WP-Safety

Email Customizer for WooCommerce – Spark Editor Security & Risk Analysis

wordpress.org/plugins/email-editor-plus

Best WooCommerce email customizer plugin to create professional, branded email templates with intuitive drag-and-drop email editor.

200 active installs v1.1.1 PHP 7.4+ WP 6.0+ Updated Dec 11, 2025
designemail-customizeremail-templateswoocommercewoocommerce-emails
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Email Customizer for WooCommerce – Spark Editor Safe to Use in 2026?

Generally Safe

Score 100/100

Email Customizer for WooCommerce – Spark Editor has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago
Risk Assessment

The plugin "email-editor-plus" v1.1.1 presents a significant security risk primarily due to its unprotected attack surface. With 23 AJAX handlers identified and none of them having authentication checks, any unauthenticated user could potentially trigger these handlers, leading to unpredictable behavior or exploitation. While the plugin demonstrates good practices in other areas, such as using prepared statements for SQL queries and ensuring all output is properly escaped, the lack of security on its primary entry points is a major concern. The absence of any recorded vulnerability history is positive, suggesting that in the past, no publicly known vulnerabilities have been associated with this plugin. However, this does not mitigate the immediate risks identified in the static analysis, particularly the extensive unprotected AJAX endpoints.

Key Concerns

  • 23 AJAX handlers without auth checks
  • Large attack surface without auth checks
  • Only 1 nonce check for 23 AJAX handlers
  • Only 1 capability check for 23 AJAX handlers
Vulnerabilities
None known

Email Customizer for WooCommerce – Spark Editor Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Email Customizer for WooCommerce – Spark Editor Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
16 prepared
Unescaped Output
0
184 escaped
Nonce Checks
1
Capability Checks
1
File Operations
0
External Requests
2
Bundled Libraries
0

SQL Query Safety

89% prepared18 total queries

Output Escaping

100% escaped184 total outputs
Attack Surface
23 unprotected

Email Customizer for WooCommerce – Spark Editor Attack Surface

Entry Points23
Unprotected23

AJAX Handlers 23

authwp_ajax_edpw_local_dataCore\Router.php:49
authwp_ajax_edpw_get_labelsCore\Router.php:50
authwp_ajax_edpw_get_templatesCore\Router.php:52
authwp_ajax_edpw_get_templateCore\Router.php:53
authwp_ajax_edpw_new_templatesCore\Router.php:54
authwp_ajax_edpw_save_chosen_templateCore\Router.php:55
authwp_ajax_edpw_save_templateCore\Router.php:56
authwp_ajax_edpw_copy_templateCore\Router.php:57
authwp_ajax_edpw_toggle_templateCore\Router.php:58
authwp_ajax_edpw_delete_templateCore\Router.php:59
authwp_ajax_edpw_export_templateCore\Router.php:60
authwp_ajax_edpw_get_template_optionsCore\Router.php:61
authwp_ajax_edpw_get_image_listCore\Router.php:62
authwp_ajax_edpw_get_preview_dataCore\Router.php:67
authwp_ajax_edpw_get_template_previewCore\Router.php:68
authwp_ajax_edpw_send_test_emailCore\Router.php:69
authwp_ajax_edpw_get_shortcode_dataCore\Router.php:70
authwp_ajax_edpw_get_settingsCore\Router.php:72
authwp_ajax_edpw_save_settingsCore\Router.php:73
authwp_ajax_edpw_get_active_addon_listCore\Router.php:76
authwp_ajax_edpw_get_available_addon_listCore\Router.php:77
authwp_ajax_edpw_perform_addon_actionCore\Router.php:78
authwp_ajax_edpw_recommendation_listCore\Router.php:80
WordPress Hooks 23
filterwp_allow_query_attachment_by_filenameCore\Controllers\Admin\EmailTemplates.php:677
actionadmin_noticesCore\Helpers\WC.php:90
filterwp_kses_allowed_htmlCore\Router.php:22
filtersafe_style_cssCore\Router.php:29
actionadmin_menuCore\Router.php:35
actionadmin_footerCore\Router.php:36
actionadmin_enqueue_scriptsCore\Router.php:40
filterwoocommerce_email_setting_columnsCore\Router.php:45
actionwoocommerce_email_setting_column_spark_email_editorCore\Router.php:46
actionplugins_loadedCore\Router.php:83
filterwc_get_templateCore\Router.php:85
filterwoocommerce_mail_contentCore\Router.php:86
filterwp_new_user_notification_emailCore\Router.php:89
filterretrieve_password_notification_emailCore\Router.php:90
filterpassword_change_emailCore\Router.php:95
filteremail_change_emailCore\Router.php:96
filteredpw_is_customize_plugin_activeCore\Router.php:98
filterplugin_row_metaCore\Setup.php:20
actionwpmu_new_blogCore\Setup.php:25
filterwpmu_drop_tablesCore\Setup.php:26
actionplugins_loadedCore\Setup.php:27
actionupgrader_process_completeCore\Setup.php:28
actionbefore_woocommerce_initemail-editor-plus.php:26
Maintenance & Trust

Email Customizer for WooCommerce – Spark Editor Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedDec 11, 2025
PHP min version7.4
Downloads4K

Community Trust

Rating100/100
Number of ratings8
Active installs200
Alternatives

Email Customizer for WooCommerce – Spark Editor Alternatives

Advanced Emailing for WooCommerce

Advanced Emailing for WooCommerce

advanced-emailing-for-woocommerce

A
100

Customize your WooCommerce emails or create new one that are sent when a condition is met.

20 No CVEs
YayMail – WooCommerce Email Customizer

YayMail – WooCommerce Email Customizer

yaymail

A
91

Customize WooCommerce email templates with an advanced drag-and-drop email builder. Works great with 80+ WooCommerce Email Customizer Addons.

50K 4 CVEs
Email Templates Customizer and Designer for WordPress and WooCommerce

Email Templates Customizer and Designer for WordPress and WooCommerce

email-templates

A
99

Design and send custom emails with Email Templates plugin for WordPress and WooCommerce

20K 2 CVEs
Email Customizer for WooCommerce | Drag and Drop Email Templates Builder

Email Customizer for WooCommerce | Drag and Drop Email Templates Builder

email-customizer-for-woocommerce

A
98

WooCommerce Email Customizer plugin lets you customize transactional emails using a template builder, adding text, images & more to match your brand

10K 2 CVEs
Email Design Studio

Email Design Studio

email-design-studio

A
85

create and customize powerful email design and templates for your customers.

0 No CVEs
Developer Profile

Email Customizer for WooCommerce – Spark Editor Developer Profile

Team SparkEditor

1 plugin · 200 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Email Customizer for WooCommerce – Spark Editor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/email-editor-plus/Assets/Admin/Css/dist/main-edpw-style.css/wp-content/plugins/email-editor-plus/Assets/Admin/Css/font.css
Script Paths
/wp-content/plugins/email-editor-plus/Assets/Admin/Js/dist/main.bundle.js
Version Parameters
email-editor-plus/Assets/Admin/Css/dist/main-edpw-style.css?ver=email-editor-plus/Assets/Admin/Css/font.css?ver=email-editor-plus/Assets/Admin/Js/dist/main.bundle.js?ver=

HTML / DOM Fingerprints

CSS Classes
edpw-main-wrapperedpw-template-listedpw-template-itemedpw-template-editor-wrapper
Data Attributes
data-plugin-name="Spark Email Editor"data-plugin-slug="email-editor-plus"data-plugin-version="1.1.1"
JS Globals
window.edpw_react_ui
FAQ

Frequently Asked Questions about Email Customizer for WooCommerce – Spark Editor