WP-Safety

Email Reminders Security & Risk Analysis

wordpress.org/plugins/email-reminders

Sending friendly email reminders or follow-up emails based on custom rules.

200 active installs v2.0.7 PHP 5.6+ WP 4.0+ Updated Dec 3, 2025
email-remindersemailsfollow-upfollow-up-emailsreminders
99
A · Safe
CVEs total2
Unpatched0
Last CVEJan 3, 2025
Plugin page Download
Safety Verdict

Is Email Reminders Safe to Use in 2026?

Generally Safe

Score 99/100

Email Reminders has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

2 known CVEsLast CVE: Jan 3, 2025Updated 5mo ago
Risk Assessment

The "email-reminders" plugin version 2.0.7 exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices by utilizing prepared statements for 95% of its SQL queries and incorporates a significant number of nonce and capability checks (29 and 3 respectively), suggesting an effort to protect against common WordPress threats. The absence of external HTTP requests also reduces its attack surface in that regard.

However, several concerning signals emerge from the static analysis. The presence of the `unserialize()` function, without explicit mention of input sanitization prior to its use, is a critical risk. This function is notoriously dangerous as it can lead to Remote Code Execution (RCE) if used with untrusted input. Furthermore, the taint analysis reveals 4 flows with unsanitized paths, though thankfully none are categorized as critical or high severity. The output escaping is also a concern, with only 51% of outputs being properly escaped, indicating a significant risk of Cross-Site Scripting (XSS) vulnerabilities.

The vulnerability history shows 2 known medium severity CVEs, both of which are reported as patched. The common vulnerability type being Cross-site Scripting aligns with the findings of insufficient output escaping. While there are no currently unpatched vulnerabilities, the existence of past XSS issues reinforces the need for robust output sanitization. In conclusion, the plugin has some strong security foundations but requires immediate attention regarding the `unserialize()` usage and improvement in output escaping to mitigate significant risks.

Key Concerns

  • Unsanitized paths in taint analysis
  • Low percentage of properly escaped output
  • Presence of 'unserialize' function
  • Past medium severity CVEs (XSS)
Vulnerabilities
2 published

Email Reminders Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2024-56292medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Email Reminders <= 2.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting

Jan 3, 2025 Patched in 2.0.6 (6d)
CVE-2024-11945medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Email Reminders <= 2.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter

Dec 9, 2024 Patched in 2.0.5 (1d)
Version History

Email Reminders Release Timeline

v2.0.7Current
v2.0.6
v2.0.51 CVE
CVE-2024-56292
v2.0.42 CVEs
CVE-2024-11945 CVE-2024-56292
v2.0.32 CVEs
CVE-2024-11945 CVE-2024-56292
v2.0.22 CVEs
CVE-2024-11945 CVE-2024-56292
v2.0.12 CVEs
CVE-2024-11945 CVE-2024-56292
v2.02 CVEs
CVE-2024-11945 CVE-2024-56292
v1.0.32 CVEs
CVE-2024-11945 CVE-2024-56292
v1.0.22 CVEs
CVE-2024-11945 CVE-2024-56292
v1.0.12 CVEs
CVE-2024-11945 CVE-2024-56292
v1.02 CVEs
CVE-2024-11945 CVE-2024-56292
Code Analysis
Analyzed Mar 17, 2026

Email Reminders Code Analysis

Dangerous Functions
1
Raw SQL Queries
4
72 prepared
Unescaped Output
447
460 escaped
Nonce Checks
29
Capability Checks
3
File Operations
6
External Requests
0
Bundled Libraries
1

Dangerous Functions Found

unserializereturn unserialize( strtolower( serialize( $array ) ) );core\functions.php:459

Bundled Libraries

jQuery

SQL Query Safety

95% prepared76 total queries

Output Escaping

51% escaped907 total outputs
Data Flows · Security
4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths
oper_ce__post__add_custom_email (includes\page-emails\addon-multi-emails.php:346)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Email Reminders Attack Surface

Entry Points3
Unprotected0

Shortcodes 3

[email-reminders-send] includes\page-reminders\reminders_shortcodes.php:108
[email-reminders-rule-js] includes\page-rules\rules_shortcodes.php:82
[email-reminders-rule] includes\page-rules\rules_shortcodes.php:139
WordPress Hooks 123
filterupgrader_post_installcore\class-activation.php:47
filterplugin_action_linkscore\class-activation.php:50
filterplugin_row_metacore\class-activation.php:52
actionplugins_loadedcore\class-activation.php:186
actionadmin_menucore\class-admin-menu.php:70
actionadmin_menucore\class-admin-menu.php:72
actionoper_define_nav_tabscore\class-admin-page-structure.php:38
actionoper_page_structure_showcore\class-admin-page-structure.php:40
actionoper_after_settings_contentcore\class-admin-settings-api.php:101
actionadmin_enqueue_scriptscore\class-css-js.php:20
actionwp_enqueue_scriptscore\class-css-js.php:21
actionoper_load_js_on_admin_pagecore\class-css-js.php:23
actionoper_load_css_on_admin_pagecore\class-css-js.php:24
actionoper_enqueue_js_filescore\class-dismiss.php:61
actionoper_enqueue_css_filescore\class-dismiss.php:62
actionoper_hook_oper_page_headercore\class-notices.php:22
actionoper_settings_after_headercore\class-notices.php:23
actionplugins_loadedcore\core.php:106
actioninitcore\core.php:114
action_admin_menucore\core.php:138
actionadmin_footercore\core.php:139
actionwp_enqueue_scriptscore\core.php:142
actionwp_enqueue_scriptscore\core.php:143
actionwp_footercore\core.php:144
actionadmin_noticescore\core.php:376
actionoper_enqueue_css_filescore\flex-ui\admin-flex-ui.php:28
actionadmin_bar_menucore\functions.php:938
filterload_textdomain_mofilecore\translation.php:197
filterplugin_localecore\translation.php:248
actionoper_menu_createdincludes\admin\page-fast-exmpl-tpl-usage.php:299
actionoper_hook_settings_page_footerincludes\admin\page-fast-exmpl-tpl-usage.php:344
filterlocaleincludes\ajax.php:73
actionadmin_initincludes\ajax.php:146
actionoper_enqueue_js_filesincludes\codemirror\class-codemirror.php:36
actionoper_enqueue_css_filesincludes\codemirror\class-codemirror.php:37
actionopera_cron_settings_savedincludes\cron\includes\opera-cron-reminders.php:42
filtercron_schedulesincludes\cron\includes\opera-cron-reminders.php:64
actionopera_cron_hook__reminders_sendincludes\cron\includes\opera-cron-reminders.php:90
filteropera_get_reminders_fit_to_send_timeincludes\cron\includes\opera-cron-reminders.php:156
filtercron_schedulesincludes\cron\includes\opera-cron-rules.php:158
actionopera_reschedule_cron__after_rule_saveincludes\cron\includes\opera-cron-rules.php:220
actionopera_remove_cron_ruleincludes\cron\includes\opera-cron-rules.php:233
actionopera_cron_hook__rule_runincludes\cron\includes\opera-cron-rules.php:315
actionopera_cron_hook__rule_resetincludes\cron\includes\opera-cron-rules.php:342
actionopera_js_load_files_rulesincludes\cron\includes\opera-functions.php:216
actionopera_enqueue_css_files_rulesincludes\cron\includes\opera-functions.php:225
actionplugins_loadedincludes\cron\includes\opera-functions.php:247
actionopera_show_cron_times_in_reminders_listing_templateincludes\cron\includes\opera-view-reminders.php:128
actionoper_reminders_listing_container_startincludes\cron\includes\opera-view-reminders.php:215
actionoper_hook_settings_page_footerincludes\cron\includes\opera-view-reminders.php:256
actionopera_show_cron_labels_in_rules_listingincludes\cron\includes\opera-view-rules.php:44
actionopera_show_cron_data_in_rules_listingincludes\cron\includes\opera-view-rules.php:112
filteropera_add_cron_times_to_rules_arrincludes\cron\includes\opera-view-rules.php:231
actionopera_show_cron_data_in_rules_editingincludes\cron\includes\opera-view-rules.php:539
filteropera_escape_cron_parameters_for_rules_editincludes\cron\includes\opera-view-rules.php:654
actionoper_menu_createdincludes\cron\includes\page-settings-cron.php:223
actioninitincludes\cron\opera-cron.php:42
actionoper_enqueue_js_filesincludes\csv-parser\csv_css_js.php:11
actionoper_enqueue_css_filesincludes\csv-parser\csv_css_js.php:12
filterphpmailer_initincludes\emails-api\api-emails.php:39
actionwp_mail_failedincludes\emails-api\api-emails.php:41
actionoper_enqueue_js_filesincludes\help-wizard\help-wizard.php:31
actionoper_enqueue_css_filesincludes\help-wizard\help-wizard.php:32
actionoper_hook_settings_page_footerincludes\help-wizard\help-wizard.php:34
actionoper_settings_after_headerincludes\help-wizard\help-wizard.php:35
actionoper_enqueue_js_filesincludes\listing_class\listing_class.php:22
actionoper_enqueue_css_filesincludes\listing_class\listing_class.php:23
filteroper_is_load_script_on_this_pageincludes\load-js.php:303
actionoper_menu_createdincludes\page-contact-form\page-contact-form.php:280
actionoper_enqueue_js_filesincludes\page-contact-form\page-contact-form.php:312
actionoper_enqueue_css_filesincludes\page-contact-form\page-contact-form.php:330
actionoper_enqueue_js_filesincludes\page-contacts\contacts_listing.php:37
actionoper_enqueue_css_filesincludes\page-contacts\contacts_listing.php:38
actionoper_hook_settings_page_footerincludes\page-contacts\contacts_listing.php:40
filteroper_search_contact_by_keywordincludes\page-contacts\contacts_listing.php:891
actionoper_enqueue_js_filesincludes\page-contacts\contacts_modify.php:27
actionoper_enqueue_css_filesincludes\page-contacts\contacts_modify.php:28
actionoper_menu_createdincludes\page-contacts\page-contacts.php:402
actionoper_menu_createdincludes\page-contacts-tabs\page-add-contact.php:334
actionoper_menu_createdincludes\page-contacts-tabs\page-csv.php:679
actionoper_settings_page_updateincludes\page-emails\addon-multi-emails.php:402
actionoper_hook_settings_page_footerincludes\page-emails\addon-multi-emails.php:476
actionoper_flex_toolbar_startincludes\page-emails\addon-multi-emails.php:606
actionoper_flex_toolbar_startincludes\page-emails\addon-multi-emails.php:676
actionoper_hook_settings_page_footerincludes\page-emails\addon-multi-emails.php:776
filteroper_email_api_is_allow_send_copyincludes\page-emails\addon-multi-emails.php:850
filteroper_send_email_to_user_notification_filterincludes\page-emails\addon-multi-emails.php:885
filteroper_email_api_get_subject_afterincludes\page-emails\addon-multi-emails.php:915
actionoper_menu_createdincludes\page-emails\page-emails.php:1024
actionoper_enqueue_js_filesincludes\page-emails\page-emails.php:1049
actionoper_enqueue_css_filesincludes\page-emails\page-emails.php:1067
filteroper_email_api_is_allow_send_copyincludes\page-emails\page-emails.php:1106
actionoper_menu_createdincludes\page-reminders\page-reminders.php:364
actionoper_enqueue_js_filesincludes\page-reminders\reminders_listing.php:30
actionoper_enqueue_css_filesincludes\page-reminders\reminders_listing.php:31
actionoper_hook_settings_page_footerincludes\page-reminders\reminders_listing.php:33
actionoper_enqueue_js_filesincludes\page-reminders\reminders_modify.php:28
actionoper_enqueue_css_filesincludes\page-reminders\reminders_modify.php:29
actionoper_enqueue_js_filesincludes\page-reminders\reminders_send.php:30
actionoper_enqueue_css_filesincludes\page-reminders\reminders_send.php:31
actionwp_enqueue_scriptsincludes\page-reminders\reminders_shortcodes.php:31
actionwp_enqueue_scriptsincludes\page-reminders\reminders_shortcodes.php:32
actionoper_menu_createdincludes\page-rules\page-rules.php:356
actionoper_enqueue_js_filesincludes\page-rules\rules_listing.php:30
actionoper_enqueue_css_filesincludes\page-rules\rules_listing.php:31
actionoper_hook_settings_page_footerincludes\page-rules\rules_listing.php:33
actionoper_enqueue_js_filesincludes\page-rules\rules_modify.php:28
actionoper_enqueue_css_filesincludes\page-rules\rules_modify.php:29
actionoper_hook_settings_page_footerincludes\page-rules\rules_modify.php:31
actionoper_enqueue_js_filesincludes\page-rules\rules_run.php:33
actionoper_enqueue_css_filesincludes\page-rules\rules_run.php:34
actionwp_enqueue_scriptsincludes\page-rules\rules_shortcodes.php:30
actionwp_enqueue_scriptsincludes\page-rules\rules_shortcodes.php:31
actionoper_after_settings_contentincludes\page-settings\api-settings.php:37
filteroper_settings_validate_fields_before_savingincludes\page-settings\api-settings.php:759
actionoper_menu_createdincludes\page-settings\page-settings.php:313
actionoper_enqueue_js_filesincludes\pagination\pagination.php:84
actionoper_enqueue_css_filesincludes\pagination\pagination.php:85
actionoper_hook_settings_page_footerincludes\pagination\pagination.php:130
actionadmin_footerincludes\upload\upload.php:56
actionoper_menu_createdincludes\wpbc\page-wpbc-import.php:638
actionwpdev_new_bookingincludes\wpbc\page-wpbc-import.php:1607
actionwpbc_track_new_bookingincludes\wpbc\page-wpbc-import.php:1642
Maintenance & Trust

Email Reminders Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 3, 2025
PHP min version5.6
Downloads8K

Community Trust

Rating70/100
Number of ratings2
Active installs200
Alternatives

Email Reminders Alternatives

FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce

FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce

wp-marketing-automations

B
82

Recover lost revenue with Cart Abandonment Recovery for WooCommerce. Increase retention with Post Purchase Follow-Up Emails.

20K 12 CVEs
ShopMagic – email automation

ShopMagic – email automation

shopmagic-for-woocommerce

A
96

Flexible email automation and workflows triggered by customer and site events.

10K 2 CVEs
Follow Up Emails

Follow Up Emails

follow-up-emails

A
92

Automate personalized follow-up emails for your WooCommerce store based on customer actions and product details.

40 No CVEs
MailPoet – Newsletters, Email Marketing, and Automation

MailPoet – Newsletters, Email Marketing, and Automation

mailpoet

A
98

Send beautiful newsletters from WordPress. Collect subscribers with signup forms, automate your emails for WooCommerce, blog post notifications & more

500K 3 CVEs
YayMail – WooCommerce Email Customizer

YayMail – WooCommerce Email Customizer

yaymail

A
92

Customize WooCommerce email templates with an advanced drag-and-drop email builder. Works great with 80+ WooCommerce Email Customizer Addons.

50K 7 CVEs
Developer Profile

Email Reminders Developer Profile

wpdevelop

25 plugins · 59K total installs

73
trust score
Avg Security Score
91/100
Avg Patch Time
427 days
View full developer profile
Detection Fingerprints

How We Detect Email Reminders

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/email-reminders/css/main.css/wp-content/plugins/email-reminders/js/main.js/wp-content/plugins/email-reminders/js/datepicker.js/wp-content/plugins/email-reminders/js/admin-scripts.js/wp-content/plugins/email-reminders/css/admin-scripts.css
Version Parameters
email-reminders/css/main.css?ver=email-reminders/js/main.js?ver=email-reminders/js/datepicker.js?ver=email-reminders/js/admin-scripts.js?ver=email-reminders/css/admin-scripts.css?ver=

HTML / DOM Fingerprints

CSS Classes
email_reminders_settings_page
HTML Comments
email-reminders
Data Attributes
data-email-reminders-id
JS Globals
oper_settings
FAQ

Frequently Asked Questions about Email Reminders