WP-Safety

Email Customizer for WooCommerce | Drag and Drop Email Templates Builder Security & Risk Analysis

wordpress.org/plugins/email-customizer-for-woocommerce

WooCommerce Email Customizer plugin lets you customize transactional emails using a template builder, adding text, images & more to match your brand

10K active installs v2.6.9 PHP 5.6+ WP 4.9+ Updated Mar 10, 2026
email-customizeremail-designeremail-templatewoocommerce-email-customizerwoocommerce-emails
98
A · Safe
CVEs total2
Unpatched0
Last CVEJan 6, 2026
Plugin page Download
Safety Verdict

Is Email Customizer for WooCommerce | Drag and Drop Email Templates Builder Safe to Use in 2026?

Generally Safe

Score 98/100

Email Customizer for WooCommerce | Drag and Drop Email Templates Builder has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Jan 6, 2026Updated 24d ago
Risk Assessment

The "email-customizer-for-woocommerce" v2.6.9 plugin exhibits a generally strong security posture, with a notable absence of unprotected entry points and a high percentage of properly escaped output. The plugin also diligently uses prepared statements for SQL queries and incorporates numerous nonce and capability checks, indicating a conscious effort towards secure coding practices. However, the presence of the 'unserialize' function represents a potential area of concern, as it can lead to deserialization vulnerabilities if not handled with extreme care, especially when processing untrusted input. The vulnerability history shows two known medium-severity CVEs, both related to Cross-site Scripting and Information Exposure. While these are currently patched, their existence suggests that the plugin has had past security weaknesses. The absence of unpatched vulnerabilities in the current version is a positive sign, but the past indicates a need for continued vigilance.

Key Concerns

  • Presence of unserialize function
  • Past medium severity vulnerabilities (2)
Vulnerabilities
2

Email Customizer for WooCommerce | Drag and Drop Email Templates Builder Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-13974medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Email Customizer for WooCommerce | Drag and Drop Email Templates Builder <= 2.6.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via Email Template Content

Jan 6, 2026 Patched in 2.6.8 (37d)
CVE-2024-32781medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

Email Customizer for WooCommerce | Drag and Drop Email Templates Builder <= 2.6.0 - Information Exposure

Apr 22, 2024 Patched in 2.6.1 (9d)
Code Analysis
Analyzed Mar 16, 2026

Email Customizer for WooCommerce | Drag and Drop Email Templates Builder Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
13
328 escaped
Nonce Checks
14
Capability Checks
3
File Operations
3
External Requests
1
Bundled Libraries
0

Dangerous Functions Found

unserialize$settings = unserialize(base64_decode($content));classes\inc\class-wecmf-email-customizer-utils.php:373

Output Escaping

96% escaped341 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths
prepare_preview (classes\class-wecmf-settings.php:77)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Email Customizer for WooCommerce | Drag and Drop Email Templates Builder Attack Surface

Entry Points6
Unprotected0

AJAX Handlers 6

authwp_ajax_hide_thwecmf_admin_noticeclasses\class-wecmf-settings.php:47
authwp_ajax_thwecm_deactivation_reasonclasses\class-wecmf-settings.php:67
authwp_ajax_thwecmf_template_actionsclasses\inc\class-wecmf-general-template.php:28
authwp_ajax_thwecmf_send_test_mailclasses\inc\class-wecmf-general-template.php:29
authwp_ajax_thwecmf_preview_templateclasses\inc\class-wecmf-general-template.php:30
authwp_ajax_thwecmf_reset_previewclasses\inc\class-wecmf-general-template.php:31
WordPress Hooks 26
actionadmin_initclasses\class-wecmf-settings.php:48
actionadmin_initclasses\class-wecmf-settings.php:49
actionadmin_menuclasses\class-wecmf-settings.php:50
actionadmin_headclasses\class-wecmf-settings.php:51
actionadmin_initclasses\class-wecmf-settings.php:52
actionadmin_noticesclasses\class-wecmf-settings.php:53
actionadmin_titleclasses\class-wecmf-settings.php:54
filterwoocommerce_screen_idsclasses\class-wecmf-settings.php:55
actionadmin_body_classclasses\class-wecmf-settings.php:57
filterwoocommerce_email_stylesclasses\class-wecmf-settings.php:58
actionadmin_footerclasses\class-wecmf-settings.php:59
actionadmin_footer-plugins.phpclasses\class-wecmf-settings.php:66
filtersafe_style_cssclasses\class-wecmf-settings.php:103
filterwc_get_templateclasses\class-wecmf-settings.php:160
filterwoocommerce_email_stylesclasses\class-wecmf-settings.php:161
actionadmin_print_scriptsclasses\class-wecmf-settings.php:191
actionadmin_enqueue_scriptsclasses\class-wecmf-settings.php:192
actionwoocommerce_email_headerclasses\inc\class-wecmf-email-customizer-utils.php:912
actionwoocommerce_email_footerclasses\inc\class-wecmf-email-customizer-utils.php:913
actionwoocommerce_email_headerclasses\inc\class-wecmf-email-customizer-utils.php:932
actionwoocommerce_email_footerclasses\inc\class-wecmf-email-customizer-utils.php:933
filterwp_mail_fromclasses\inc\class-wecmf-general-template.php:374
filterwp_mail_from_nameclasses\inc\class-wecmf-general-template.php:375
filterwp_mail_content_typeclasses\inc\class-wecmf-general-template.php:376
actioninitemail-customizer-for-woocommerce.php:60
actionbefore_woocommerce_initemail-customizer-for-woocommerce.php:85
Maintenance & Trust

Email Customizer for WooCommerce | Drag and Drop Email Templates Builder Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 10, 2026
PHP min version5.6
Downloads251K

Community Trust

Rating86/100
Number of ratings43
Active installs10K
Alternatives

Email Customizer for WooCommerce | Drag and Drop Email Templates Builder Alternatives

YayMail – WooCommerce Email Customizer

YayMail – WooCommerce Email Customizer

yaymail

A
91

Customize WooCommerce email templates with an advanced drag-and-drop email builder. Works great with 80+ WooCommerce Email Customizer Addons.

50K 4 CVEs
Email customizer and designer for woocommerce

Email customizer and designer for woocommerce

email-customizer-and-designer-for-woocommerce

A
100

If you tired of default email templates of WooCommerce and you are looking for a way to customize WooCommerce emails. Email Customizer for WooCommerce &hellip;

100 No CVEs
Advanced Emailing for WooCommerce

Advanced Emailing for WooCommerce

advanced-emailing-for-woocommerce

A
100

Customize your WooCommerce emails or create new one that are sent when a condition is met.

20 No CVEs
EmailKit – Email Customizer for WooCommerce & WP

EmailKit – Email Customizer for WooCommerce & WP

emailkit

A
96

EmailKit is a powerful WordPress and WooCommerce email customizer tool, free for everyone! It allows users to customize and design templates that show &hellip;

70K 3 CVEs
Email Templates Customizer and Designer for WordPress and WooCommerce

Email Templates Customizer and Designer for WordPress and WooCommerce

email-templates

A
99

Design and send custom emails with Email Templates plugin for WordPress and WooCommerce

20K 2 CVEs
Developer Profile

Email Customizer for WooCommerce | Drag and Drop Email Templates Builder Developer Profile

ThemeHigh

16 plugins · 579K total installs

77
trust score
Avg Security Score
97/100
Avg Patch Time
245 days
View full developer profile
Detection Fingerprints

How We Detect Email Customizer for WooCommerce | Drag and Drop Email Templates Builder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/email-customizer-for-woocommerce/assets/css/admin-style.css/wp-content/plugins/email-customizer-for-woocommerce/assets/css/frontend-style.css/wp-content/plugins/email-customizer-for-woocommerce/assets/js/admin-scripts.js/wp-content/plugins/email-customizer-for-woocommerce/assets/js/frontend-scripts.js/wp-content/plugins/email-customizer-for-woocommerce/assets/js/admin/wecmf-admin-main.js/wp-content/plugins/email-customizer-for-woocommerce/assets/js/admin/wecmf-builder-settings.js/wp-content/plugins/email-customizer-for-woocommerce/assets/js/admin/wecmf-color-picker.js/wp-content/plugins/email-customizer-for-woocommerce/assets/js/admin/wecmf-general-template.js+3 more
Script Paths
/wp-content/plugins/email-customizer-for-woocommerce/assets/js/admin-scripts.js/wp-content/plugins/email-customizer-for-woocommerce/assets/js/frontend-scripts.js/wp-content/plugins/email-customizer-for-woocommerce/assets/js/admin/wecmf-admin-main.js/wp-content/plugins/email-customizer-for-woocommerce/assets/js/admin/wecmf-builder-settings.js/wp-content/plugins/email-customizer-for-woocommerce/assets/js/admin/wecmf-color-picker.js/wp-content/plugins/email-customizer-for-woocommerce/assets/js/admin/wecmf-general-template.js+3 more
Version Parameters
email-customizer-for-woocommerce/assets/css/admin-style.css?ver=email-customizer-for-woocommerce/assets/css/frontend-style.css?ver=email-customizer-for-woocommerce/assets/js/admin-scripts.js?ver=email-customizer-for-woocommerce/assets/js/frontend-scripts.js?ver=email-customizer-for-woocommerce/assets/js/admin/wecmf-admin-main.js?ver=email-customizer-for-woocommerce/assets/js/admin/wecmf-builder-settings.js?ver=email-customizer-for-woocommerce/assets/js/admin/wecmf-color-picker.js?ver=email-customizer-for-woocommerce/assets/js/admin/wecmf-general-template.js?ver=email-customizer-for-woocommerce/assets/js/admin/wecmf-template-settings.js?ver=email-customizer-for-woocommerce/assets/js/frontend/wecmf-frontend.js?ver=email-customizer-for-woocommerce/assets/js/frontend/wecmf-frontend-builder.js?ver=

HTML / DOM Fingerprints

CSS Classes
th-wecmf-admin-noticeth-wecmf-email-customizer-previewth-wecmf-main-wrapperth-wecmf-builder-fieldth-wecmf-admin-menuth-wecmf-template-settings-wrapth-wecmf-general-template-wrapth-wecmf-email-mapping-wrap+1 more
HTML Comments
<!-- Added wp_kses because of security --><!-- Review Request Link --><!-- Deactivation Form -->
Data Attributes
data-th-wecmf-field-typedata-th-wecmf-setting-iddata-th-wecmf-template-id
JS Globals
WECMF_UtilsWECMF_BuilderSettingsWECMF_GeneralTemplateWECMF_TemplateSettingsthwecmf_admin_scriptsthwecmf_frontend_scripts
REST Endpoints
/wp-json/thwecmf/v1/save_template/wp-json/thwecmf/v1/get_template/wp-json/thwecmf/v1/delete_template
FAQ

Frequently Asked Questions about Email Customizer for WooCommerce | Drag and Drop Email Templates Builder