Does Constant Contact + WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in Constant Contact + WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Constant Contact + WooCommerce compatible with WordPress 6.8.5?

According to WordPress.org data, Constant Contact + WooCommerce 2.4.2 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Constant Contact + WooCommerce compatible with PHP 7.2+?

Constant Contact + WooCommerce requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Constant Contact + WooCommerce updated?

Constant Contact + WooCommerce was last updated on Nov 25, 2025. Frequent updates are generally a positive security signal.

What is Constant Contact + WooCommerce's security score?

Constant Contact + WooCommerce has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Constant Contact + WooCommerce Security & Risk Analysis

wordpress.org/plugins/constant-contact-woocommerce

Add products to your list emails and sync your contacts.

1K active installs v2.4.2 PHP 7.2+ WP 5.2.2+ Updated Nov 25, 2025

abandoned-cartconstant-contactemail-marketingmarketing-automationwoocommerce

A · Safe

CVEs total1

Unpatched0

Last CVEDec 5, 2025

Plugin page Download

Safety Verdict

Is Constant Contact + WooCommerce Safe to Use in 2026?

Generally Safe

Score 99/100

Constant Contact + WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Dec 5, 2025Updated 4mo ago

Risk Assessment

The "constant-contact-woocommerce" v2.4.2 plugin exhibits a generally good security posture with several positive indicators. The extensive use of prepared statements for SQL queries (78%) and a high percentage of properly escaped output (92%) are strong defenses against common web vulnerabilities. The presence of nonce and capability checks on entry points, along with no identified file operations or bundled libraries, further strengthens its security. However, the single flow with an unsanitized path, though not rated critical or high in taint analysis, warrants attention as it represents a potential avenue for attackers to manipulate data or execute unintended actions.

The vulnerability history shows a single medium-severity CVE, which is now patched. The common vulnerability type of 'Missing Authorization' in the past, despite the current static analysis showing no unprotected entry points, suggests that developers have addressed past authorization issues. The absence of currently unpatched CVEs is a positive sign of active maintenance.

In conclusion, the plugin demonstrates a commitment to security best practices, particularly in its handling of data and user input. The low number of identified vulnerabilities and the patching of past issues are encouraging. The primary area for caution remains the single unsanitized path identified in the taint analysis, which should be investigated to ensure it doesn't pose a latent risk.

Key Concerns

Flow with unsanitized path identified

Vulnerabilities

Constant Contact + WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-67580medium · 5.3Missing Authorization

Constant Contact + WooCommerce <= 2.4.1 - Missing Authorization

Dec 5, 2025 Patched in 2.4.2 (7d)

Code Analysis

Analyzed Mar 16, 2026

Constant Contact + WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

14 prepared

Unescaped Output

45 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

78% prepared18 total queries

Output Escaping

92% escaped49 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

7 flows1 with unsanitized paths

redirect (src\View\Admin\Disconnect.php:107)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Constant Contact + WooCommerce Attack Surface

Entry Points4

Unprotected0

AJAX Handlers 4

authwp_ajax_cc_woo_abandoned_checkouts_capture_guest_checkoutsrc\AbandonedCheckouts\CheckoutHandler.php:43

noprivwp_ajax_cc_woo_abandoned_checkouts_capture_guest_checkoutsrc\AbandonedCheckouts\CheckoutHandler.php:44

authwp_ajax_cc_woo_increment_dismissed_countsrc\Utility\AdminNotifications.php:24

authwp_ajax_cc_woo_set_already_reviewedsrc\Utility\AdminNotifications.php:25

WordPress Hooks 47

actionbefore_woocommerce_initplugin.php:37

actionwoocommerce_before_checkout_formsrc\AbandonedCheckouts\CheckoutHandler.php:34

actionwoocommerce_after_template_partsrc\AbandonedCheckouts\CheckoutHandler.php:37

actionwoocommerce_cart_updatedsrc\AbandonedCheckouts\CheckoutHandler.php:38

actionwoocommerce_set_cart_cookiessrc\AbandonedCheckouts\CheckoutHandler.php:39

actioncc_woo_check_expired_checkoutssrc\AbandonedCheckouts\CheckoutHandler.php:41

actionwoocommerce_checkout_create_ordersrc\AbandonedCheckouts\CheckoutHandler.php:46

actionwp_loadedsrc\AbandonedCheckouts\CheckoutRecovery.php:46

actionadmin_initsrc\AbandonedCheckouts\CheckoutsTable.php:51

actionadmin_initsrc\Api\KeyManager.php:29

filterquerysrc\Api\KeyManager.php:30

actioncc_woo_key_revokedsrc\Api\KeyManager.php:33

actionadmin_noticessrc\Plugin.php:102

actionadmin_noticessrc\Plugin.php:155

actionplugins_loadedsrc\Plugin.php:214

actionwp_enqueue_scriptssrc\Plugin.php:215

actionadmin_enqueue_scriptssrc\Plugin.php:216

actioninitsrc\Plugin.php:217

actionwoocommerce_initsrc\Plugin.php:218

actioninitsrc\Plugin.php:219

actionrest_api_initsrc\Rest\Registrar.php:42

actionadmin_noticessrc\Utility\AdminNotifications.php:22

actionadmin_noticessrc\Utility\AdminNotifications.php:23

actionwoocommerce_set_additional_field_valuesrc\Utility\CheckoutBlockNewsletter.php:47

actionwoocommerce_sanitize_additional_fieldsrc\Utility\CheckoutBlockNewsletter.php:48

filterdebug_informationsrc\Utility\HealthPanel.php:26

actionadmin_initsrc\View\Admin\Disconnect.php:26

actionadmin_menusrc\View\Admin\MenuItem.php:27

actionadmin_menusrc\View\Admin\MenuItem.php:28

actionadmin_initsrc\View\Admin\MenuItem.php:29

filterwoocommerce_settings_tabs_arraysrc\View\Admin\WooTab.php:162

actionwoocommerce_settings_cc_woo_store_information_settings_datasrc\View\Admin\WooTab.php:163

actionwoocommerce_settings_cc_woo_store_information_settings_data_endsrc\View\Admin\WooTab.php:164

filterwoocommerce_settings_groupssrc\View\Admin\WooTab.php:176

filterwoocommerce_settings_startsrc\View\Admin\WooTab.php:186

actionadmin_headsrc\View\Admin\WooTab.php:191

filterallowed_redirect_hostssrc\View\Admin\WooTab.php:699

actioninitsrc\View\Checkout\CampaignId.php:40

actionwoocommerce_checkout_create_ordersrc\View\Checkout\CampaignId.php:41

actionwoocommerce_checkout_update_user_metasrc\View\Checkout\NewsletterPreferenceCheckbox.php:67

actionwoocommerce_created_customersrc\View\Checkout\NewsletterPreferenceCheckbox.php:68

actionwoocommerce_checkout_create_ordersrc\View\Checkout\NewsletterPreferenceCheckbox.php:69

filterwoocommerce_get_settings_pagessrc\View\ViewRegistrar.php:54

actioninitsrc\View\ViewRegistrar.php:55

filterwoocommerce_webhook_topic_hookssrc\WebHook\Disconnect.php:28

filterwoocommerce_valid_webhook_eventssrc\WebHook\Disconnect.php:29

filterwoocommerce_webhook_topicssrc\WebHook\Disconnect.php:30

Scheduled Events 1

cc_woo_check_expired_checkouts

Maintenance & Trust

Constant Contact + WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedNov 25, 2025

PHP min version7.2

Downloads72K

Community Trust

Rating36/100

Number of ratings10

Active installs1K

Alternatives

Constant Contact + WooCommerce Alternatives

MWB HubSpot for WooCommerce – CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics

makewebbetter-hubspot-for-woocommerce

Integrate WooCommerce with HubSpot’s free CRM, abandoned cart tracking, email marketing, marketing automation, analytics & more.

7K 1 CVE

Zoho Campaigns

zoho-campaigns

Zoho Campaigns

4K 4 CVEs

Benchmark Email for WooCommerce

woo-benchmark-email

100

Connects WooCommerce with Benchmark Email - syncing customers and abandoned carts.

200 No CVEs

Auto Mail – Abandoned Cart Recovery, Newsletter Builder & Marketing Automation for WooCommerce

auto-mail

100

Auto Mail is an WordPress email plugin that make you can manage your customer relationships, build your email lists, send email campaigns, build funne …

10 No CVEs

MandrakeCRM – CRM & AI Marketing Automation

mandrakecrm

100

CRM, automations, campaigns & analytics for WooCommerce. Charges per order, not per contact. Unlimited contacts. Free 7-day trial.

0 No CVEs

Developer Profile

Constant Contact + WooCommerce Developer Profile

Constant Contact

3 plugins · 321K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

384 days

View full developer profile

Detection Fingerprints

How We Detect Constant Contact + WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/constant-contact-woocommerce/build/admin.css/wp-content/plugins/constant-contact-woocommerce/build/public.css/wp-content/plugins/constant-contact-woocommerce/build/admin.js/wp-content/plugins/constant-contact-woocommerce/build/public.js

Script Paths

/wp-content/plugins/constant-contact-woocommerce/build/public.js

Version Parameters

constant-contact-woocommerce/build/public.css?ver=constant-contact-woocommerce/build/admin.css?ver=constant-contact-woocommerce/build/public.js?ver=constant-contact-woocommerce/build/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

cc-woo-abandoned-checkout-form

Data Attributes

data-cc-woo-abandoned-checkout-form

JS Globals

cc_woo_abandoned_checkout_params

REST Endpoints

/wp-json/cc-woo/v1/abandoned-checkouts

FAQ

Constant Contact + WooCommerce Security & Risk Analysis

Is Constant Contact + WooCommerce Safe to Use in 2026?

Generally Safe

Key Concerns

Constant Contact + WooCommerce Security Vulnerabilities

CVEs by Year

Severity Breakdown

Constant Contact + WooCommerce Code Analysis

SQL Query Safety

Output Escaping

Data Flow Analysis

Constant Contact + WooCommerce Attack Surface

AJAX Handlers 4

Scheduled Events 1

Constant Contact + WooCommerce Maintenance & Trust

Maintenance Signals

Community Trust

Constant Contact + WooCommerce Alternatives

MWB HubSpot for WooCommerce – CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics

Zoho Campaigns

Benchmark Email for WooCommerce

Auto Mail – Abandoned Cart Recovery, Newsletter Builder & Marketing Automation for WooCommerce

MandrakeCRM – CRM & AI Marketing Automation

Constant Contact + WooCommerce Developer Profile

How We Detect Constant Contact + WooCommerce

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Constant Contact + WooCommerce