Does Kadence WooCommerce Email Designer have any unpatched vulnerabilities?

No. All known vulnerabilities in Kadence WooCommerce Email Designer have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Kadence WooCommerce Email Designer compatible with WordPress 6.8.5?

According to WordPress.org data, Kadence WooCommerce Email Designer 1.5.18 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Kadence WooCommerce Email Designer compatible with PHP 5.2.4+?

Kadence WooCommerce Email Designer requires PHP 5.2.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Kadence WooCommerce Email Designer updated?

Kadence WooCommerce Email Designer was last updated on Nov 20, 2025. Frequent updates are generally a positive security signal.

What is Kadence WooCommerce Email Designer's security score?

Kadence WooCommerce Email Designer has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Kadence WooCommerce Email Designer Security & Risk Analysis

wordpress.org/plugins/kadence-woocommerce-email-designer

Customize the default WooCommerce email templates design and text through the native WordPress customizer. Preview emails and send test emails.

100K active installs v1.5.18 PHP 5.2.4+ WP 5.3+ Updated Nov 20, 2025

emailemail-templateemail-templatesmailwoocommerce

A · Safe

CVEs total5

Unpatched0

Last CVEDec 1, 2025

Plugin page Download

Safety Verdict

Is Kadence WooCommerce Email Designer Safe to Use in 2026?

Generally Safe

Score 92/100

Kadence WooCommerce Email Designer has a strong security track record. Known vulnerabilities have been patched promptly.

5 known CVEsLast CVE: Dec 1, 2025Updated 4mo ago

Risk Assessment

The "kadence-woocommerce-email-designer" plugin v1.5.18 exhibits a generally strong security posture based on static analysis, with no identified critical or high severity taint flows and a high percentage of properly escaped outputs. The limited attack surface of two AJAX handlers, both secured with capability checks, is a positive indicator. The absence of direct SQL injection vulnerabilities due to prepared statements is also commendable.

However, the presence of three "unserialize" function calls represents a potential risk. While not directly exposed in taint analysis, deserialization vulnerabilities can be severe if an attacker can control the serialized data. The plugin's history of 5 known CVEs, specifically 4 high severity and 1 medium, across various vulnerability types including XSS, improper input validation, unrestricted uploads, CSRF, and deserialization, is a significant concern. This history suggests a pattern of past vulnerabilities that, despite the current lack of unpatched issues, indicates a need for ongoing vigilance and thorough code review to prevent future exploits.

In conclusion, while the current static analysis for v1.5.18 shows improvements in some areas like taint flow and output escaping, the past vulnerability record and the presence of "unserialize" warrant a cautious approach. The plugin has a history of significant security flaws, and while the current version appears cleaner, the underlying codebase may still hold latent risks. Continued monitoring and prompt patching of any future vulnerabilities are crucial.

Key Concerns

Dangerous function: unserialize calls present
High number of past High severity CVEs
Past Medium severity CVE present
History of multiple common vulnerability types

Vulnerabilities

Kadence WooCommerce Email Designer Security Vulnerabilities

CVEs by Year

1 CVE in 2022

2022

1 CVE in 2023

2023

3 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

High

Medium

5 total CVEs

CVE-2025-13387high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Kadence WooCommerce Email Designer <= 1.5.17 - Unauthenticated Stored Cross-Site Scripting

Dec 1, 2025 Patched in 1.5.18 (1d)

CVE-2025-54697high · 7.2Improper Input Validation

Kadence WooCommerce Email Designer <= 1.5.16 - Authenticated (Shop Manager+) Arbitrary Options Update

Aug 14, 2025 Patched in 1.5.17 (6d)

CVE-2025-39557high · 7.2Unrestricted Upload of File with Dangerous Type

Kadence WooCommerce Email Designer <= 1.5.14 - Authenticated (Admin+) Arbitrary File Upload

Apr 16, 2025 Patched in 1.5.15 (6d)

CVE-2023-47186medium · 4.3Cross-Site Request Forgery (CSRF)

Kadence WooCommerce Email Designer <= 1.5.11 - Cross-Site Request Forgery

Nov 2, 2023 Patched in 1.5.12 (82d)

CVE-2022-3335high · 7.2Deserialization of Untrusted Data

Kadence WooCommerce Email Designer <= 1.5.6 - PHP Object Injection

Sep 30, 2022 Patched in 1.5.7 (480d)

Code Analysis

Analyzed Mar 16, 2026

Kadence WooCommerce Email Designer Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

522 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$data = @unserialize( base64_decode( $raw ), array( 'allowed_classes' => false ) );includes\class-kadence-woomail-import-export.php:224

unserializereturn @unserialize( $string2, array( 'allowed_classes' => false ) );includes\class-kadence-woomail-import-export.php:290

unserialize$data = @unserialize( $raw_data, array( 'allowed_classes' => false ));includes\class-kadence-woomail-import-export.php:318

Output Escaping

89% escaped585 total outputs

Data Flows

All sanitized

Data Flow Analysis

5 flows

ajax_send_email (includes\class-kadence-woomail-customizer.php:1016)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Kadence WooCommerce Email Designer Attack Surface

Entry Points2

Unprotected0

AJAX Handlers 2

authwp_ajax_kt_woomail_resetincludes\class-kadence-woomail-customizer.php:58

authwp_ajax_kt_woomail_send_emailincludes\class-kadence-woomail-customizer.php:61

WordPress Hooks 44

actioninitincludes\class-kadence-woomail-customizer.php:49

actioncustomize_registerincludes\class-kadence-woomail-customizer.php:52

filterwoocommerce_email_stylesincludes\class-kadence-woomail-customizer.php:55

actioncustomize_registerincludes\class-kadence-woomail-customizer.php:69

filteruser_has_capincludes\class-kadence-woomail-customizer.php:72

filtercustomize_loaded_componentsincludes\class-kadence-woomail-customizer.php:75

filtercustomize_section_activeincludes\class-kadence-woomail-customizer.php:78

filtercustomize_control_activeincludes\class-kadence-woomail-customizer.php:81

filtercustomize_controls_enqueue_scriptsincludes\class-kadence-woomail-customizer.php:84

filtergettextincludes\class-kadence-woomail-customizer.php:87

actioninitincludes\class-kadence-woomail-customizer.php:90

filterwpm_customizer_urlincludes\class-kadence-woomail-customizer.php:93

actionwoomail_footerincludes\class-kadence-woomail-customizer.php:96

actionwoomail_footerincludes\class-kadence-woomail-customizer.php:99

actioncustomize_preview_initincludes\class-kadence-woomail-customizer.php:102

filterkadence_woomail_email_typesincludes\class-kadence-woomail-customizer.php:122

filterkadence_woomail_email_type_class_name_arrayincludes\class-kadence-woomail-customizer.php:131

filterkadence_woomail_email_settings_default_valuesincludes\class-kadence-woomail-customizer.php:140

filteruser_has_capincludes\class-kadence-woomail-customizer.php:234

actioncustomize_registerincludes\class-kadence-woomail-import-export.php:103

actioncustomize_controls_print_scriptsincludes\class-kadence-woomail-import-export.php:104

actionparse_requestincludes\class-kadence-woomail-preview.php:185

actionwp_footerincludes\class-kadence-woomail-preview.php:786

filterwoocommerce_email_settingsincludes\class-kadence-woomail-woo.php:48

actionwoocommerce_admin_field_kt_woomail_open_customizer_buttonincludes\class-kadence-woomail-woo.php:51

filterwoo_cart_abandonment_recovery_email_overrideincludes\class-kwed-cartflows-ca-email.php:35

actionplugins_loadedkadence-woocommerce-email-designer.php:53

actionadmin_noticeskadence-woocommerce-email-designer.php:65

actioninitkadence-woocommerce-email-designer.php:81

actionadmin_menukadence-woocommerce-email-designer.php:87

actionwoocommerce_email_headerkadence-woocommerce-email-designer.php:106

filterwoocommerce_locate_templatekadence-woocommerce-email-designer.php:109

filterwoocommerce_email_format_stringkadence-woocommerce-email-designer.php:112

actionkadence_woomail_designer_email_detailskadence-woocommerce-email-designer.php:115

actionkadence_woomail_designer_email_textkadence-woocommerce-email-designer.php:118

actionkadence_woomail_designer_email_footerkadence-woocommerce-email-designer.php:121

filterwoocommerce_email_order_items_argskadence-woocommerce-email-designer.php:124

filterwoocommerce_email_footer_textkadence-woocommerce-email-designer.php:127

filterwoocommerce_email_setup_localekadence-woocommerce-email-designer.php:129

filterwoocommerce_email_restore_localekadence-woocommerce-email-designer.php:131

actionchange_localekadence-woocommerce-email-designer.php:138

filterwoocommerce_mail_contentkadence-woocommerce-email-designer.php:149

filterwoocommerce_locate_templatekadence-woocommerce-email-designer.php:790

actionbefore_woocommerce_initkadence-woocommerce-email-designer.php:850

Maintenance & Trust

Kadence WooCommerce Email Designer Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedNov 20, 2025

PHP min version5.2.4

Downloads2.1M

Community Trust

Rating90/100

Number of ratings142

Active installs100K

Alternatives

Kadence WooCommerce Email Designer Alternatives

YayMail – WooCommerce Email Customizer

yaymail

Customize WooCommerce email templates with an advanced drag-and-drop email builder. Works great with 80+ WooCommerce Email Customizer Addons.

50K 4 CVEs

Email Templates Customizer and Designer for WordPress and WooCommerce

email-templates

Design and send custom emails with Email Templates plugin for WordPress and WooCommerce

20K 2 CVEs

Email Customizer for WooCommerce – Spark Editor

email-editor-plus

100

Best WooCommerce email customizer plugin to create professional, branded email templates with intuitive drag-and-drop email editor.

200 No CVEs

Advanced Emailing for WooCommerce

advanced-emailing-for-woocommerce

100

Customize your WooCommerce emails or create new one that are sent when a condition is met.

20 No CVEs

Email Design Studio

email-design-studio

create and customize powerful email design and templates for your customers.

0 No CVEs

Developer Profile

Kadence WooCommerce Email Designer Developer Profile

StellarWP

26 plugins · 3.1M total installs

trust score

Avg Security Score

95/100

Avg Patch Time

462 days

View full developer profile

Detection Fingerprints

How We Detect Kadence WooCommerce Email Designer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/kadence-woocommerce-email-designer/assets/css/kwd-editor.css/wp-content/plugins/kadence-woocommerce-email-designer/assets/css/kwd-frontend.css/wp-content/plugins/kadence-woocommerce-email-designer/assets/js/kwd-editor.js/wp-content/plugins/kadence-woocommerce-email-designer/assets/js/kwd-frontend.js/wp-content/plugins/kadence-woocommerce-email-designer/assets/js/kwd-woo-helpers.js

Script Paths

/wp-content/plugins/kadence-woocommerce-email-designer/assets/js/kwd-editor.js/wp-content/plugins/kadence-woocommerce-email-designer/assets/js/kwd-frontend.js/wp-content/plugins/kadence-woocommerce-email-designer/assets/js/kwd-woo-helpers.js

Version Parameters

kadence-woocommerce-email-designer/assets/css/kwd-editor.css?ver=kadence-woocommerce-email-designer/assets/css/kwd-frontend.css?ver=kadence-woocommerce-email-designer/assets/js/kwd-editor.js?ver=kadence-woocommerce-email-designer/assets/js/kwd-frontend.js?ver=kadence-woocommerce-email-designer/assets/js/kwd-woo-helpers.js?ver=

HTML / DOM Fingerprints

CSS Classes

kwd-editor-wrapperkwd-email-previewkadence-woomail-designer-wrapperkadence-woomail-designer-editor

HTML Comments

Kadence Woocommerce Email Designer PreviewKadence Woocommerce Email Designer Editor

Data Attributes

data-kadence-woomail-editordata-kadence-woomail-preview

JS Globals

KadenceWoomailEditorKadenceWoomailPreview

FAQ