WP-Safety

Customer Email Verification for WooCommerce Security & Risk Analysis

wordpress.org/plugins/emails-verification-for-woocommerce

Enhance WooCommerce security and credibility with Email Verification best plugin. Ensure genuine customer interactions, eliminate spam, and elevate em …

9K active installs v3.2.3 PHP + WP 4.4+ Updated Mar 10, 2026
emailemail-verificationverificationwoo-commercewoocommerce
95
A · Safe
CVEs total5
Unpatched0
Last CVEFeb 14, 2025
Plugin page Download
Safety Verdict

Is Customer Email Verification for WooCommerce Safe to Use in 2026?

Generally Safe

Score 95/100

Customer Email Verification for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

5 known CVEsLast CVE: Feb 14, 2025Updated 23d ago
Risk Assessment

The "emails-verification-for-woocommerce" plugin, version 3.2.3, exhibits a mixed security posture. On the positive side, the static analysis reveals strong adherence to several security best practices. All identified entry points (AJAX handlers, REST API routes, shortcodes, cron events) are protected by authorization checks, and all SQL queries utilize prepared statements, mitigating the risk of SQL injection. Furthermore, a high percentage of output is properly escaped, and there are no file operations or external HTTP requests, reducing the attack surface and potential for code execution or data leakage.

However, the analysis also highlights several areas of concern. The taint analysis indicates two flows with unsanitized paths, classified as high severity. This suggests that user-supplied input in these flows is not being adequately cleaned before being used, potentially leading to vulnerabilities like Cross-Site Scripting (XSS) or path traversal, despite the overall low count of critical and high severity taint flows being zero. The plugin's vulnerability history is also a significant red flag, with a total of five known CVEs, including four high-severity and one medium-severity. Although there are currently no unpatched vulnerabilities, the frequent occurrence of high-severity issues, particularly those related to unauthorized information exposure, improper authentication, SQL injection, and insufficient randomness, indicates a recurring pattern of security weaknesses in previous versions. This history suggests that while fixes have been implemented, the underlying architectural issues or coding practices may still be present, making it crucial for users to keep the plugin updated and remain vigilant.

In conclusion, while "emails-verification-for-woocommerce" v3.2.3 demonstrates strengths in areas like SQL query sanitization and output escaping, the presence of high-severity taint flows and a history of numerous significant vulnerabilities cannot be overlooked. Users should exercise caution and prioritize keeping the plugin updated to the latest available version to mitigate the risks associated with past security flaws. The consistent emergence of high-severity vulnerabilities in its history warrants close monitoring.

Key Concerns

  • High severity taint flows found
  • History of high severity vulnerabilities
  • History of medium severity vulnerabilities
  • Less than ideal output escaping (84%)
Vulnerabilities
5

Customer Email Verification for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2020
2020
2 CVEs in 2024
2024
2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

High
4
Medium
1

5 total CVEs

CVE-2024-13525medium · 6.5Exposure of Sensitive Information to an Unauthorized Actor

Customer Email Verification for WooCommerce <= 2.9.4 - Authenticated (Contributor+) Sensitive Information Exposure

Feb 14, 2025 Patched in 2.9.5 (1d)
CVE-2024-13528high · 7.5Improper Authentication

Customer Email Verification for WooCommerce <= 2.9.5 - Authentication Bypass via Shortcode

Feb 11, 2025 Patched in 2.9.6 (1d)
CVE-2024-49305high · 7.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Email Verification for WooCommerce <= 2.8.10 - Unauthenticated SQL Injection

Oct 15, 2024 Patched in 2.9.0 (10d)
CVE-2024-4185high · 8.1Use of Insufficiently Random Values

Customer Email Verification for WooCommerce <= 2.7.4 - Email Verification and Authentication Bypass due to Insufficient Randomness

Apr 29, 2024 Patched in 2.7.5 (1d)
WF-85bd9922-3316-4fd0-b31e-c3ca5ab8a79d-emails-verification-for-woocommercehigh · 8.8Improper Authentication

Email Verification for WooCommerce <= 1.8.1 - Authentication Bypass

Jul 14, 2020 Patched in 1.8.2 (1288d)
Code Analysis
Analyzed Mar 16, 2026

Customer Email Verification for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
20 prepared
Unescaped Output
14
76 escaped
Nonce Checks
5
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared20 total queries

Output Escaping

84% escaped90 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
alg_wc_ev_send_guest_verification_email_action (includes\class-alg-wc-ev-guest-verification.php:155)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Customer Email Verification for WooCommerce Attack Surface

Entry Points9
Unprotected0

AJAX Handlers 2

authwp_ajax_alg_wc_ev_send_guest_verification_email_actionincludes\class-alg-wc-ev-guest-verification.php:29
noprivwp_ajax_alg_wc_ev_send_guest_verification_email_actionincludes\class-alg-wc-ev-guest-verification.php:30

Shortcodes 7

[alg_wc_ev_translate] includes\class-alg-wc-ev-core.php:321
[alg_wc_ev_verification_status] includes\class-alg-wc-ev-core.php:323
[alg_wc_ev_custom_msg] includes\class-alg-wc-ev-core.php:325
[alg_wc_ev_resend_verification_url] includes\class-alg-wc-ev-core.php:327
[alg_wc_ev_new_user_info] includes\class-alg-wc-ev-core.php:329
[alg_wc_ev_resend_verification_form] includes\class-alg-wc-ev-core.php:331
[alg_wc_ev_email_content_placeholder] includes\class-alg-wc-ev-emails.php:57
WordPress Hooks 96
actioninitemail-verification-for-woocommerce.php:121
actioninitemail-verification-for-woocommerce.php:124
actionbefore_woocommerce_initemail-verification-for-woocommerce.php:127
filterwoocommerce_get_settings_pagesemail-verification-for-woocommerce.php:278
actionadmin_initemail-verification-for-woocommerce.php:281
actionplugins_loadedemail-verification-for-woocommerce.php:413
actionadmin_initemail-verification-for-woocommerce.php:427
filtermanage_users_columnsincludes\class-alg-wc-ev-admin.php:75
filtermanage_users_custom_columnincludes\class-alg-wc-ev-admin.php:76
actionadmin_enqueue_scriptsincludes\class-alg-wc-ev-admin.php:77
actionadmin_initincludes\class-alg-wc-ev-admin.php:88
filterbulk_actions-usersincludes\class-alg-wc-ev-admin.php:93
filterhandle_bulk_actions-usersincludes\class-alg-wc-ev-admin.php:94
actionadmin_noticesincludes\class-alg-wc-ev-admin.php:95
actionalg_wc_ev_core_loadedincludes\class-alg-wc-ev-admin.php:97
filteralg_wc_ev_add_woocommerce_settings_tab_validationincludes\class-alg-wc-ev-admin.php:99
actionmanage_users_extra_tablenavincludes\class-alg-wc-ev-admin.php:102
actionpre_get_usersincludes\class-alg-wc-ev-admin.php:103
actionwoocommerce_admin_field_alg_wc_ev_editorincludes\class-alg-wc-ev-admin.php:107
actionadmin_footerincludes\class-alg-wc-ev-admin.php:110
actionadmin_noticesincludes\class-alg-wc-ev-admin.php:535
actionadmin_noticesincludes\class-alg-wc-ev-admin.php:539
actionadmin_noticesincludes\class-alg-wc-ev-admin.php:543
actioninitincludes\class-alg-wc-ev-core.php:104
actionwpincludes\class-alg-wc-ev-core.php:105
actioninitincludes\class-alg-wc-ev-core.php:106
actionalg_wc_ev_user_account_activatedincludes\class-alg-wc-ev-core.php:115
actionalg_wc_ev_user_account_activatedincludes\class-alg-wc-ev-core.php:121
actionalg_wc_ev_user_account_activatedincludes\class-alg-wc-ev-core.php:124
actioninitincludes\class-alg-wc-ev-core.php:128
filterwp_redirectincludes\class-alg-wc-ev-core.php:129
actioninitincludes\class-alg-wc-ev-core.php:132
actionwp_login_failedincludes\class-alg-wc-ev-core.php:135
actionwoocommerce_account_dashboardincludes\class-alg-wc-ev-core.php:138
actionwidgets_initincludes\class-alg-wc-ev-core.php:141
actiontemplate_redirectincludes\class-alg-wc-ev-core.php:144
actioninitincludes\class-alg-wc-ev-core.php:145
actionwpincludes\class-alg-wc-ev-core.php:146
actionwpincludes\class-alg-wc-ev-core.php:147
actioninitincludes\class-alg-wc-ev-core.php:151
actionalg_wc_email_verification_after_reset_settingsincludes\class-alg-wc-ev-core.php:152
filteralg_wc_ev_is_user_verifiedincludes\class-alg-wc-ev-core.php:157
filteralg_wc_ev_bkg_process_email_paramsincludes\class-alg-wc-ev-core.php:437
actionwoocommerce_created_customer_notificationincludes\class-alg-wc-ev-emails.php:48
actionwoocommerce_created_customer_notificationincludes\class-alg-wc-ev-emails.php:49
actioninitincludes\class-alg-wc-ev-emails.php:51
actionalg_wc_ev_activation_email_content_placeholderincludes\class-alg-wc-ev-emails.php:56
actionalg_wc_ev_user_account_activatedincludes\class-alg-wc-ev-emails.php:61
actionalg_wc_ev_user_account_activatedincludes\class-alg-wc-ev-emails.php:63
actionalg_wc_ev_confirmation_email_delay_eventincludes\class-alg-wc-ev-emails.php:64
filtersend_password_change_emailincludes\class-alg-wc-ev-emails.php:567
filterwp_mail_fromincludes\class-alg-wc-ev-emails.php:595
actionwp_enqueue_scriptsincludes\class-alg-wc-ev-guest-verification.php:27
actionwp_footerincludes\class-alg-wc-ev-guest-verification.php:28
actionwoocommerce_after_checkout_validationincludes\class-alg-wc-ev-guest-verification.php:31
filterwoocommerce_checkout_create_orderincludes\class-alg-wc-ev-guest-verification.php:32
actiontemplate_redirectincludes\class-alg-wc-ev-guest-verification.php:33
actionuser_registerincludes\class-alg-wc-ev-guest-verification.php:34
filterpre_update_option_alg_wc_ev_verify_guest_emailincludes\class-alg-wc-ev-guest-verification.php:37
filtersend_auth_cookiesincludes\class-alg-wc-ev-logouts.php:38
actionset_logged_in_cookieincludes\class-alg-wc-ev-logouts.php:39
filterwoocommerce_registration_auth_new_customerincludes\class-alg-wc-ev-logouts.php:43
filterwoocommerce_registration_redirectincludes\class-alg-wc-ev-logouts.php:44
actionwp_footerincludes\class-alg-wc-ev-logouts.php:48
actioninitincludes\class-alg-wc-ev-logouts.php:49
filterwoocommerce_get_return_urlincludes\class-alg-wc-ev-logouts.php:55
actionwoocommerce_before_thankyouincludes\class-alg-wc-ev-logouts.php:57
filterwoocommerce_thankyou_order_received_textincludes\class-alg-wc-ev-logouts.php:58
actionpassword_resetincludes\class-alg-wc-ev-logouts.php:69
actionwoocommerce_customer_reset_passwordincludes\class-alg-wc-ev-logouts.php:70
actiontemplate_redirectincludes\class-alg-wc-ev-logouts.php:74
actionwp_footerincludes\class-alg-wc-ev-logouts.php:79
filteralg_wc_ev_verify_emailincludes\class-alg-wc-ev-logouts.php:83
actionalg_wc_ev_activation_link_already_usedincludes\class-alg-wc-ev-logouts.php:84
actionalg_wc_ev_verify_email_errorincludes\class-alg-wc-ev-logouts.php:155
filtersend_auth_cookiesincludes\class-alg-wc-ev-logouts.php:354
filteralg_wc_ev_verify_emailincludes\class-alg-wc-ev-non-paying-blocker.php:24
filteralg_wc_ev_block_unverified_user_login_error_messageincludes\class-alg-wc-ev-non-paying-blocker.php:25
actionalg_wc_ev_non_paying_user_blockedincludes\class-alg-wc-ev-non-paying-blocker.php:26
filteralg_wc_ev_reset_and_mail_activation_link_validationincludes\class-alg-wc-ev-non-paying-blocker.php:29
actionwoocommerce_order_status_changedincludes\class-alg-wc-ev-non-paying-blocker.php:31
actionalg_wc_ev_verify_email_errorincludes\class-alg-wc-ev-non-paying-blocker.php:43
actionalg_wc_ev_core_loadedincludes\class-alg-wc-ev-user-deletion.php:37
actionalg_wc_email_verification_after_save_settingsincludes\class-alg-wc-ev-user-deletion.php:40
actionupdate_option_alg_wc_ev_delete_users_cronincludes\class-alg-wc-ev-user-deletion.php:43
actioninitincludes\class-alg-wc-ev-user-deletion.php:45
actionalg_wc_ev_delete_unverified_usersincludes\class-alg-wc-ev-user-deletion.php:46
actioninitincludes\class-alg-wc-ev-user-deletion.php:48
actionalg_wc_ev_on_deactivationincludes\class-alg-wc-ev-user-deletion.php:50
actionadmin_initincludes\class-alg-wc-ev-user-deletion.php:295
filterwoocommerce_get_sections_alg_wc_evincludes\settings\class-alg-wc-ev-settings-section.php:37
actionadmin_headincludes\settings\class-alg-wc-ev-settings-shortcodes.php:27
filterwoocommerce_admin_settings_sanitize_optionincludes\settings\class-alg-wc-ev-settings.php:26
filterwoocommerce_admin_settings_sanitize_optionincludes\settings\class-alg-wc-ev-settings.php:27
actionadmin_initincludes\settings\class-alg-wc-ev-settings.php:39
actionadmin_noticesincludes\settings\class-alg-wc-ev-settings.php:186

Scheduled Events 2

alg_wc_ev_confirmation_email_delay_event
alg_wc_ev_delete_unverified_users
Maintenance & Trust

Customer Email Verification for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 10, 2026
PHP min version
Downloads417K

Community Trust

Rating96/100
Number of ratings47
Active installs9K
Alternatives

Customer Email Verification for WooCommerce Alternatives

Clearout Email Validator – Real-Time Email Verification on WordPress Forms

Clearout Email Validator – Real-Time Email Verification on WordPress Forms

clearout-email-validator

A
99

Block invalid emails like temporary, disposable, etc. with our real-time email verification. Verify email address during form-fill and stop form spam.

600 1 CVE
IPQualityScore Fraud Detection

IPQualityScore Fraud Detection

ipqualityscore-fraud-detection

A
85

IPQualityScore Fraud Detection and Fraud Prevention Tools identify malicious behavior and fraudulent activity featuring Proxy & VPN Detection &amp &hellip;

90 No CVEs
Naimur Email OTP Verification for WooCommerce

Naimur Email OTP Verification for WooCommerce

naimur-email-otp-for-woocommerce

A
100

Short Description: Verify WooCommerce customer email addresses with a 6-digit OTP before account creation for secure and spam-free registrations.

10 No CVEs
VerifyMate Email Verification for WooCommerce

VerifyMate Email Verification for WooCommerce

verifymate-email-verification-for-woocommerce

A
100

Verify customer emails before login or checkout. Secure WooCommerce registration verification—block fake accounts and spam.

0 No CVEs
VerifyPro Email OTP for WooCommerce

VerifyPro Email OTP for WooCommerce

verifypro-email-otp-for-woocommerce

A
100

Professional email verification for WooCommerce. Secure your checkout with OTP codes and prevent bot orders.

0 No CVEs
Developer Profile

Customer Email Verification for WooCommerce Developer Profile

WPFactory

63 plugins · 136K total installs

86
trust score
Avg Security Score
97/100
Avg Patch Time
90 days
View full developer profile
Detection Fingerprints

How We Detect Customer Email Verification for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/emails-verification-for-woocommerce/assets/css/main.css/wp-content/plugins/emails-verification-for-woocommerce/assets/js/main.js
Script Paths
/wp-content/plugins/emails-verification-for-woocommerce/vendor/autoload.php/wp-content/plugins/emails-verification-for-woocommerce/includes/class-alg-wc-ev-core.php
Version Parameters
emails-verification-for-woocommerce/assets/css/main.css?ver=emails-verification-for-woocommerce/assets/js/main.js?ver=

HTML / DOM Fingerprints

CSS Classes
alg-wc-ev-admin-notice
HTML Comments
<!-- Globalize: alg_wc_ev_settings --><!-- Include required core files used in admin and on the frontend. --><!-- Action links --><!-- Settings -->+1 more
Data Attributes
data-alg_wc_ev_admin_notice
JS Globals
alg_wc_ev_settings
FAQ

Frequently Asked Questions about Customer Email Verification for WooCommerce