Does LetsRecover – WooCommerce Abandoned Cart Notifications have any unpatched vulnerabilities?

No. All known vulnerabilities in LetsRecover – WooCommerce Abandoned Cart Notifications have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is LetsRecover – WooCommerce Abandoned Cart Notifications compatible with WordPress 6.1.10?

According to WordPress.org data, LetsRecover – WooCommerce Abandoned Cart Notifications 1.2.0 has been tested up to WordPress 6.1.10. Check the plugin's changelog for the latest compatibility information.

Is LetsRecover – WooCommerce Abandoned Cart Notifications compatible with PHP 7.1+?

LetsRecover – WooCommerce Abandoned Cart Notifications requires PHP 7.1 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

LetsRecover – WooCommerce Abandoned Cart Notifications Security & Risk Analysis

wordpress.org/plugins/letsrecover-woocommerce-abandoned-cart

Recover your lost revenue and abandoned carts using multiple automated Web Push Notification reminder by WooCommerce Abandoned Cart Recovery Notificat …

0 active installs v1.2.0 PHP 7.1+ WP 5.0+ Updated Jan 19, 2023

abandonedabandoned-cart-notificationsabandoned-cart-recoverywoocommercewoocommerce-abandoned-cart

B · Generally Safe

CVEs total3

Unpatched0

Last CVEDec 12, 2022

Plugin page Download

Safety Verdict

Is LetsRecover – WooCommerce Abandoned Cart Notifications Safe to Use in 2026?

Mostly Safe

Score 81/100

LetsRecover – WooCommerce Abandoned Cart Notifications is generally safe to use though it hasn't been updated recently. 3 past CVEs were resolved. Keep it updated.

3 known CVEsLast CVE: Dec 12, 2022Updated 3yr ago

Risk Assessment

The 'letsrecover-woocommerce-abandoned-cart' plugin version 1.2.0 exhibits a concerning security posture, primarily due to a large number of unprotected AJAX endpoints. While the plugin utilizes prepared statements for most SQL queries and has a high rate of output escaping, the presence of six AJAX handlers without authentication checks presents a significant attack surface. The taint analysis further amplifies these concerns, revealing eight flows with unsanitized paths classified as high severity. The plugin's vulnerability history, which includes three past CVEs with a critical and two high-severity issues, particularly a critical SQL injection from late 2022, suggests a pattern of past exploitable weaknesses. Although there are no currently unpatched vulnerabilities, the historical trend and the current code analysis findings indicate a need for significant security improvements to mitigate potential risks.

Key Concerns

6 AJAX handlers without auth checks
8 high severity unsanitized taint flows
1 critical past CVE
2 high past CVEs
Dangerous function 'unserialize' found
Only 2 nonce checks for 6 AJAX handlers
Only 2 capability checks for 6 AJAX handlers

Vulnerabilities

LetsRecover – WooCommerce Abandoned Cart Notifications Security Vulnerabilities

CVEs by Year

3 CVEs in 2022

2022

Patched Has unpatched

Severity Breakdown

Critical

High

3 total CVEs

CVE-2022-4357critical · 9.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

LetsRecover <= 1.1.0 - Unauthenticated SQL Injection via AJAX action

Dec 12, 2022 Patched in 1.2.0 (407d)

CVE-2022-4355high · 7.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

LetsRecover <= 1.1.0 - Authenticated (Admin+) SQL Injection

Dec 9, 2022 Patched in 1.2.0 (410d)

CVE-2022-4356high · 7.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

LetsRecover <= 1.1.0 - Authenticated (Admin+) SQL Injection

Dec 9, 2022 Patched in 1.2.0 (410d)

Code Analysis

Analyzed Mar 17, 2026

LetsRecover – WooCommerce Abandoned Cart Notifications Code Analysis

Dangerous Functions

Raw SQL Queries

38 prepared

Unescaped Output

84 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$cart_info = unserialize($item[ $column_name ]);include\classes\abandoned_carts.php:106

unserialize$payload = unserialize($r['payload']);include\classes\admin-functions.php:255

unserialize$palyload = unserialize($item[ $column_name ]);include\classes\notifications.php:101

unserialize$palyload = unserialize($item[ $column_name ]);include\classes\notifications.php:105

unserialize$cart_detail = unserialize($c['cart_detail']);include\classes\wp-functions.php:377

unserialize$push_token = unserialize($subscription['push_token']);include\classes\wp-functions.php:532

SQL Query Safety

97% prepared39 total queries

Output Escaping

83% escaped101 total outputs

Data Flows

8 unsanitized

Data Flow Analysis

11 flows8 with unsanitized paths

<admin-functions> (include\classes\admin-functions.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

6 unprotected

LetsRecover – WooCommerce Abandoned Cart Notifications Attack Surface

Entry Points6

Unprotected6

AJAX Handlers 6

authwp_ajax_get_push_infoinclude\classes\admin-functions.php:25

noprivwp_ajax_get_push_infoinclude\classes\admin-functions.php:26

authwp_ajax_letsrecover_save_subscriptioninclude\classes\wp-functions.php:32

noprivwp_ajax_letsrecover_save_subscriptioninclude\classes\wp-functions.php:33

authwp_ajax_wplrp_notification_loginclude\classes\wp-functions.php:35

noprivwp_ajax_wplrp_notification_loginclude\classes\wp-functions.php:36

WordPress Hooks 24

actionadmin_menuinclude\classes\admin-functions.php:19

actionadmin_enqueue_scriptsinclude\classes\admin-functions.php:21

actionadmin_initinclude\classes\admin-functions.php:23

actionadmin_noticesinclude\classes\admin-functions.php:29

actionadmin_noticesinclude\classes\admin-functions.php:32

actionadmin_noticesinclude\classes\admin-functions.php:35

actionadmin_noticesinclude\classes\admin-functions.php:39

actionadmin_noticesinclude\classes\wp-functions.php:22

actionwp_footerinclude\classes\wp-functions.php:24

actionadmin_initinclude\classes\wp-functions.php:25

actioninitinclude\classes\wp-functions.php:27

actionparse_requestinclude\classes\wp-functions.php:28

actionwoocommerce_add_to_cartinclude\classes\wp-functions.php:38

actionwoocommerce_cart_item_removedinclude\classes\wp-functions.php:39

actionwoocommerce_cart_item_restoredinclude\classes\wp-functions.php:40

actionwoocommerce_after_calculate_totalsinclude\classes\wp-functions.php:41

actionwoocommerce_thankyouinclude\classes\wp-functions.php:42

filtercron_schedulesinclude\classes\wp-functions.php:44

actionwpinclude\classes\wp-functions.php:46

actionwplrp_cart_recovery_eventinclude\classes\wp-functions.php:47

actionplugins_loadedletsrecover.php:33

filtersuperpwa_sw_filenameletsrecover.php:37

filtersuperpwa_sw_templateletsrecover.php:39

actioninitletsrecover.php:75

Scheduled Events 1

wplrp_cart_recovery_event

Maintenance & Trust

LetsRecover – WooCommerce Abandoned Cart Notifications Maintenance & Trust

Maintenance Signals

WordPress version tested6.1.10

Last updatedJan 19, 2023

PHP min version7.1

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

LetsRecover – WooCommerce Abandoned Cart Notifications Alternatives

Abandoned Cart Recovery for WooCommerce

woo-abandoned-cart-recovery

A simple, effective solution to capture abandoned carts and auto-send reminders. Track logs and generate reports on carts, emails, and more

4K 2 CVEs

Cart Lift – Abandoned Cart Recovery for WooCommerce and EDD

cart-lift

Track abandoned carts and send automated, customizable abandoned cart recovery emails. Get more leads, reduce cart abandonment, and increase revenue.

1K 2 CVEs

ShopMagic – email automation

shopmagic-for-woocommerce

Flexible email automation and workflows triggered by customer and site events.

10K 2 CVEs

NS Recover Abandoned Cart

ns-recover-abandoned-cart

100

Helps to find out how many lost carts your store has by keeping track when users abandon them. It also sends an mail to those users to help recover th …

0 No CVEs

Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools

woocommerce-jetpack

Supercharge WooCommerce with FREE Abandoned Cart Recovery, Product Variation Swatches, PDF Invoices & 100+ tools. Boost sales & save time.

30K 32 CVEs

Developer Profile

LetsRecover – WooCommerce Abandoned Cart Notifications Developer Profile

Tahir Jamil

1 plugin · 0 total installs

trust score

Avg Security Score

81/100

Avg Patch Time

409 days

View full developer profile

Detection Fingerprints

How We Detect LetsRecover – WooCommerce Abandoned Cart Notifications

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/letsrecover-woocommerce-abandoned-cart/assets/css/letsrecover_admin.min.css/wp-content/plugins/letsrecover-woocommerce-abandoned-cart/assets/js/letsrecover_admin.min.js/wp-content/plugins/letsrecover-woocommerce-abandoned-cart/assets/css/emojionearea.min.css/wp-content/plugins/letsrecover-woocommerce-abandoned-cart/assets/js/emojionearea.min.js

Script Paths

/wp-content/plugins/letsrecover-woocommerce-abandoned-cart/assets/js/letsrecover_service_worker.min.js

Version Parameters

letsrecover-css?ver=1.0.0letsrecover-admin-js?ver=1.0.0emojionearea-css?ver=3.4.0emojionearea-js?ver=3.4.0

HTML / DOM Fingerprints

CSS Classes

wplrp-wrap

HTML Comments

Compatibility for Super PWA PluginPlugin's action buttoninitalize plugin's classes

Data Attributes

data-pagedata-tab

JS Globals

WPLRP_URLWPLRP_VERSIONwplrp_admin_params

REST Endpoints

/wp-json/wplrp/v1/push-data

FAQ