WP-Safety

Email Template Customizer for WooCommerce Security & Risk Analysis

wordpress.org/plugins/email-template-customizer-for-woo

Make your WooCommerce emails become professional.

20K active installs v1.2.21 PHP 7.0+ WP 5.0+ Updated Feb 2, 2026
emailemail-customizeremail-templatewoocommercewoocommerce-email
98
A · Safe
CVEs total2
Unpatched0
Last CVESep 15, 2025
Plugin page Download
Safety Verdict

Is Email Template Customizer for WooCommerce Safe to Use in 2026?

Generally Safe

Score 98/100

Email Template Customizer for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Sep 15, 2025Updated 2mo ago
Risk Assessment

The plugin exhibits a generally strong security posture with excellent adherence to safe coding practices. The extensive use of prepared statements for SQL queries and a very high percentage of properly escaped output are significant strengths, minimizing the risk of SQL injection and cross-site scripting vulnerabilities arising from typical code execution.

However, a notable concern is the presence of one AJAX handler lacking authentication checks. This represents a direct entry point that could be exploited by unauthenticated users, potentially leading to unintended actions or information disclosure depending on the functionality of that specific handler. The plugin's vulnerability history, while showing no currently unpatched issues, indicates a past tendency towards medium severity cross-site scripting vulnerabilities, suggesting that improper input neutralization has been a recurring theme that required attention in previous versions.

Overall, the plugin demonstrates a good foundation for security. The low number of external HTTP requests and the use of nonce checks further bolster its defenses. The primary area for improvement lies in ensuring all AJAX endpoints are properly secured with authentication and capability checks to eliminate the identified unprotected entry point.

Key Concerns

  • Unprotected AJAX handler
  • Past medium severity XSS vulnerabilities
Vulnerabilities
2

Email Template Customizer for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-64200medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Email Template Customizer for WooCommerce <= 1.2.17 - Authenticated (Shop manager+) Stored Cross-Site Scripting

Sep 15, 2025 Patched in 1.2.18 (51d)
CVE-2024-49288medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Email Template Customizer for WooCommerce <= 1.2.9.1 - Authenticated (Shop manager+) Stored Cross-Site Scripting

Oct 15, 2024 Patched in 1.2.9.2 (35d)
Code Analysis
Analyzed Mar 16, 2026

Email Template Customizer for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
10
709 escaped
Nonce Checks
11
Capability Checks
6
File Operations
0
External Requests
2
Bundled Libraries
1

Bundled Libraries

Select2

Output Escaping

99% escaped719 total outputs
Data Flows
All sanitized

Data Flow Analysis

4 flows
pro_page (includes\init.php:686)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Email Template Customizer for WooCommerce Attack Surface

Entry Points7
Unprotected1

AJAX Handlers 7

authwp_ajax_viwec_preview_templateincludes\email-builder.php:36
authwp_ajax_viwec_send_test_emailincludes\email-builder.php:37
authwp_ajax_viwec_change_admin_bar_sttincludes\email-builder.php:38
authwp_ajax_viwec_search_couponincludes\email-builder.php:39
authwp_ajax_viwec_search_postincludes\email-builder.php:40
authwp_ajax_viwec_set_email_statusincludes\email-builder.php:41
noprivwp_ajax_viwec_set_email_statusincludes\email-builder.php:42
WordPress Hooks 82
filterwoocommerce_email_stylescompatible\email-template-customizer.php:23
actionbefore_woocommerce_initemail-template-customizer-for-woo.php:28
actionplugins_loadedemail-template-customizer-for-woo.php:62
actioninitemail-template-customizer-for-woo.php:91
filterviwec_register_replace_shortcodeincludes\compatible.php:15
filterwoocommerce_api_create_orderincludes\compatible.php:16
filterwoocommerce_api_edit_orderincludes\compatible.php:17
filterviwec_register_email_typeincludes\compatible.php:18
filterviwec_live_edit_shortcodesincludes\compatible.php:19
filterviwec_register_preview_shortcodeincludes\compatible.php:20
filtertrackship_mail_contentincludes\compatible.php:24
actioninitincludes\email-builder.php:14
actiondbx_post_sidebarincludes\email-builder.php:15
filterget_sample_permalink_htmlincludes\email-builder.php:16
filterpost_row_actionsincludes\email-builder.php:17
actionsave_post_viwec_templateincludes\email-builder.php:18
actionadmin_enqueue_scriptsincludes\email-builder.php:19
filtermanage_viwec_template_posts_columnsincludes\email-builder.php:20
actionmanage_viwec_template_posts_custom_columnincludes\email-builder.php:21
filterpost_row_actionsincludes\email-builder.php:22
actionpost_action_viwec_duplicateincludes\email-builder.php:23
actionrestrict_manage_postsincludes\email-builder.php:24
filterparse_queryincludes\email-builder.php:25
filterenter_title_hereincludes\email-builder.php:26
actionadmin_headincludes\email-builder.php:27
filterwoocommerce_email_setting_columnsincludes\email-builder.php:28
actionwoocommerce_email_setting_column_viwec-editincludes\email-builder.php:29
filterviwec_register_email_typeincludes\email-builder.php:30
actionedit_form_after_titleincludes\email-builder.php:31
actionedit_form_topincludes\email-builder.php:32
actionwp_mail_failedincludes\email-builder.php:45
actionadmin_initincludes\email-builder.php:48
filterviwec_after_render_styleincludes\email-builder.php:357
actionviwec_render_contentincludes\email-render.php:38
filtergettextincludes\email-render.php:39
actionviwec_order_item_partsincludes\email-render.php:40
filterwoocommerce_order_shipping_to_display_shipped_viaincludes\email-render.php:41
filterwoocommerce_email_stylesincludes\email-render.php:43
actionwoocommerce_email_customer_detailsincludes\email-render.php:572
actionwoocommerce_email_customer_detailsincludes\email-render.php:610
filterwoocommerce_email_order_items_argsincludes\email-render.php:991
filterwc_get_templateincludes\email-trigger.php:46
actionviwec_email_templateincludes\email-trigger.php:47
actionwoocommerce_emailincludes\email-trigger.php:48
filterwp_new_user_notification_emailincludes\email-trigger.php:49
filterretrieve_password_titleincludes\email-trigger.php:50
filterpassword_change_emailincludes\email-trigger.php:52
filteremail_change_emailincludes\email-trigger.php:53
filterretrieve_password_messageincludes\email-trigger.php:60
filterwoocommerce_email_stylesincludes\email-trigger.php:62
filterwoocommerce_email_stylesincludes\email-trigger.php:63
filterwoocommerce_order_item_thumbnailincludes\email-trigger.php:65
actionwoocommerce_order_item_meta_endincludes\email-trigger.php:66
filterwoocommerce_mail_callback_paramsincludes\email-trigger.php:68
filterwoocommerce_mail_callback_paramsincludes\email-trigger.php:69
actionwoocommerce_email_headerincludes\email-trigger.php:72
filterwoocommerce_email_get_optionincludes\email-trigger.php:73
filterwp_mailincludes\email-trigger.php:75
filterwoocommerce_email_recipient_customer_partially_refunded_orderincludes\email-trigger.php:103
filterwoocommerce_email_recipient_customer_invoice_pendingincludes\email-trigger.php:104
filterwoocommerce_email_subject_customer_invoice_paidincludes\email-trigger.php:105
filterwoocommerce_email_order_items_argsincludes\email-trigger.php:130
filterwp_mail_content_typeincludes\email-trigger.php:471
actioninitincludes\init.php:45
actionadmin_enqueue_scriptsincludes\init.php:46
actionadmin_enqueue_scriptsincludes\init.php:47
actionadmin_footerincludes\init.php:48
filteradmin_body_classincludes\init.php:49
actionadmin_menuincludes\init.php:50
actionadmin_enqueue_scriptsincludes\support\support.php:32
actionadmin_noticesincludes\support\support.php:33
actionadmin_initincludes\support\support.php:34
actionadmin_menuincludes\support\support.php:35
filterplugin_row_metaincludes\support\support.php:37
actionadmin_initincludes\support\support.php:39
actionadmin_bar_menuincludes\support\support.php:41
actionadmin_noticesincludes\support\support.php:52
actionadmin_footerincludes\support\support.php:669
actionadmin_bar_menuincludes\support\support.php:807
actionadmin_noticesincludes\support\support.php:953
actionadmin_footerincludes\support\survey.php:7
actionwoocommerce_gzd_order_confirmationplugins\woo-germanized.php:13
Maintenance & Trust

Email Template Customizer for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 2, 2026
PHP min version7.0
Downloads808K

Community Trust

Rating92/100
Number of ratings104
Active installs20K
Alternatives

Email Template Customizer for WooCommerce Alternatives

EmailKit – Email Customizer for WooCommerce & WP

EmailKit – Email Customizer for WooCommerce & WP

emailkit

A
96

EmailKit is a powerful WordPress and WooCommerce email customizer tool, free for everyone! It allows users to customize and design templates that show &hellip;

70K 3 CVEs
YayMail – WooCommerce Email Customizer

YayMail – WooCommerce Email Customizer

yaymail

A
91

Customize WooCommerce email templates with an advanced drag-and-drop email builder. Works great with 80+ WooCommerce Email Customizer Addons.

50K 4 CVEs
Email Templates Customizer and Designer for WordPress and WooCommerce

Email Templates Customizer and Designer for WordPress and WooCommerce

email-templates

A
99

Design and send custom emails with Email Templates plugin for WordPress and WooCommerce

20K 2 CVEs
Email Customizer for WooCommerce | Drag and Drop Email Templates Builder

Email Customizer for WooCommerce | Drag and Drop Email Templates Builder

email-customizer-for-woocommerce

A
98

WooCommerce Email Customizer plugin lets you customize transactional emails using a template builder, adding text, images & more to match your brand

10K 2 CVEs
Email Customizer for WooCommerce – Spark Editor

Email Customizer for WooCommerce – Spark Editor

email-editor-plus

A
100

Best WooCommerce email customizer plugin to create professional, branded email templates with intuitive drag-and-drop email editor.

200 No CVEs
Developer Profile

Email Template Customizer for WooCommerce Developer Profile

VillaTheme

58 plugins · 167K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
217 days
View full developer profile
Detection Fingerprints

How We Detect Email Template Customizer for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/email-template-customizer-for-woo/assets/css//wp-content/plugins/email-template-customizer-for-woo/assets/js//wp-content/plugins/email-template-customizer-for-woo/assets/img//wp-content/plugins/email-template-customizer-for-woo/includes/support/support.php/wp-content/plugins/email-template-customizer-for-woo/includes/init.php
Version Parameters
email-template-customizer-for-woo/style.css?ver=email-template-customizer-for-woo/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
viwec_email_template_wrapperviwec_editor_contentviwec-template-preview-wrapper
HTML Comments
<!-- Pro version is disabled --><!-- Pro version is enabled --><!-- End Pro version is enabled --><!-- End Pro version is disabled -->+1 more
Data Attributes
data-viwec-iddata-viwec-settingdata-viwec-template-id
JS Globals
viwec_preview_dataviwec_settings_globalviwec_editor_global
REST Endpoints
/wp-json/viwec/v1/preview/wp-json/viwec/v1/send-test-email/wp-json/viwec/v1/search-coupon/wp-json/viwec/v1/search-post/wp-json/viwec/v1/set-email-status
Shortcode Output
[viwec_template_preview][viwec_email_template]
FAQ

Frequently Asked Questions about Email Template Customizer for WooCommerce