WordPress 6.0.11. Check the plugin's changelog for the latest compatibility information.

Is Come Back! compatible with PHP 5.6+?

Come Back! requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Come Back! updated?

Come Back! was last updated on May 29, 2022. Frequent updates are generally a positive security signal.

What is Come Back!'s security score?

Come Back! has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Come Back! Security & Risk Analysis

wordpress.org/plugins/come-back

Send rearrangement emails to inactive customers. Bring them back.

40 active installs v1.3.4 PHP 5.6+ WP 5.0+ Updated May 29, 2022

idle-usersinactivenotification

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Come Back! Safe to Use in 2026?

Generally Safe

Score 85/100

Come Back! has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago

Risk Assessment

The "come-back" plugin v1.3.4 exhibits a mixed security posture. On the positive side, it has a very small attack surface, with only one AJAX handler and no REST API routes, shortcodes, or cron events exposed. Furthermore, the plugin has a clean vulnerability history with no known CVEs, which is a strong indicator of its current stability and the developers' attention to security.

However, there are notable areas of concern within the static analysis. The presence of the `unserialize` function is a significant risk, as it can lead to object injection vulnerabilities if the input being unserialized is not strictly controlled. While the plugin appears to perform most SQL queries using prepared statements and has a reasonable rate of output escaping, the 3 flows identified with unsanitized paths in the taint analysis are a red flag, suggesting potential for malicious data to be processed without adequate sanitization. The complete absence of capability checks, despite having nonce checks, leaves a gap in access control for its AJAX endpoint, making it susceptible to unauthorized actions if the nonce is bypassed or not implemented correctly on the client-side.

Key Concerns

Use of unserialize function
Flows with unsanitized paths
AJAX handler without capability checks

Vulnerabilities

None known

Come Back! Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Come Back! Code Analysis

Dangerous Functions

Raw SQL Queries

64 prepared

Unescaped Output

49 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$schedule = unserialize( $data->schedule );wp-content\plugins\action-scheduler\classes\data-stores\ActionScheduler_DBStore.php:193

SQL Query Safety

94% prepared68 total queries

Output Escaping

68% escaped72 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

7 flows3 with unsanitized paths

prepare_items (wp-content\plugins\action-scheduler\classes\abstracts\ActionScheduler_Abstract_ListTable.php:399)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Come Back! Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_come_back_send_test_emailsrc\Settings.php:28

WordPress Hooks 86

actioninitsrc\Plugin.php:45

actioninitsrc\Plugin.php:46

actioninitsrc\Plugin.php:47

actioninitsrc\Plugin.php:48

actioncome_back_process_smart_tagssrc\Plugin.php:49

actioncb_schedule_notificationsrc\Plugin.php:50

actionadmin_menusrc\Settings.php:23

actionadmin_initsrc\Settings.php:24

actionadmin_enqueue_scriptssrc\Settings.php:25

filteradmin_footer_textsrc\Settings.php:26

actionadmin_print_scriptssrc\Settings.php:27

actionplugins_loadedwp-content\plugins\action-scheduler\action-scheduler.php:32

actionplugins_loadedwp-content\plugins\action-scheduler\action-scheduler.php:35

actioninitwp-content\plugins\action-scheduler\classes\abstracts\ActionScheduler.php:152

actioninitwp-content\plugins\action-scheduler\classes\abstracts\ActionScheduler.php:153

actioninitwp-content\plugins\action-scheduler\classes\abstracts\ActionScheduler.php:154

actioninitwp-content\plugins\action-scheduler\classes\abstracts\ActionScheduler.php:155

actionaction_scheduler/migration_completewp-content\plugins\action-scheduler\classes\abstracts\ActionScheduler.php:184

actionaction_scheduler_canceled_actionwp-content\plugins\action-scheduler\classes\abstracts\ActionScheduler_Logger.php:50

actionaction_scheduler_begin_executewp-content\plugins\action-scheduler\classes\abstracts\ActionScheduler_Logger.php:51

actionaction_scheduler_after_executewp-content\plugins\action-scheduler\classes\abstracts\ActionScheduler_Logger.php:52

actionaction_scheduler_failed_executionwp-content\plugins\action-scheduler\classes\abstracts\ActionScheduler_Logger.php:53

actionaction_scheduler_failed_actionwp-content\plugins\action-scheduler\classes\abstracts\ActionScheduler_Logger.php:54

actionaction_scheduler_unexpected_shutdownwp-content\plugins\action-scheduler\classes\abstracts\ActionScheduler_Logger.php:55

actionaction_scheduler_reset_actionwp-content\plugins\action-scheduler\classes\abstracts\ActionScheduler_Logger.php:56

actionaction_scheduler_execution_ignoredwp-content\plugins\action-scheduler\classes\abstracts\ActionScheduler_Logger.php:57

actionaction_scheduler_failed_fetch_actionwp-content\plugins\action-scheduler\classes\abstracts\ActionScheduler_Logger.php:58

actionaction_scheduler_failed_to_schedule_next_instancewp-content\plugins\action-scheduler\classes\abstracts\ActionScheduler_Logger.php:59

actionaction_scheduler_bulk_cancel_actionswp-content\plugins\action-scheduler\classes\abstracts\ActionScheduler_Logger.php:60

actionaction_scheduler_stored_actionwp-content\plugins\action-scheduler\classes\abstracts\ActionScheduler_Logger.php:64

actionwoocommerce_admin_status_content_action-schedulerwp-content\plugins\action-scheduler\classes\ActionScheduler_AdminView.php:37

actionwoocommerce_system_status_reportwp-content\plugins\action-scheduler\classes\ActionScheduler_AdminView.php:38

filterwoocommerce_admin_status_tabswp-content\plugins\action-scheduler\classes\ActionScheduler_AdminView.php:39

actionadmin_menuwp-content\plugins\action-scheduler\classes\ActionScheduler_AdminView.php:42

actioncurrent_screenwp-content\plugins\action-scheduler\classes\ActionScheduler_AdminView.php:44

filteraction_scheduler_store_classwp-content\plugins\action-scheduler\classes\ActionScheduler_DataController.php:167

filteraction_scheduler_logger_classwp-content\plugins\action-scheduler\classes\ActionScheduler_DataController.php:168

actiondeactivate_pluginwp-content\plugins\action-scheduler\classes\ActionScheduler_DataController.php:169

actionaction_scheduler/progress_tickwp-content\plugins\action-scheduler\classes\ActionScheduler_DataController.php:174

actionshutdownwp-content\plugins\action-scheduler\classes\ActionScheduler_FatalErrorMonitor.php:19

actionaction_scheduler_before_executewp-content\plugins\action-scheduler\classes\ActionScheduler_FatalErrorMonitor.php:20

actionaction_scheduler_after_executewp-content\plugins\action-scheduler\classes\ActionScheduler_FatalErrorMonitor.php:21

actionaction_scheduler_execution_ignoredwp-content\plugins\action-scheduler\classes\ActionScheduler_FatalErrorMonitor.php:22

actionaction_scheduler_failed_executionwp-content\plugins\action-scheduler\classes\ActionScheduler_FatalErrorMonitor.php:23

actionaction_scheduler/created_tablewp-content\plugins\action-scheduler\classes\ActionScheduler_ListTable.php:511

filtercron_scheduleswp-content\plugins\action-scheduler\classes\ActionScheduler_QueueRunner.php:51

actionshutdownwp-content\plugins\action-scheduler\classes\ActionScheduler_QueueRunner.php:74

actionpre_get_commentswp-content\plugins\action-scheduler\classes\ActionScheduler_WPCommentCleaner.php:44

actionwp_count_commentswp-content\plugins\action-scheduler\classes\ActionScheduler_WPCommentCleaner.php:45

actioncomment_feed_wherewp-content\plugins\action-scheduler\classes\ActionScheduler_WPCommentCleaner.php:46

actionload-tools_page_action-schedulerwp-content\plugins\action-scheduler\classes\ActionScheduler_WPCommentCleaner.php:49

actionload-woocommerce_page_wc-statuswp-content\plugins\action-scheduler\classes\ActionScheduler_WPCommentCleaner.php:50

actionadmin_noticeswp-content\plugins\action-scheduler\classes\ActionScheduler_WPCommentCleaner.php:91

actionaction_scheduler_deleted_actionwp-content\plugins\action-scheduler\classes\data-stores\ActionScheduler_DBLogger.php:104

actionaction_scheduler/created_tablewp-content\plugins\action-scheduler\classes\data-stores\ActionScheduler_HybridStore.php:56

filtercomments_clauseswp-content\plugins\action-scheduler\classes\data-stores\ActionScheduler_wpCommentLogger.php:102

actionaction_scheduler_before_process_queuewp-content\plugins\action-scheduler\classes\data-stores\ActionScheduler_wpCommentLogger.php:219

actionaction_scheduler_after_process_queuewp-content\plugins\action-scheduler\classes\data-stores\ActionScheduler_wpCommentLogger.php:220

actionpre_get_commentswp-content\plugins\action-scheduler\classes\data-stores\ActionScheduler_wpCommentLogger.php:224

actionwp_count_commentswp-content\plugins\action-scheduler\classes\data-stores\ActionScheduler_wpCommentLogger.php:225

actioncomment_feed_wherewp-content\plugins\action-scheduler\classes\data-stores\ActionScheduler_wpCommentLogger.php:226

actionwp_insert_commentwp-content\plugins\action-scheduler\classes\data-stores\ActionScheduler_wpCommentLogger.php:229

actionwp_set_comment_statuswp-content\plugins\action-scheduler\classes\data-stores\ActionScheduler_wpCommentLogger.php:230

filterwp_insert_post_datawp-content\plugins\action-scheduler\classes\data-stores\ActionScheduler_wpPostStore.php:42

filterpre_wp_unique_post_slugwp-content\plugins\action-scheduler\classes\data-stores\ActionScheduler_wpPostStore.php:43

filterpre_wp_unique_post_slugwp-content\plugins\action-scheduler\classes\data-stores\ActionScheduler_wpPostStore.php:460

filterwp_insert_post_datawp-content\plugins\action-scheduler\classes\data-stores\ActionScheduler_wpPostStore.php:775

filterpre_wp_unique_post_slugwp-content\plugins\action-scheduler\classes\data-stores\ActionScheduler_wpPostStore.php:776

filteraction_scheduler_migration_dependencies_metwp-content\plugins\action-scheduler\classes\data-stores\ActionScheduler_wpPostStore.php:849

actionadmin_noticeswp-content\plugins\action-scheduler\classes\migration\Controller.php:135

filteraction_scheduler_store_classwp-content\plugins\action-scheduler\classes\migration\Controller.php:149

filteraction_scheduler_logger_classwp-content\plugins\action-scheduler\classes\migration\Controller.php:150

actioninitwp-content\plugins\action-scheduler\classes\migration\Controller.php:151

actionwp_loadedwp-content\plugins\action-scheduler\classes\migration\Controller.php:152

actionload-tools_page_action-schedulerwp-content\plugins\action-scheduler\classes\migration\Controller.php:155

actionload-woocommerce_page_wc-statuswp-content\plugins\action-scheduler\classes\migration\Controller.php:156

actionaction_scheduler_before_executewp-content\plugins\action-scheduler\classes\WP_CLI\ActionScheduler_WPCLI_QueueRunner.php:79

actionaction_scheduler_after_executewp-content\plugins\action-scheduler\classes\WP_CLI\ActionScheduler_WPCLI_QueueRunner.php:80

actionaction_scheduler_failed_executionwp-content\plugins\action-scheduler\classes\WP_CLI\ActionScheduler_WPCLI_QueueRunner.php:81

actionaction_scheduler/migrate_action_dry_runwp-content\plugins\action-scheduler\classes\WP_CLI\Migration_Command.php:126

actionaction_scheduler/no_action_to_migratewp-content\plugins\action-scheduler\classes\WP_CLI\Migration_Command.php:129

actionaction_scheduler/migrate_action_failedwp-content\plugins\action-scheduler\classes\WP_CLI\Migration_Command.php:132

actionaction_scheduler/migrate_action_incompletewp-content\plugins\action-scheduler\classes\WP_CLI\Migration_Command.php:135

actionaction_scheduler/migrated_actionwp-content\plugins\action-scheduler\classes\WP_CLI\Migration_Command.php:138

actionaction_scheduler/migration_batch_startingwp-content\plugins\action-scheduler\classes\WP_CLI\Migration_Command.php:141

actionaction_scheduler/migration_batch_completewp-content\plugins\action-scheduler\classes\WP_CLI\Migration_Command.php:144

Maintenance & Trust

Come Back! Maintenance & Trust

Maintenance Signals

WordPress version tested6.0.11

Last updatedMay 29, 2022

PHP min version5.6

Downloads8K

Community Trust

Rating100/100

Number of ratings2

Active installs40

Alternatives

Come Back! Alternatives

MailPoet – Newsletters, Email Marketing, and Automation

mailpoet

Send beautiful newsletters from WordPress. Collect subscribers with signup forms, automate your emails for WooCommerce, blog post notifications & more

500K 3 CVEs

Disable Admin Notices – Hide Dashboard Notifications

disable-admin-notices

Disable admin notices and hide dashboard notifications from plugins, themes and core. Hide all notices, selected ones, or show them in a single line.

100K 2 CVEs

Manage Notification E-mails

manage-notification-emails

Enable and disable email notifications that WordPress sends to the admin and user. Works perfectly with many other plugins!

100K 2 CVEs

My Sticky Bar – Floating Notification Bar & Sticky Header (formerly myStickymenu)

mystickymenu

Create a welcome notification bar for your website. Also, My Sticky Bar plugin can make your menu or header sticky to the top when scrolled 📌

100K 6 CVEs

OneSignal – Web Push Notifications

onesignal-free-web-push-notifications

Increase engagement and drive more repeat traffic to your WordPress site with push notifications. Now a WordPress VIP Gold Partner.

70K 2 CVEs

Developer Profile

Come Back! Developer Profile

Sanjeev Aryal

10 plugins · 13K total installs

trust score

Avg Security Score

89/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Come Back!

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/come-back/assets/script.js

Script Paths