Does ELEX WooCommerce Abandoned Cart Recovery with Dynamic Coupons have any unpatched vulnerabilities?

No. All known vulnerabilities in ELEX WooCommerce Abandoned Cart Recovery with Dynamic Coupons have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is ELEX WooCommerce Abandoned Cart Recovery with Dynamic Coupons compatible with WordPress 6.9.4?

According to WordPress.org data, ELEX WooCommerce Abandoned Cart Recovery with Dynamic Coupons 1.1.6 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

ELEX WooCommerce Abandoned Cart Recovery with Dynamic Coupons Security & Risk Analysis

wordpress.org/plugins/elex-abandoned-cart-recovery-with-dynamic-coupons

Recover abandoned carts with a series of predetermined, rule-based reminder emails that include dynamically generated smart discount coupons.

100 active installs v1.1.6 PHP + WP 2.6.0+ Updated Feb 9, 2026

abandoned-cartabandoned-cart-emailscart-recoverydynamic-couponsrecover-lost-sales

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is ELEX WooCommerce Abandoned Cart Recovery with Dynamic Coupons Safe to Use in 2026?

Generally Safe

Score 100/100

ELEX WooCommerce Abandoned Cart Recovery with Dynamic Coupons has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The "elex-abandoned-cart-recovery-with-dynamic-coupons" v1.1.6 plugin exhibits a mixed security posture. On one hand, it demonstrates good practices with a high percentage of prepared SQL statements and properly escaped output. The presence of nonce checks and capability checks (though none are recorded as being actively enforced for certain entry points) is also a positive sign. The vulnerability history shows no previously recorded CVEs, which could indicate a history of secure development or simply a lack of past scrutiny.

However, significant concerns arise from the static analysis. The plugin has a substantial attack surface with 27 AJAX handlers, and critically, 2 of these lack any authentication checks. This creates direct entry points for unauthenticated attackers. The taint analysis reveals 4 high-severity flows with unsanitized paths, indicating potential for injection vulnerabilities if these flows are reachable by attackers. The absence of recorded capability checks for the identified AJAX handlers further exacerbates this risk, as it implies these handlers might be executed without proper authorization.

In conclusion, while the plugin avoids common pitfalls like widespread raw SQL queries or consistently unescaped output, the presence of unprotected AJAX handlers and high-severity unsanitized paths presents a clear and present danger. The lack of historical vulnerabilities is a positive but cannot override the immediate risks identified in the current code. A careful review and remediation of these specific entry points and taint flows are strongly recommended.

Key Concerns

Unprotected AJAX handlers
High severity unsanitized paths in taint analysis
No recorded capability checks for entry points

Vulnerabilities

None known

ELEX WooCommerce Abandoned Cart Recovery with Dynamic Coupons Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

ELEX WooCommerce Abandoned Cart Recovery with Dynamic Coupons Code Analysis

Dangerous Functions

Raw SQL Queries

40 prepared

Unescaped Output

544 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2TinyMCE6.2.0

SQL Query Safety

82% prepared49 total queries

Output Escaping

87% escaped627 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

9 flows4 with unsanitized paths

download_info (includes\elex-abandoned-cart.php:303)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

ELEX WooCommerce Abandoned Cart Recovery with Dynamic Coupons Attack Surface

Entry Points27

Unprotected2

AJAX Handlers 27

noprivwp_ajax_elex_guest_dataincludes\class-elex-ab-cart-action.php:32

authwp_ajax_elex_ab_ajax_send_email_individualincludes\class_elex_email_cron_action.php:20

authwp_ajax_elex_ac_bulk_deleteincludes\elex-abandoned-cart.php:29

authwp_ajax_elex_ac_edit_templateincludes\elex-abandoned-cart.php:30

authwp_ajax_elex_ac_update_templateincludes\elex-abandoned-cart.php:31

authwp_ajax_elex_ac_save_templateincludes\elex-abandoned-cart.php:32

authwp_ajax_elex_ac_delete_templateincludes\elex-abandoned-cart.php:33

authwp_ajax_elex_get_default_template_contentincludes\elex-abandoned-cart.php:34

authwp_ajax_elex_ac_delete_orderincludes\elex-abandoned-cart.php:36

authwp_ajax_elex_ac_restore_orderincludes\elex-abandoned-cart.php:37

authwp_ajax_elex_ac_edit_ruleincludes\elex-abandoned-cart.php:38

authwp_ajax_elex_ac_update_ruleincludes\elex-abandoned-cart.php:39

authwp_ajax_elex_ac_update_rule_statusincludes\elex-abandoned-cart.php:40

authwp_ajax_elex_ac_add_new_ruleincludes\elex-abandoned-cart.php:41

authwp_ajax_elex_ac_save_email_triggersincludes\elex-abandoned-cart.php:42

authwp_ajax_elex_ac_add_new_email_triggerincludes\elex-abandoned-cart.php:43

authwp_ajax_elex_ac_subscribe_or_unsubscribeincludes\elex-abandoned-cart.php:44

authwp_ajax_elex_ac_delete_ruleincludes\elex-abandoned-cart.php:48

authwp_ajax_elex_ac_bulk_delete_cart_ordersincludes\elex-abandoned-cart.php:49

authwp_ajax_elex_ac_delete_orders_from_trashincludes\elex-abandoned-cart.php:50

authwp_ajax_elex_ab_ajax_view_cart_detailsincludes\elex-abandoned-cart.php:51

authwp_ajax_elex_ab_ajax_unsubscribe_individualincludes\elex-abandoned-cart.php:53

authwp_ajax_elex_ab_ajax_get_reportincludes\elex-abandoned-cart.php:54

authwp_ajax_elex_getdatatemplateincludes\elex-abandoned-cart.php:55

authwp_ajax_elex_ac_get_custom_logoincludes\elex-abandoned-cart.php:67

authwp_ajax_elex_ac_save_restrictionincludes\elex-abandoned-cart.php:69

authwp_ajax_elex_ac_send_test_mailincludes\elex-abandoned-cart.php:70

WordPress Hooks 41

actionadmin_noticeselex-abandoned-cart-woocommerce.php:40

actioninitelex-abandoned-cart-woocommerce.php:102

actionadmin_menuelex-abandoned-cart-woocommerce.php:105

actionadmin_enqueue_scriptselex-abandoned-cart-woocommerce.php:106

actionwp_enqueue_scriptselex-abandoned-cart-woocommerce.php:107

actionplugins_loadedelex-abandoned-cart-woocommerce.php:108

filtertiny_mce_before_initelex-abandoned-cart-woocommerce.php:282

filtermce_external_pluginselex-abandoned-cart-woocommerce.php:283

filtermce_buttonselex-abandoned-cart-woocommerce.php:284

actionbefore_woocommerce_initelex-abandoned-cart-woocommerce.php:385

actionbefore_woocommerce_initelex-abandoned-cart-woocommerce.php:395

actionwoocommerce_after_cart_tableincludes\class-elex-ab-cart-action.php:20

actionwoocommerce_after_checkout_billing_formincludes\class-elex-ab-cart-action.php:21

actionwoocommerce_blocks_enqueue_cart_block_scripts_afterincludes\class-elex-ab-cart-action.php:23

actionwoocommerce_blocks_enqueue_checkout_block_scripts_afterincludes\class-elex-ab-cart-action.php:24

actionwoocommerce_blocks_loadedincludes\class-elex-ab-cart-action.php:25

actionwoocommerce_order_status_changedincludes\class-elex-ab-cart-action.php:27

actionwoocommerce_add_to_cartincludes\class-elex-ab-cart-action.php:28

actionwoocommerce_cart_item_removedincludes\class-elex-ab-cart-action.php:29

actionwoocommerce_cart_item_restoredincludes\class-elex-ab-cart-action.php:30

actionwoocommerce_cart_item_set_quantityincludes\class-elex-ab-cart-action.php:31

actionwp_loadedincludes\class-elex-ab-cart-action.php:33

actionwoocommerce_new_orderincludes\class-elex-ab-cart-action.php:59

filterwoocommerce_checkout_fieldsincludes\class-elex-ab-cart-action.php:110

filterwoocommerce_checkout_fieldsincludes\class-elex-ab-cart-action.php:172

actioninitincludes\class_elex_email_cron_action.php:19

filtercron_schedulesincludes\class_elex_email_cron_action.php:21

actionelex_ab_email_crawlerincludes\class_elex_email_cron_action.php:22

actionwp_mail_failedincludes\class_elex_email_cron_action.php:318

actionwoocommerce_initincludes\elex-abandoned-cart.php:28

actioninitincludes\elex-abandoned-cart.php:45

actionadmin_initincludes\elex-abandoned-cart.php:56

actionadmin_initincludes\elex-abandoned-cart.php:57

actionadmin_initincludes\elex-abandoned-cart.php:58

actionadmin_initincludes\elex-abandoned-cart.php:59

actiontemplate_includeincludes\elex-abandoned-cart.php:63

actionwoocommerce_before_shop_loopincludes\elex-abandoned-cart.php:64

actionwoocommerce_before_single_product_summaryincludes\elex-abandoned-cart.php:65

actioninitincludes\elex-abandoned-cart.php:71

actionadmin_noticesreview_and_troubleshoot_notify\review-and-troubleshoot-notify-class.php:20

actionadmin_initreview_and_troubleshoot_notify\review-and-troubleshoot-notify-class.php:21

Scheduled Events 1

elex_ab_email_crawler

Maintenance & Trust

ELEX WooCommerce Abandoned Cart Recovery with Dynamic Coupons Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 9, 2026

PHP min version

Downloads6K

Community Trust

Rating100/100

Number of ratings2

Active installs100

Alternatives

ELEX WooCommerce Abandoned Cart Recovery with Dynamic Coupons Alternatives

Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools

woocommerce-jetpack

Supercharge WooCommerce with FREE Abandoned Cart Recovery, Product Variation Swatches, PDF Invoices & 100+ tools. Boost sales & save time.

30K 31 CVEs

Abandoned Cart Recovery for WooCommerce

woo-abandoned-cart-recovery

100

A simple, effective solution to capture abandoned carts and auto-send reminders. Track logs and generate reports on carts, emails, and more

4K 1 CVE

ShopMagic Abandoned Cart Recovery for WooCommerce

shopmagic-abandoned-carts

100

Allows saving customer details on partial WooCommerce purchases and sending abandoned cart emails.

3K No CVEs

Cart Lift – Abandoned Cart Recovery for WooCommerce and EDD

cart-lift

Track abandoned carts and send automated, customizable abandoned cart recovery emails. Get more leads, reduce cart abandonment, and increase revenue.

1K 2 CVEs

SMS Abandoned Cart Recovery ✦ CartBoss

cartboss

Boost your sales by recovering abandoned carts with pre-prepared & translated text messages!

400 1 CVE

Developer Profile

ELEX WooCommerce Abandoned Cart Recovery with Dynamic Coupons Developer Profile

ELEXtensions

22 plugins · 28K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

53 days

View full developer profile

Detection Fingerprints

How We Detect ELEX WooCommerce Abandoned Cart Recovery with Dynamic Coupons

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/elex-abandoned-cart-recovery-with-dynamic-coupons/assets/js/cart-scripts.js/wp-content/plugins/elex-abandoned-cart-recovery-with-dynamic-coupons/assets/css/cart-styles.css/wp-content/plugins/elex-abandoned-cart-recovery-with-dynamic-coupons/assets/js/admin-scripts.js/wp-content/plugins/elex-abandoned-cart-recovery-with-dynamic-coupons/assets/css/admin-styles.css

Version Parameters

elex-abandoned-cart-recovery-with-dynamic-coupons/assets/js/cart-scripts.js?ver=elex-abandoned-cart-recovery-with-dynamic-coupons/assets/css/cart-styles.css?ver=elex-abandoned-cart-recovery-with-dynamic-coupons/assets/js/admin-scripts.js?ver=elex-abandoned-cart-recovery-with-dynamic-coupons/assets/css/admin-styles.css?ver=

HTML / DOM Fingerprints

CSS Classes

elex-abandoned-cart-recovery-messageelex-abandoned-cart-recovery-buttonelex-abandoned-cart-recovery-form

HTML Comments

Data Attributes

data-elex-cart-iddata-elex-action

JS Globals

window.elexAbandonedCartConfigvar elex_cart_settingsvar elex_cart_ajax_url

REST Endpoints

/wp-json/elex-abandoned-cart/v1/track/wp-json/elex-abandoned-cart/v1/submit

Shortcode Output

[elex_abandoned_cart_form][elex_abandoned_cart_button]

FAQ