WP-Safety

MWB HubSpot for WooCommerce – CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics Security & Risk Analysis

wordpress.org/plugins/makewebbetter-hubspot-for-woocommerce

Integrate WooCommerce with HubSpot’s free CRM, abandoned cart tracking, email marketing, marketing automation, analytics & more.

7K active installs v1.6.7 PHP 5.1+ WP 4.4.0+ Updated Apr 15, 2026
abandoned-cartemail-marketinghubspotmarketing-automationwoocommerce
98
A · Safe
CVEs total1
Unpatched0
Last CVEJan 30, 2025
Plugin page Download
Safety Verdict

Is MWB HubSpot for WooCommerce – CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics Safe to Use in 2026?

Generally Safe

Score 98/100

MWB HubSpot for WooCommerce – CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Jan 30, 2025Updated 1mo ago
Risk Assessment

The "makewebbetter-hubspot-for-woocommerce" plugin v1.6.6 exhibits a mixed security posture. While it demonstrates good practices in many areas, such as a high percentage of properly escaped outputs and a significant use of prepared statements for SQL queries, there are notable areas of concern. The presence of 42 AJAX handlers, with 6 lacking authentication checks, presents a significant attack surface that could be exploited by unauthenticated users. The static analysis also identified the dangerous `unserialize` function, which, if not handled with extreme caution and validation, can lead to deserialization vulnerabilities. Despite a recent high-severity vulnerability in its history, it is currently patched, which is a positive sign. However, the pattern of having a high-severity vulnerability and the identified unprotected entry points suggest a potential for recurring security issues if development practices do not consistently incorporate robust authorization and input sanitization. Overall, the plugin has strengths in code hygiene but requires attention to its authentication mechanisms for AJAX endpoints and careful handling of potentially dangerous functions.

Key Concerns

  • 6 unprotected AJAX handlers
  • Use of unserialize function
  • 1 High severity historical vulnerability
Vulnerabilities
1 published

MWB HubSpot for WooCommerce – CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

High
1

1 total CVE

CVE-2024-10591high · 8.8Missing Authorization

MWB HubSpot for WooCommerce – CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics <= 1.5.9 - Missing Authorization to Authenticated (Contributor+) Arbitrary Options Update

Jan 30, 2025 Patched in 1.6.0 (2d)
Version History

MWB HubSpot for WooCommerce – CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics Release Timeline

v1.6.7Current
v1.6.6
v1.6.5
v1.6.4
v1.6.3
v1.6.2
v1.6.1
v1.6.0
v1.5.91 CVE
CVE-2024-10591
v1.5.81 CVE
CVE-2024-10591
v1.5.71 CVE
CVE-2024-10591
v1.5.61 CVE
CVE-2024-10591
v1.5.51 CVE
CVE-2024-10591
v1.5.41 CVE
CVE-2024-10591
v1.5.31 CVE
CVE-2024-10591
v1.5.21 CVE
CVE-2024-10591
v1.5.11 CVE
CVE-2024-10591
v1.5.01 CVE
CVE-2024-10591
v1.4.91 CVE
CVE-2024-10591
v1.4.81 CVE
CVE-2024-10591
Code Analysis
Analyzed Mar 16, 2026

MWB HubSpot for WooCommerce – CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics Code Analysis

Dangerous Functions
2
Raw SQL Queries
9
33 prepared
Unescaped Output
49
499 escaped
Nonce Checks
43
Capability Checks
1
File Operations
1
External Requests
52
Bundled Libraries
0

Dangerous Functions Found

unserialize$response = unserialize( $value['response'] ); //phpcs:ignoreincludes\class-hubwoo-ajax-handler.php:2248
unserialize$log .= 'Response : ' . wp_json_encode( unserialize( $value['response'] ) ) . includes\class-hubwoo-ajax-handler.php:2300

SQL Query Safety

79% prepared42 total queries

Output Escaping

91% escaped548 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

8 flows
<hubwoo-user-roles> (admin\templates\setup\hubwoo-user-roles.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
6 unprotected

MWB HubSpot for WooCommerce – CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics Attack Surface

Entry Points42
Unprotected6

AJAX Handlers 42

authwp_ajax_hubwoo_check_oauth_access_tokenincludes\class-hubwoo-ajax-handler.php:33
authwp_ajax_hubwoo_create_property_groupincludes\class-hubwoo-ajax-handler.php:35
authwp_ajax_hubwoo_get_group_propertiesincludes\class-hubwoo-ajax-handler.php:37
authwp_ajax_hubwoo_create_group_propertyincludes\class-hubwoo-ajax-handler.php:39
authwp_ajax_hubwoo_deals_create_propertyincludes\class-hubwoo-ajax-handler.php:41
authwp_ajax_hubwoo_get_listsincludes\class-hubwoo-ajax-handler.php:43
authwp_ajax_hubwoo_create_listincludes\class-hubwoo-ajax-handler.php:45
authwp_ajax_hubwoo_create_single_groupincludes\class-hubwoo-ajax-handler.php:47
authwp_ajax_hubwoo_create_single_propertyincludes\class-hubwoo-ajax-handler.php:49
authwp_ajax_hubwoo_create_single_listincludes\class-hubwoo-ajax-handler.php:51
authwp_ajax_hubwoo_create_single_workflowincludes\class-hubwoo-ajax-handler.php:53
authwp_ajax_hubwoo_update_workflow_tabincludes\class-hubwoo-ajax-handler.php:55
authwp_ajax_hubwoo_search_for_order_statusincludes\class-hubwoo-ajax-handler.php:57
authwp_ajax_hubwoo_get_for_user_rolesincludes\class-hubwoo-ajax-handler.php:59
authwp_ajax_hubwoo_ocs_instant_syncincludes\class-hubwoo-ajax-handler.php:61
authwp_ajax_hubwoo_email_the_error_logincludes\class-hubwoo-ajax-handler.php:63
authwp_ajax_hubwoo_disconnect_accountincludes\class-hubwoo-ajax-handler.php:65
authwp_ajax_hubwoo_get_user_for_current_rolesincludes\class-hubwoo-ajax-handler.php:67
authwp_ajax_hubwoo_get_current_sync_statusincludes\class-hubwoo-ajax-handler.php:69
authwp_ajax_hubwoo_save_updatesincludes\class-hubwoo-ajax-handler.php:71
authwp_ajax_hubwoo_deals_search_for_stagesincludes\class-hubwoo-ajax-handler.php:73
authwp_ajax_hubwoo_ecomm_setupincludes\class-hubwoo-ajax-handler.php:75
authwp_ajax_hubwoo_ecomm_get_ocs_countincludes\class-hubwoo-ajax-handler.php:77
authwp_ajax_hubwoo_manage_syncincludes\class-hubwoo-ajax-handler.php:79
authwp_ajax_hubwoo_manage_vidsincludes\class-hubwoo-ajax-handler.php:81
authwp_ajax_hubwoo_sync_status_trackerincludes\class-hubwoo-ajax-handler.php:83
authwp_ajax_hubwoo_onboard_formincludes\class-hubwoo-ajax-handler.php:85
authwp_ajax_hubwoo_get_onboard_formincludes\class-hubwoo-ajax-handler.php:87
authwp_ajax_hubwoo_ocs_historical_contactincludes\class-hubwoo-ajax-handler.php:90
authwp_ajax_hubwoo_historical_contact_syncincludes\class-hubwoo-ajax-handler.php:93
authwp_ajax_hubwoo_historical_products_importincludes\class-hubwoo-ajax-handler.php:96
authwp_ajax_hubwoo_historical_deals_syncincludes\class-hubwoo-ajax-handler.php:99
authwp_ajax_hubwoo_hide_rev_noticeincludes\class-hubwoo-ajax-handler.php:101
authwp_ajax_hubwoo_hide_hpos_noticeincludes\class-hubwoo-ajax-handler.php:103
authwp_ajax_hubwoo_hide_festive_noticeincludes\class-hubwoo-ajax-handler.php:105
authwp_ajax_hubwoo_get_datatable_dataincludes\class-hubwoo-ajax-handler.php:107
authwp_ajax_hubwoo_download_sync_logincludes\class-hubwoo-ajax-handler.php:109
authwp_ajax_hubwoo_clear_sync_logincludes\class-hubwoo-ajax-handler.php:111
authwp_ajax_hubwoo_fetch_deal_stagesincludes\class-hubwoo-ajax-handler.php:113
authwp_ajax_hubwoo_fetch_update_pipelinesincludes\class-hubwoo-ajax-handler.php:115
noprivwp_ajax_hubwoo_save_guest_user_cartincludes\class-hubwoo.php:367
noprivwp_ajax_get_order_detailincludes\class-hubwoo.php:368
WordPress Hooks 83
actionadmin_menuadmin\class-hubwoo-admin.php:67
filterwoocommerce_order_data_store_cpt_get_orders_queryadmin\class-hubwoo-admin.php:69
actionplugins_loadedincludes\class-hubwoo.php:225
actionadmin_enqueue_scriptsincludes\class-hubwoo.php:238
actionadmin_enqueue_scriptsincludes\class-hubwoo.php:239
actionadmin_initincludes\class-hubwoo.php:240
actionadmin_initincludes\class-hubwoo.php:241
actionadmin_initincludes\class-hubwoo.php:242
actionadmin_initincludes\class-hubwoo.php:243
actionadmin_initincludes\class-hubwoo.php:244
actionadmin_noticesincludes\class-hubwoo.php:245
actionadmin_noticesincludes\class-hubwoo.php:246
actionadmin_noticesincludes\class-hubwoo.php:249
filtermanage_edit-shop_order_columnsincludes\class-hubwoo.php:252
actionmanage_shop_order_posts_custom_columnincludes\class-hubwoo.php:253
actionhubwoo_real_time_syncincludes\class-hubwoo.php:257
actionhubwoo_real_time_taskincludes\class-hubwoo.php:258
actionadmin_footerincludes\class-hubwoo.php:262
filterhubwoo_usersincludes\class-hubwoo.php:265
filterhubwoo_contact_modified_fieldsincludes\class-hubwoo.php:266
filterhubwoo_pro_track_guest_cartincludes\class-hubwoo.php:267
actionhubwoo_abncart_clear_old_cartincludes\class-hubwoo.php:269
actionwoocommerce_checkout_processincludes\class-hubwoo.php:272
actionhubwoo_contacts_batch_syncincludes\class-hubwoo.php:278
filterhubwoo_unset_workflow_propertiesincludes\class-hubwoo.php:279
actionwoocommerce_order_status_changedincludes\class-hubwoo.php:280
actionset_user_roleincludes\class-hubwoo.php:281
filterhubwoo_contact_groupsincludes\class-hubwoo.php:285
filterhubwoo_active_groupsincludes\class-hubwoo.php:286
actionhubwoo_products_sync_backgroundincludes\class-hubwoo.php:289
actionhubwoo_products_status_backgroundincludes\class-hubwoo.php:290
actionsave_postincludes\class-hubwoo.php:291
actionhubwoo_ecomm_deal_upsertincludes\class-hubwoo.php:295
actionhubwoo_deals_sync_backgroundincludes\class-hubwoo.php:297
actionhubwoo_check_logsincludes\class-hubwoo.php:299
actionhubwoo_check_action_schedulers_logsincludes\class-hubwoo.php:300
actionsave_post_shop_orderincludes\class-hubwoo.php:305
actionhubwoo_contacts_sync_backgroundincludes\class-hubwoo.php:309
actionhubwoo_update_contacts_vidincludes\class-hubwoo.php:310
actionprofile_updateincludes\class-hubwoo.php:327
actionwp_enqueue_scriptsincludes\class-hubwoo.php:328
actionuser_registerincludes\class-hubwoo.php:329
actionwoocommerce_customer_save_addressincludes\class-hubwoo.php:330
actionwoocommerce_checkout_update_user_metaincludes\class-hubwoo.php:331
actionwoocommerce_update_orderincludes\class-hubwoo.php:332
actionwoocommerce_after_checkout_billing_formincludes\class-hubwoo.php:334
actionwoocommerce_checkout_order_processedincludes\class-hubwoo.php:335
actionwoocommerce_register_formincludes\class-hubwoo.php:338
actionwoocommerce_created_customerincludes\class-hubwoo.php:339
actionwp_loadedincludes\class-hubwoo.php:341
actionwoocommerce_renewal_order_payment_completeincludes\class-hubwoo.php:347
actionwoocommerce_scheduled_subscription_paymentincludes\class-hubwoo.php:348
actionwoocommerce_subscription_renewal_payment_completeincludes\class-hubwoo.php:349
actionwoocommerce_subscription_payment_failedincludes\class-hubwoo.php:350
actionwoocommerce_subscription_renewal_payment_failedincludes\class-hubwoo.php:351
actionwoocommerce_subscription_payment_completeincludes\class-hubwoo.php:352
actionwoocommerce_subscription_status_updatedincludes\class-hubwoo.php:353
actionwoocommerce_customer_changed_subscription_to_cancelledincludes\class-hubwoo.php:354
actionwoocommerce_customer_changed_subscription_to_activeincludes\class-hubwoo.php:355
actionwoocommerce_customer_changed_subscription_to_on-holdincludes\class-hubwoo.php:356
actioninitincludes\class-hubwoo.php:357
actioninitincludes\class-hubwoo.php:365
actiontemplate_redirectincludes\class-hubwoo.php:366
actionwoocommerce_after_checkout_billing_formincludes\class-hubwoo.php:369
actionwoocommerce_after_checkout_billing_formincludes\class-hubwoo.php:370
actionwoocommerce_new_orderincludes\class-hubwoo.php:371
actionwoocommerce_cart_updatedincludes\class-hubwoo.php:372
actionuser_registerincludes\class-hubwoo.php:373
actionwp_logoutincludes\class-hubwoo.php:374
filterwoocommerce_update_cart_action_cart_updatedincludes\class-hubwoo.php:376
actionwoocommerce_add_to_cartincludes\class-hubwoo.php:377
actionwoocommerce_thankyouincludes\class-hubwoo.php:382
filterwoocommerce_order_item_get_formatted_meta_dataincludes\class-hubwoo.php:385
filterplugin_row_metamakewebbetter-hubspot-for-woocommerce.php:134
filterplugin_action_linksmakewebbetter-hubspot-for-woocommerce.php:182
actionactivated_pluginmakewebbetter-hubspot-for-woocommerce.php:202
actionadmin_initmakewebbetter-hubspot-for-woocommerce.php:224
actionadmin_noticesmakewebbetter-hubspot-for-woocommerce.php:233
actionadmin_initmakewebbetter-hubspot-for-woocommerce.php:272
actionadmin_noticesmakewebbetter-hubspot-for-woocommerce.php:282
actionbefore_woocommerce_initmakewebbetter-hubspot-for-woocommerce.php:301
actionbefore_woocommerce_initmakewebbetter-hubspot-for-woocommerce.php:313
actionbefore_woocommerce_initmakewebbetter-hubspot-for-woocommerce.php:319
Maintenance & Trust

MWB HubSpot for WooCommerce – CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 15, 2026
PHP min version5.1
Downloads392K

Community Trust

Rating78/100
Number of ratings54
Active installs7K
Alternatives

MWB HubSpot for WooCommerce – CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics Alternatives

Zoho Campaigns

Zoho Campaigns

zoho-campaigns

A
95

Zoho Campaigns

4K 4 CVEs
Constant Contact + WooCommerce

Constant Contact + WooCommerce

constant-contact-woocommerce

A
99

Add products to your list emails and sync your contacts.

1K 1 CVE
Benchmark Email for WooCommerce

Benchmark Email for WooCommerce

woo-benchmark-email

A
100

Connects WooCommerce with Benchmark Email - syncing customers and abandoned carts.

200 No CVEs
Auto Mail – Abandoned Cart Recovery, Newsletter Builder & Marketing Automation for WooCommerce

Auto Mail – Abandoned Cart Recovery, Newsletter Builder & Marketing Automation for WooCommerce

auto-mail

A
100

Auto Mail is an WordPress email plugin that make you can manage your customer relationships, build your email lists, send email campaigns, build funne &hellip;

10 No CVEs
MandrakeCRM – CRM & AI Marketing Automation

MandrakeCRM – CRM & AI Marketing Automation

mandrakecrm

A
100

CRM, automations, campaigns & analytics for WooCommerce. Charges per order, not per contact. Unlimited contacts. Free 7-day trial.

0 No CVEs
Developer Profile

MWB HubSpot for WooCommerce – CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics Developer Profile

MakeWebBetter

5 plugins · 7K total installs

92
trust score
Avg Security Score
88/100
Avg Patch Time
2 days
View full developer profile
Detection Fingerprints

How We Detect MWB HubSpot for WooCommerce – CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/makewebbetter-hubspot-for-woocommerce/admin/css/bootstrap.min.css/wp-content/plugins/makewebbetter-hubspot-for-woocommerce/admin/css/bootstrap.min.css.map/wp-content/plugins/makewebbetter-hubspot-for-woocommerce/admin/css/datepicker.css/wp-content/plugins/makewebbetter-hubspot-for-woocommerce/admin/css/font-awesome.min.css/wp-content/plugins/makewebbetter-hubspot-for-woocommerce/admin/css/hover-min.css/wp-content/plugins/makewebbetter-hubspot-for-woocommerce/admin/css/jQuery.css/wp-content/plugins/makewebbetter-hubspot-for-woocommerce/admin/css/main.css/wp-content/plugins/makewebbetter-hubspot-for-woocommerce/admin/css/owl.carousel.min.css+24 more
Script Paths
/wp-content/plugins/makewebbetter-hubspot-for-woocommerce/admin/js/bootstrap.min.js/wp-content/plugins/makewebbetter-hubspot-for-woocommerce/admin/js/bootstrap-datepicker.js/wp-content/plugins/makewebbetter-hubspot-for-woocommerce/admin/js/common.js/wp-content/plugins/makewebbetter-hubspot-for-woocommerce/admin/js/custom.js/wp-content/plugins/makewebbetter-hubspot-for-woocommerce/admin/js/jquery.datetimepicker.full.min.js/wp-content/plugins/makewebbetter-hubspot-for-woocommerce/admin/js/jquery.js+11 more
Version Parameters
makewebbetter-hubspot-for-woocommerce/assets/css/dashboard.css?ver=makewebbetter-hubspot-for-woocommerce/assets/css/frontend.css?ver=makewebbetter-hubspot-for-woocommerce/assets/css/style.css?ver=makewebbetter-hubspot-for-woocommerce/assets/js/dashboard.js?ver=makewebbetter-hubspot-for-woocommerce/assets/js/frontend.js?ver=makewebbetter-hubspot-for-woocommerce/assets/js/script.js?ver=makewebbetter-hubspot-for-woocommerce/assets/js/woo-hubspot-common.js?ver=makewebbetter-hubspot-for-woocommerce/admin/css/style.css?ver=makewebbetter-hubspot-for-woocommerce/admin/js/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
hubwoo-admin-layouthubwoo-main-bodyhubwoo-section-titlehubwoo-rowhubwoo-colhubwoo-form-grouphubwoo-form-labelhubwoo-form-control+63 more
HTML Comments
<!-- If this file is called directly, abort. --><!-- Checking if WooCommerce is activeand other woocommerce integration versions. --><!-- The code that runs during plugin activation. -->+9 more
Data Attributes
data-hubwoo-client-iddata-hubwoo-secret-iddata-hubwoo-plugin-version
JS Globals
HUBWOO_PRO_CONSTANTSHubwoo_CommonHubwoo_DashboardHubwoo_FrontendHubwoo_Scripts
FAQ

Frequently Asked Questions about MWB HubSpot for WooCommerce – CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics