WP-Safety

Visual Email Designer for WooCommerce Security & Risk Analysis

wordpress.org/plugins/email-customizer-woocommerce

Visually create powerful email design and templates for your WooCommerce customers.

30 active installs v1.7.2 PHP 5.2.4+ WP 5.0+ Updated Nov 21, 2022
email-customizeremail-designemail-templatesorder-emailswoocommerce-mails
84
B · Generally Safe
CVEs total1
Unpatched0
Last CVEDec 9, 2022
Plugin page Download
Safety Verdict

Is Visual Email Designer for WooCommerce Safe to Use in 2026?

Mostly Safe

Score 84/100

Visual Email Designer for WooCommerce is generally safe to use though it hasn't been updated recently. 1 past CVE were resolved.

1 known CVELast CVE: Dec 9, 2022Updated 3yr ago
Risk Assessment

The email-customizer-woocommerce plugin v1.7.2 exhibits a generally good security posture with strong reliance on prepared statements for SQL queries and a high percentage of properly escaped outputs. The absence of direct file operations and external HTTP requests further contributes to its security. However, the presence of 55 AJAX handlers, while all appearing to have some form of authentication check, represents a substantial attack surface that warrants careful monitoring. The taint analysis reveals two high-severity flows with unsanitized paths, indicating potential vulnerabilities where user-supplied data might not be adequately validated before being used in a sensitive operation. The historical data shows one high-severity CVE related to SQL injection, which, although currently patched, suggests a past weakness in handling SQL commands. While the current version appears to have addressed this specific past vulnerability, the taint analysis findings necessitate a cautious approach.

In conclusion, the plugin demonstrates good security practices in core areas like SQL handling and output escaping. The main areas of concern are the large AJAX attack surface and the identified high-severity taint flows. The past SQL injection vulnerability, though fixed, highlights the importance of continuous vigilance. While the current version appears stable in terms of known vulnerabilities, the taint analysis warrants further investigation and potential remediation to ensure all input is rigorously sanitized.

Key Concerns

  • Two high severity unsanitized paths found in taint analysis
  • Large attack surface with 55 AJAX handlers
  • One past high severity SQL injection vulnerability
Vulnerabilities
1 published

Visual Email Designer for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2022
2022
Patched Has unpatched

Severity Breakdown

High
1

1 total CVE

CVE-2022-3860high · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Visual Email Designer for WooCommerce <= 1.7.1 - Authenticated (Author+) SQL Injection

Dec 9, 2022 Patched in 1.7.2 (410d)
Version History

Visual Email Designer for WooCommerce Release Timeline

v1.7.2Current
v1.7.11 CVE
CVE-2022-3860
v1.71 CVE
CVE-2022-3860
v1.6.21 CVE
CVE-2022-3860
v1.6.11 CVE
CVE-2022-3860
v1.61 CVE
CVE-2022-3860
v1.5.41 CVE
CVE-2022-3860
v1.5.31 CVE
CVE-2022-3860
v1.5.21 CVE
CVE-2022-3860
v1.5.11 CVE
CVE-2022-3860
v1.51 CVE
CVE-2022-3860
v1.4.11 CVE
CVE-2022-3860
v1.41 CVE
CVE-2022-3860
v1.31 CVE
CVE-2022-3860
v1.21 CVE
CVE-2022-3860
v1.11 CVE
CVE-2022-3860
v1.01 CVE
CVE-2022-3860
Code Analysis
Analyzed Apr 16, 2026

Visual Email Designer for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
308 prepared
Unescaped Output
44
980 escaped
Nonce Checks
56
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

100% prepared308 total queries

Output Escaping

96% escaped1024 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

22 flows2 with unsanitized paths
<swcm-homepage> (includes/swcm-homepage.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Visual Email Designer for WooCommerce Attack Surface

Entry Points55
Unprotected0

AJAX Handlers 55

authwp_ajax_sm_template_backcolosm-ajax.php:41
authwp_ajax_swcm_save_backcolosm-ajax.php:45
authwp_ajax_swcm_save_textblocksm-ajax.php:49
authwp_ajax_swcm_disclaimer_permanent_functionsm-ajax.php:53
authwp_ajax_swcm_save_disclaimersm-ajax.php:57
authwp_ajax_swcm_save_maintext_onchangesm-ajax.php:61
authwp_ajax_swcm_save_sociourlssm-ajax.php:65
authwp_ajax_swcm_save_hrblocksm-ajax.php:69
authwp_ajax_swcm_save_headerdetsm-ajax.php:73
authwp_ajax_swcm_save_title_detailssm-ajax.php:77
authwp_ajax_swcm_save_buttonblocksm-ajax.php:81
authwp_ajax_swcm_show_dragsm-ajax.php:85
authwp_ajax_swcm_save_videoblocksm-ajax.php:89
authwp_ajax_swcm_save_imageblocksm-ajax.php:93
authwp_ajax_swcm_imagetext_permanent_functionsm-ajax.php:97
authwp_ajax_swcm_multiimage_permanent_functionsm-ajax.php:101
authwp_ajax_swcm_maintext_permanent_functionsm-ajax.php:105
authwp_ajax_swcm_save_multiimageblocksm-ajax.php:109
authwp_ajax_swcm_save_mainsubjectsm-ajax.php:113
authwp_ajax_swcm_save_updatetable_updatesm-ajax.php:117
authwp_ajax_swcm_save_updatetablepresm-ajax.php:121
authwp_ajax_swcm_save_footersm-ajax.php:125
authwp_ajax_swcm_save_active_templatesm-ajax.php:129
authwp_ajax_swcm_textarea_permanent_functionsm-ajax.php:133
authwp_ajax_swcm_textarea_functionsm-ajax.php:137
authwp_ajax_swcm_footer_functionsm-ajax.php:141
authwp_ajax_swcm_maintext_functionsm-ajax.php:145
authwp_ajax_swcm_hr_permanent_functionsm-ajax.php:149
authwp_ajax_swcm_hr_functionsm-ajax.php:153
authwp_ajax_swcm_button_permanent_functionsm-ajax.php:157
authwp_ajax_swcm_button_functionsm-ajax.php:161
authwp_ajax_swcm_video_functionsm-ajax.php:165
authwp_ajax_swcm_disclaimer_functionsm-ajax.php:169
authwp_ajax_swcm_title_permanent_functionsm-ajax.php:173
authwp_ajax_swcm_title_functionsm-ajax.php:177
authwp_ajax_swcm_image_functionsm-ajax.php:181
authwp_ajax_swcm_multi_image_functionsm-ajax.php:185
authwp_ajax_swcm_social_permanent_functionsm-ajax.php:189
authwp_ajax_swcm_social_functionsm-ajax.php:193
authwp_ajax_swcm_header_permanent_functionsm-ajax.php:197
authwp_ajax_swcm_image_permanent_functionsm-ajax.php:201
authwp_ajax_swcm_video_permanent_functionsm-ajax.php:205
authwp_ajax_swcm_footer_permanent_functionsm-ajax.php:209
authwp_ajax_swcm_header_functionsm-ajax.php:213
authwp_ajax_swcm_customer_permanent_functionsm-ajax.php:217
authwp_ajax_swcm_customer_functionsm-ajax.php:221
authwp_ajax_swcm_order_permanent_functionsm-ajax.php:225
authwp_ajax_swcm_order_functionsm-ajax.php:229
authwp_ajax_swcm_delete_widgetsm-ajax.php:233
authwp_ajax_swcm_clone_widgetsm-ajax.php:237
authwp_ajax_swcm_check_plugin_activesm-ajax.php:241
authwp_ajax_swcm_save_bgimage_dimensionssm-ajax.php:245
authwp_ajax_swcm_sort_templatesm-ajax.php:249
authwp_ajax_swcm_save_smtp_settingssm-ajax.php:253
authwp_ajax_swcm_newsletter_sendmailsm-ajax.php:257
WordPress Hooks 27
actionadmin_menuemail-customizer-woocommerce.php:64
actionadmin_initemail-customizer-woocommerce.php:132
actionadmin_initemail-customizer-woocommerce.php:141
actionwoocommerce_emailemail-customizer-woocommerce.php:170
filterwoocommerce_email_classesemail-customizer-woocommerce.php:180
actionplugins_loadedemail-customizer-woocommerce.php:182
actionadmin_initemail-customizer-woocommerce.php:206
actionwoocommerce_order_action_product_deliveredemail-customizer-woocommerce.php:209
filterwc_order_statusesemail-customizer-woocommerce.php:234
filterwoocommerce_locate_templateemail-customizer-woocommerce.php:241
actionwoocommerce_order_status_product_deliveredincludes/class-wc-product-delivered-email.php:37
actionwoocommerce_order_status_product_deliveredincludes/class-wc-product-delivered-email.php:41
filtersafe_style_csssm-ajax.php:261
actioninitsm-helper.php:17
actionwoocommerce_order_status_changedsm-helper.php:21
actioncomment_postsm-helper.php:25
actionpassword_resetsm-helper.php:29
filterretrieve_password_messagesm-helper.php:33
filtersend_password_change_emailsm-helper.php:37
actionwpcf7_mail_sentsm-helper.php:42
filterwpcf7_skip_mailsm-helper.php:46
actionwpforms_process_completesm-helper.php:50
filterwpforms_email_messagesm-helper.php:54
filterwoocommerce_new_customer_note_notificationsm-helper.php:58
actionuser_registersm-helper.php:80
filterwp_mail_content_typesm-helper.php:809
filterwoocommerce_email_subject_customer_notesm-helper.php:1597
Maintenance & Trust

Visual Email Designer for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.1.10
Last updatedNov 21, 2022
PHP min version5.2.4
Downloads26K

Community Trust

Rating46/100
Number of ratings9
Active installs30
Alternatives

Visual Email Designer for WooCommerce Alternatives

Email Design Studio

Email Design Studio

email-design-studio

A
85

create and customize powerful email design and templates for your customers.

0 No CVEs
Email Templates Customizer and Designer for WordPress and WooCommerce

Email Templates Customizer and Designer for WordPress and WooCommerce

email-templates

A
99

Design and send custom emails with Email Templates plugin for WordPress and WooCommerce

20K 2 CVEs
Advanced Emailing for WooCommerce

Advanced Emailing for WooCommerce

advanced-emailing-for-woocommerce

A
100

Customize your WooCommerce emails or create new one that are sent when a condition is met.

10 No CVEs
YayMail – WooCommerce Email Customizer

YayMail – WooCommerce Email Customizer

yaymail

A
92

Customize WooCommerce email templates with an advanced drag-and-drop email builder. Works great with 80+ WooCommerce Email Customizer Addons.

50K 7 CVEs
Email Customizer for WooCommerce | Drag and Drop Email Templates Builder

Email Customizer for WooCommerce | Drag and Drop Email Templates Builder

email-customizer-for-woocommerce

A
98

WooCommerce Email Customizer plugin lets you customize transactional emails using a template builder, adding text, images & more to match your brand

10K 2 CVEs
Developer Profile

Visual Email Designer for WooCommerce Developer Profile

Smackcoders Inc.,

23 plugins · 40K total installs

71
trust score
Avg Security Score
88/100
Avg Patch Time
946 days
View full developer profile
Detection Fingerprints

How We Detect Visual Email Designer for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/email-customizer-woocommerce/assets/css/bootstrap.css/wp-content/plugins/email-customizer-woocommerce/assets/css/font-awesome-all.css/wp-content/plugins/email-customizer-woocommerce/assets/css/SWCM_mainstyle.css/wp-content/plugins/email-customizer-woocommerce/assets/css/em-mainstyle.css/wp-content/plugins/email-customizer-woocommerce/assets/css/select2.min.css/wp-content/plugins/email-customizer-woocommerce/assets/js/select2.min.js/wp-content/plugins/email-customizer-woocommerce/assets/js/em-customizer-custom.js/wp-content/plugins/email-customizer-woocommerce/assets/js/bootstrap.min.js+4 more

HTML / DOM Fingerprints

CSS Classes
smackWCM_bootstrapsmackWCM_font-awesome-swcmsmackWCM_main_styleem-mainstyleselect2-containerem-customizer-custom-jssmackWCM_bootstrap.minsmackWCM_jscolor+3 more
HTML Comments
<!--smack-woocommerce-custom-mail-->
Data Attributes
data-noncedata-url
JS Globals
custom_mail_ajax_object
FAQ

Frequently Asked Questions about Visual Email Designer for WooCommerce