Does Conditional Marketing Mailer for Woocommerce have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Conditional Marketing Mailer for Woocommerce compatible with WordPress 6.8.5?

According to WordPress.org data, Conditional Marketing Mailer for Woocommerce 2.9 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Conditional Marketing Mailer for Woocommerce compatible with PHP 5.4+?

Conditional Marketing Mailer for Woocommerce requires PHP 5.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

What is Conditional Marketing Mailer for Woocommerce's security score?

Conditional Marketing Mailer for Woocommerce has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Conditional Marketing Mailer for Woocommerce Security & Risk Analysis

wordpress.org/plugins/conditional-marketing-mailer

Stop Cart Abandonments and Recover Your Lost Revenue, This plugin let you create marketing emails to be sent based on custom conditions

10 active installs v2.9 PHP 5.4+ WP 4.5+ Updated Sep 6, 2025

abandoned-cartautomationcancelled-ordersemail-marketingnewsletter

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Conditional Marketing Mailer for Woocommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Conditional Marketing Mailer for Woocommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8mo ago

Risk Assessment

The "conditional-marketing-mailer" plugin version 2.9 exhibits a concerning security posture due to a significant number of unprotected entry points. All identified AJAX handlers and REST API routes lack proper authentication and permission checks, creating a wide attack surface that could be exploited by unauthenticated users. While the plugin demonstrates good practices in preventing dangerous functions, using prepared statements for SQL queries, and generally escaping output, these strengths are overshadowed by the critical vulnerability of exposed endpoints.

The taint analysis revealed one flow with unsanitized paths, although it was not flagged as critical or high severity. This suggests a potential, albeit likely low-impact, risk of data manipulation or unintended behavior if an attacker could trigger this specific flow. The absence of any recorded CVEs or past vulnerabilities, while positive, does not negate the current risks present in the code's architecture. The plugin's reliance on a bundled library, Select2, could pose a minor risk if it's an outdated version, though no specific information on its versioning or known vulnerabilities is provided.

In conclusion, the plugin has some positive security attributes, particularly in its SQL handling and output escaping. However, the prevalent lack of authentication on its AJAX and REST API endpoints is a serious weakness. This makes the plugin highly susceptible to unauthorized actions and data exposure, necessitating immediate attention to implement proper authorization checks on all exposed entry points to mitigate these risks.

Key Concerns

Unprotected AJAX handlers
Unprotected REST API routes
Flow with unsanitized paths
Bundled library (Select2)

Vulnerabilities

None known

Conditional Marketing Mailer for Woocommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Conditional Marketing Mailer for Woocommerce Release Timeline

v2.9Current

v2.8

v2.7

v2.6

v2.4

v2.3

v2.2

v2.1

v1.9

v1.6

v1.3

v1.2

v1.1

Code Analysis

Analyzed Mar 16, 2026

Conditional Marketing Mailer for Woocommerce Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

51 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

SQL Query Safety

100% prepared1 total queries

Output Escaping

86% escaped59 total outputs

Data Flows · Security

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

notification_bar_review_notice_message (notifications.php:124)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

6 unprotected

Conditional Marketing Mailer for Woocommerce Attack Surface

Entry Points6

Unprotected6

AJAX Handlers 4

authwp_ajax_get_products_listadmin\metaBox.php:10

noprivwp_ajax_get_products_listadmin\metaBox.php:11

authwp_ajax_send_emailadmin\testing-massage.php:10

noprivwp_ajax_send_emailadmin\testing-massage.php:12

REST API Routes 2

GET/wp-json/wcmm/send/(?P<id>[a-zA-Z0-9-]+)admin\cron.php:18

GET/wp-json/wcmm/massage_open/(?P<id>\d+)admin\cron.php:24

WordPress Hooks 34

actionrest_api_initadmin\cron.php:10

actionmy_hourly_eventadmin\cron.php:11

actionwp_footeradmin\cron.php:12

actionwpadmin\cron.php:13

filterwp_mail_content_typeadmin\cron.php:109

actionadd_meta_boxesadmin\metaBox.php:8

actionsave_postadmin\metaBox.php:9

actionadmin_print_stylesadmin\metaBox.php:20

actionadmin_enqueue_scriptsadmin\metaBox.php:21

actionadmin_footeradmin\metaBox.php:22

actioninitadmin\post_type.php:8

actioninitadmin\post_type.php:9

actionadmin_footeradmin\post_type.php:10

filtermanage_wcmm_posts_columnsadmin\post_type.php:11

actionmanage_posts_custom_columnadmin\post_type.php:12

filterpost_row_actionsadmin\post_type.php:13

actionadmin_menuadmin\setting.php:6

actionadmin_initadmin\setting.php:7

actionadmin_print_stylesadmin\setting.php:271

filterwp_mail_content_typeadmin\testing-massage.php:148

filterwp_mail_content_typeadmin\testing-massage.php:150

actionadmin_initnotifications.php:43

actionadmin_noticesnotifications.php:77

actioninitnotifications.php:159

actioninitwoo-conditional-marketing-mailer.php:27

actionload-edit.phpwoo-conditional-marketing-mailer.php:48

actionall_admin_noticeswoo-conditional-marketing-mailer.php:55

actionload-post-new.phpwoo-conditional-marketing-mailer.php:58

actionall_admin_noticeswoo-conditional-marketing-mailer.php:65

filterpost_row_actionswoo-conditional-marketing-mailer.php:81

filterparse_querywoo-conditional-marketing-mailer.php:96

filterWCMM_wisdom_sort_plugins_by_slugwoo-conditional-marketing-mailer.php:100

actionmanage_mail_send_posts_custom_columnwoo-conditional-marketing-mailer.php:110

actionwoocommerce_checkout_update_order_metawoo-conditional-marketing-mailer.php:128

Scheduled Events 1

my_hourly_event

Maintenance & Trust

Conditional Marketing Mailer for Woocommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedSep 6, 2025

PHP min version5.4

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Conditional Marketing Mailer for Woocommerce Alternatives

Remarkety – eCommerce Marketing Automation Platform for WooCommerce

remarkety-for-woocommerce

100

Send intelligent emails based on customer purchase history. Recover abandoned carts, send targeted newsletters and more. Free Trial!

70 No CVEs

MailPoet – Newsletters, Email Marketing, and Automation

mailpoet

Send beautiful newsletters from WordPress. Collect subscribers with signup forms, automate your emails for WooCommerce, blog post notifications & more

500K 3 CVEs

Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress

email-subscribers

Add subscription forms on the website and send newsletters & automatically send post notification about new blog posts once it gets published.

60K 42 CVEs

Brevo for WooCommerce

woocommerce-sendinblue-newsletter-subscription

All-in-one WooCommerce email marketing, automation, SMS, and CRM by Brevo. Grow your store with powerful marketing tools.

30K 3 CVEs

FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce

wp-marketing-automations

Recover lost revenue with Cart Abandonment Recovery for WooCommerce. Increase retention with Post Purchase Follow-Up Emails.

20K 12 CVEs

Developer Profile

Conditional Marketing Mailer for Woocommerce Developer Profile

wp-buy

15 plugins · 345K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

879 days

View full developer profile

Detection Fingerprints

How We Detect Conditional Marketing Mailer for Woocommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/conditional-marketing-mailer/js/query_builder.js/wp-content/plugins/conditional-marketing-mailer/js/select2/select2.min.js/wp-content/plugins/conditional-marketing-mailer/js/admin_script.js/wp-content/plugins/conditional-marketing-mailer/css/admin_style.css/wp-content/plugins/conditional-marketing-mailer/css/select2.min.css

Script Paths

HTML / DOM Fingerprints

CSS Classes

wcmm_conditional_settingswcmm_coupon_settingswcmm_cronjob_settingswcmm-post-type-wcmmwcmm_conditional_select_product_categorywcmm_conditional_select_product_tagwcmm_conditional_select_product

HTML Comments

<!-- Before:<!-- Add the data to the custom columns for the book post type:

Data Attributes

data-product_iddata-post_iddata-query_id

JS Globals

WCMM_datawcmm_admin_script

REST Endpoints

/wp-json/wcmm/v1/products

FAQ