WP-Safety

Mail Mage Security & Risk Analysis

wordpress.org/plugins/mail-mage

Recover Abandoned WooCommerce cart emails, send WooCommerce Product reminder emails, Automate your WordPress marketing workflows to help convert, reta …

30 active installs v0.0.25 PHP 5.6+ WP 4.0+ Updated Jul 23, 2024
cart-abandonmentcart-recoverycustomer-reviewsproduct-reviewsreview-reminder
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Mail Mage Safe to Use in 2026?

Generally Safe

Score 92/100

Mail Mage has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The Mail Mage plugin, version 0.0.25, exhibits a generally good security posture with several positive indicators. The attack surface is small and appears to be well-protected with authentication checks on its entry points. The plugin also demonstrates a good practice of using prepared statements for a significant portion of its SQL queries and a high percentage of properly escaped output. Furthermore, the absence of known CVEs and a clean vulnerability history are strong indicators of past security diligence. However, the presence of the `unserialize` function raises a significant concern, as it is a well-known vector for deserialization vulnerabilities if not handled with extreme care. The taint analysis revealing two flows with unsanitized paths, though not classified as critical or high in severity by the analysis, warrants attention as it highlights potential areas where untrusted data could be manipulated. These two high-severity taint flows are the most pressing concerns, indicating potential weaknesses in how external data is processed.

Key Concerns

  • Unsanitized path taint flows (2)
  • Use of unserialize function
Vulnerabilities
None known

Mail Mage Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Mail Mage Release Timeline

v0.0.25Current
v0.0.24
v0.0.23
v0.0.22
v0.0.21
v0.0.20
v0.0.19
v0.0.18
v0.0.17
v0.0.16
v0.0.15
v0.0.14
v0.0.13
v0.0.12
v0.0.11
v0.0.10
v0.0.9
v0.0.8
v0.0.7
Code Analysis
Analyzed Mar 16, 2026

Mail Mage Code Analysis

Dangerous Functions
1
Raw SQL Queries
18
13 prepared
Unescaped Output
17
108 escaped
Nonce Checks
1
Capability Checks
1
File Operations
1
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$event_data = unserialize($event_data);class\Common\Event\EventManager.php:96

SQL Query Safety

42% prepared31 total queries

Output Escaping

86% escaped125 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
__construct (class\Common\Analytics\AbstractClickTracker.php:10)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Mail Mage Attack Surface

Entry Points2
Unprotected0

AJAX Handlers 2

authwp_ajax_ewp_save_cartclass\Common\Event\WooCommerceAbandonedCartEvent.php:18
noprivwp_ajax_ewp_save_cartclass\Common\Event\WooCommerceAbandonedCartEvent.php:19
WordPress Hooks 31
actionwp_mail_failedclass\Common\Action\SendEmailAction.php:277
filterewp_email_footer_textclass\Common\Action\SendEmailTemplate\DefaultSendEmailTemplate.php:104
filterewp_email_button_argsclass\Common\Action\SendEmailTemplate\WooCommerceSendEmailTemplate.php:13
filterwoocommerce_email_footer_textclass\Common\Action\SendEmailTemplate\WooCommerceSendEmailTemplate.php:62
actioninitclass\Common\Analytics\AbstractClickTracker.php:12
filterquery_varsclass\Common\Analytics\AnalyticsManager.php:28
actionwpclass\Common\Analytics\AnalyticsManager.php:29
actioncomment_postclass\Common\Analytics\WooCommerceTracker.php:15
actionwoocommerce_checkout_update_order_metaclass\Common\Analytics\WooCommerceTracker.php:16
actionwoocommerce_order_status_processingclass\Common\Analytics\WooCommerceTracker.php:18
actionwoocommerce_order_status_completedclass\Common\Analytics\WooCommerceTracker.php:19
filterquery_varsclass\Common\Analytics\WooCommerceTracker.php:22
actionwpclass\Common\Analytics\WooCommerceTracker.php:23
actioninitclass\Common\Cron\CronManager.php:28
actionewp_schedulerclass\Common\Cron\CronManager.php:29
filtercron_schedulesclass\Common\Cron\CronManager.php:30
actiontransition_post_statusclass\Common\Event\PostStatusChangeEvent.php:63
actionuser_registerclass\Common\Event\UserRegisteredEvent.php:22
actionwp_enqueue_scriptsclass\Common\Event\WooCommerceAbandonedCartEvent.php:81
actionewp/automation_woocommerce_cart/abandonedclass\Common\Event\WooCommerceAbandonedCartEvent.php:82
actionwoocommerce_subscription_status_updatedclass\Common\Event\WooCommerceSubscriptionOrderStatusEvent.php:49
actionshutdownclass\Common\Interceptor\AbandonCartInterceptor.php:27
actionwoocommerce_checkout_create_orderclass\Common\Interceptor\AbandonCartInterceptor.php:28
actionwp_loginclass\Common\Interceptor\AbandonCartInterceptor.php:30
filtercontent_save_preclass\Common\Migration\Migrations.php:218
filtercontent_save_preclass\Common\Model\AutomationModel.php:120
actionadmin_menuclass\Common\Plugin\Menu.php:29
actionrest_api_initclass\Common\Rest\RestManager.php:84
actionwp_mail_failedclass\Common\Rest\RestManager.php:542
filterewp/send_email/register_templateclass\ServiceProvider.php:86
actionplugins_loadedsetup-ewp.php:27

Scheduled Events 1

ewp_scheduler
Maintenance & Trust

Mail Mage Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5
Last updatedJul 23, 2024
PHP min version5.6
Downloads3K

Community Trust

Rating90/100
Number of ratings2
Active installs30
Alternatives

Mail Mage Alternatives

Photo Reviews for WooCommerce

Photo Reviews for WooCommerce

woo-photo-reviews

A
100

Let customers attach photos to reviews, enhanced with filterable grids and overall ratings. Auto-send review reminders and coupon emails

10K No CVEs
ReviewX – Multi-Criteria Reviews for WooCommerce with Google Reviews & Schema

ReviewX – Multi-Criteria Reviews for WooCommerce with Google Reviews & Schema

reviewx

A
88

Drive woocommerce business growth with social proof: gather product reviews with multicriteria ratings, auto-reminder emails, discounts, and more.

8K 14 CVEs
WiserReview Product Reviews for WooCommerce

WiserReview Product Reviews for WooCommerce

wiser-review

A
99

Collect, manage, and display powerful product reviews and testimonials for WooCommerce stores. Boost trust and conversion with automated review collec …

800 1 CVE
YayReviews – Advanced Customer Reviews for WooCommerce

YayReviews – Advanced Customer Reviews for WooCommerce

yay-customer-reviews-woocommerce

A
100

Automatically send follow-up emails to remind customers to rate your products. Boost your Woo Commerce store's credibility and increase sales.

40 No CVEs
Cart Abandonment Recovery for WooCommerce – Recover Lost Sales with Automated Emails

Cart Abandonment Recovery for WooCommerce – Recover Lost Sales with Automated Emails

woo-cart-abandonment-recovery

A
96

Every store loses sales to cart abandonment. But with Cart Abandonment Recovery for WooCommerce, you can win them back—automatically.

300K 2 CVEs
Developer Profile

Mail Mage Developer Profile

mailmage

1 plugin · 30 total installs

88
trust score
Avg Security Score
92/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Mail Mage

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/mail-mage/dist/js/core.js/wp-content/plugins/mail-mage/dist/css/core.bundle.css/wp-content/plugins/mail-mage/woocommerce-capture-guest.js
Script Paths
dist/js/core.jswoocommerce-capture-guest.js
Version Parameters
mail-mage/dist/js/core.js?ver=mail-mage/dist/css/core.bundle.css?ver=

HTML / DOM Fingerprints

JS Globals
wpApiSettingsewp
REST Endpoints
/wp-json/emailwp/
FAQ

Frequently Asked Questions about Mail Mage