WP-Safety

Additional Custom Emails & Recipients for WooCommerce Security & Risk Analysis

wordpress.org/plugins/custom-emails-for-woocommerce

Take full control over the emails you send and customize your WooCommerce emails with our plugin.

2K active installs v3.7.0 PHP + WP 4.4+ Updated Mar 25, 2026
custom-emailcustom-emailsemailemailswoocommerce
99
A · Safe
CVEs total1
Unpatched0
Last CVEMay 19, 2025
Plugin page Download
Safety Verdict

Is Additional Custom Emails & Recipients for WooCommerce Safe to Use in 2026?

Generally Safe

Score 99/100

Additional Custom Emails & Recipients for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: May 19, 2025Updated 1mo ago
Risk Assessment

The "custom-emails-for-woocommerce" plugin, version 3.6.8, exhibits a generally strong security posture with no reported critical or high-severity vulnerabilities and a large percentage of properly escaped output. The static analysis shows a minimal attack surface with no exposed AJAX handlers, REST API routes, shortcodes, or cron events that lack authentication or permission checks. Nonce and capability checks are present, albeit limited.

However, a key concern arises from the presence of raw SQL queries without prepared statements. While only one such query was identified, this represents a potential risk for SQL injection if the input feeding it is not meticulously sanitized. The taint analysis also revealed one flow with an unsanitized path, indicating a potential weakness that, while not resulting in a critical or high-severity finding in this analysis, warrants attention. The plugin's history includes one medium-severity CVE related to Cross-Site Scripting, which, although patched, suggests a past susceptibility to input validation issues.

Overall, the plugin has implemented several good security practices, particularly in limiting its attack surface and output escaping. The main areas for improvement are ensuring all SQL queries utilize prepared statements and further investigating and mitigating any identified unsanitized input paths. The single past medium-severity vulnerability should also serve as a reminder to maintain diligent security auditing.

Key Concerns

  • SQL queries without prepared statements
  • Flows with unsanitized paths
  • Medium severity past vulnerability
Vulnerabilities
1 published

Additional Custom Emails & Recipients for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-48251medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Additional Custom Emails &amp; Recipients for WooCommerce <= 3.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

May 19, 2025 Patched in 3.5.2 (10d)
Version History

Additional Custom Emails & Recipients for WooCommerce Release Timeline

v3.7.0Current
v3.6.9
v3.6.8
v3.6.7
v3.6.6
v3.6.5
v3.6.4
v3.6.3
v3.6.2
v3.6.1
v3.6.0
v3.5.3
v3.5.2
v3.5.11 CVE
CVE-2025-48251
v3.5.01 CVE
CVE-2025-48251
v3.4.01 CVE
CVE-2025-48251
v3.3.11 CVE
CVE-2025-48251
v3.3.01 CVE
CVE-2025-48251
v3.2.01 CVE
CVE-2025-48251
v3.1.21 CVE
CVE-2025-48251
Code Analysis
Analyzed Mar 16, 2026

Additional Custom Emails & Recipients for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
0 prepared
Unescaped Output
5
60 escaped
Nonce Checks
3
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

0% prepared1 total queries

Output Escaping

92% escaped65 total outputs
Data Flows · Security
1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths
bulk_action_admin_notice (includes\class-alg-wc-custom-emails-admin.php:445)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Additional Custom Emails & Recipients for WooCommerce Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 41
actionplugins_loadedcustom-emails-for-woocommerce.php:58
filterwoocommerce_order_actionsincludes\class-alg-wc-custom-emails-admin.php:26
actionwoocommerce_order_action_alg_wc_send_email_customincludes\class-alg-wc-custom-emails-admin.php:31
filterbulk_actions-edit-shop_orderincludes\class-alg-wc-custom-emails-admin.php:38
filterbulk_actions-woocommerce_page_wc-ordersincludes\class-alg-wc-custom-emails-admin.php:43
filterhandle_bulk_actions-edit-shop_orderincludes\class-alg-wc-custom-emails-admin.php:48
filterhandle_bulk_actions-woocommerce_page_wc-ordersincludes\class-alg-wc-custom-emails-admin.php:54
actionadmin_noticesincludes\class-alg-wc-custom-emails-admin.php:60
filterbulk_actions-edit-shop_subscriptionincludes\class-alg-wc-custom-emails-admin.php:67
filterbulk_actions-woocommerce_page_wc-orders--shop_subscriptionincludes\class-alg-wc-custom-emails-admin.php:72
filterhandle_bulk_actions-edit-shop_subscriptionincludes\class-alg-wc-custom-emails-admin.php:77
filterhandle_bulk_actions-woocommerce_page_wc-orders--shop_subscriptionincludes\class-alg-wc-custom-emails-admin.php:83
filterwoocommerce_admin_order_preview_actionsincludes\class-alg-wc-custom-emails-admin.php:92
filteradmin_initincludes\class-alg-wc-custom-emails-admin.php:98
filterwoocommerce_admin_order_actionsincludes\class-alg-wc-custom-emails-admin.php:104
filteradmin_initincludes\class-alg-wc-custom-emails-admin.php:110
actionadmin_footerincludes\class-alg-wc-custom-emails-admin.php:114
actionadmin_footerincludes\class-alg-wc-custom-emails-admin.php:120
actionwp_loadedincludes\class-alg-wc-custom-emails-admin.php:126
actionadmin_footerincludes\class-alg-wc-custom-emails-admin.php:130
actionadmin_footerincludes\class-alg-wc-custom-emails-admin.php:136
filterwoocommerce_email_classesincludes\class-alg-wc-custom-emails-core.php:66
filterwoocommerce_email_actionsincludes\class-alg-wc-custom-emails-core.php:72
actionalg_wc_custom_emails_send_emailincludes\class-alg-wc-custom-emails-core.php:78
filterwoocommerce_locate_templateincludes\class-alg-wc-custom-emails-core.php:86
actionwoocommerce_after_save_address_validationincludes\class-alg-wc-custom-emails-core.php:94
actiontransition_post_statusincludes\class-alg-wc-custom-emails-core.php:102
actionwoocommerce_store_api_checkout_update_order_from_requestincludes\class-alg-wc-custom-emails-core.php:110
actionalg_wc_custom_emails_settings_savedincludes\class-alg-wc-custom-emails-core.php:118
actioninitincludes\class-alg-wc-custom-emails.php:86
actionbefore_woocommerce_initincludes\class-alg-wc-custom-emails.php:89
actioninitincludes\class-alg-wc-custom-emails.php:167
actioninitincludes\class-alg-wc-custom-emails.php:170
filterwoocommerce_get_settings_pagesincludes\class-alg-wc-custom-emails.php:173
actionadmin_initincludes\class-alg-wc-custom-emails.php:177
filterwoocommerce_get_sections_alg_wc_custom_emailsincludes\settings\class-alg-wc-custom-emails-settings-section.php:40
actionadmin_noticesincludes\settings\class-alg-wc-custom-emails-settings.php:83
filterwoocommerce_order_item_nameincludes\shortcodes\class-alg-wc-custom-emails-shortcodes.php:925
filterwoocommerce_email_order_items_argsincludes\shortcodes\class-alg-wc-custom-emails-shortcodes.php:930
actionwoocommerce_order_item_meta_endincludes\shortcodes\class-alg-wc-custom-emails-shortcodes.php:935
actionwoocommerce_order_item_meta_endincludes\shortcodes\class-alg-wc-custom-emails-shortcodes.php:940
Maintenance & Trust

Additional Custom Emails & Recipients for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 25, 2026
PHP min version
Downloads74K

Community Trust

Rating100/100
Number of ratings18
Active installs2K
Alternatives

Additional Custom Emails & Recipients for WooCommerce Alternatives

Smart Product Emails

Smart Product Emails

smart-product-emails

A
100

The complete email marketing suite for WooCommerce store owners who want to communicate smarter, not harder.

10 No CVEs
eGrapes WP EMails Events

eGrapes WP EMails Events

egrapes-wp-emails-events

A
85

A Plugin or framework for developers to add events to send customised email messages.

0 No CVEs
MailPoet – Newsletters, Email Marketing, and Automation

MailPoet – Newsletters, Email Marketing, and Automation

mailpoet

A
98

Send beautiful newsletters from WordPress. Collect subscribers with signup forms, automate your emails for WooCommerce, blog post notifications & more

500K 3 CVEs
YayMail – WooCommerce Email Customizer

YayMail – WooCommerce Email Customizer

yaymail

A
92

Customize WooCommerce email templates with an advanced drag-and-drop email builder. Works great with 80+ WooCommerce Email Customizer Addons.

50K 7 CVEs
Preview E-mails for WooCommerce

Preview E-mails for WooCommerce

woo-preview-emails

A
91

An Extension for WooCommerce that allows you to Preview Email Templates.

30K 2 CVEs
Developer Profile

Additional Custom Emails & Recipients for WooCommerce Developer Profile

WPFactory

64 plugins · 137K total installs

77
trust score
Avg Security Score
97/100
Avg Patch Time
94 days
View full developer profile
Detection Fingerprints

How We Detect Additional Custom Emails & Recipients for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

Shortcode Output
[if[clear[site_title[site_address
FAQ

Frequently Asked Questions about Additional Custom Emails & Recipients for WooCommerce