WP-Safety

Convesio Convert – WooCommerce Email Marketing Automation with Website Personalization, Popups and Forms Security & Risk Analysis

wordpress.org/plugins/marketing-automation-and-personalization

Sell more with less effort using personalized marketing automation, email, popups, forms, dynamic webpages, and advanced customer segmentation.

100 active installs v3.4.0 PHP 7.0+ WP 5.0.0+ Updated Mar 19, 2026
conversion-trackingemail-marketingmarketing-automationpersonalized-marketingsales-automation
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Convesio Convert – WooCommerce Email Marketing Automation with Website Personalization, Popups and Forms Safe to Use in 2026?

Generally Safe

Score 100/100

Convesio Convert – WooCommerce Email Marketing Automation with Website Personalization, Popups and Forms has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "marketing-automation-and-personalization" plugin v3.3.0 exhibits a mixed security posture. On the positive side, the plugin demonstrates strong practices in output escaping, with 100% of outputs being properly escaped, and a good percentage of SQL queries utilizing prepared statements. The absence of known CVEs and a history of unpatched vulnerabilities is also a significant strength, suggesting a generally well-maintained codebase.

However, significant concerns arise from the attack surface. A substantial 8 out of 10 AJAX handlers lack authentication checks, creating a broad entry point for potential unauthorized actions. While taint analysis shows no critical or high-severity unsanitized paths, the presence of 5 flows with unsanitized paths, even if of lower severity, warrants attention as they could potentially be exploited in conjunction with other vulnerabilities.

In conclusion, while the plugin has a clean vulnerability history and good output escaping, the lack of authentication on a majority of its AJAX endpoints presents a notable security weakness. This balance of strengths and weaknesses indicates a need for immediate attention to the unprotected AJAX handlers to improve the plugin's overall security.

Key Concerns

  • 8 AJAX handlers without auth checks
  • 5 flows with unsanitized paths (taint analysis)
Vulnerabilities
None known

Convesio Convert – WooCommerce Email Marketing Automation with Website Personalization, Popups and Forms Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Convesio Convert – WooCommerce Email Marketing Automation with Website Personalization, Popups and Forms Release Timeline

v3.4.0Current
v3.3.0
v3.2.9
v3.2.8
v3.2.6
v3.2.5
v3.2.4
v3.2.3
v3.2.2
v3.2.1
v3.2.0
v3.1.3
v3.1.2
v3.1.1
v3.1.0
v3.0.0
v2.8.4
v2.8.3
v2.8.2
v2.8.1
Code Analysis
Analyzed Mar 16, 2026

Convesio Convert – WooCommerce Email Marketing Automation with Website Personalization, Popups and Forms Code Analysis

Dangerous Functions
0
Raw SQL Queries
9
26 prepared
Unescaped Output
0
95 escaped
Nonce Checks
4
Capability Checks
4
File Operations
0
External Requests
3
Bundled Libraries
0

SQL Query Safety

74% prepared35 total queries

Output Escaping

100% escaped95 total outputs
Data Flows · Security
5 unsanitized

Data Flow Analysis

7 flows5 with unsanitized paths
save_settings (admin\class-email-consent.php:117)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
8 unprotected

Convesio Convert – WooCommerce Email Marketing Automation with Website Personalization, Popups and Forms Attack Surface

Entry Points10
Unprotected8

AJAX Handlers 10

authwp_ajax_convesioconvert_destroy_dataadmin\class-data-manager.php:9
authwp_ajax_convesioconvert_save_settingsadmin\class-email-consent.php:18
authwp_ajax_convesioconvert_feedbackadmin\class-feedback.php:14
authwp_ajax_convesioconvert_get_health_leveladmin\class-health-check.php:16
authwp_ajax_convesioconvert_remove_integrationadmin\class-integration.php:13
authwp_ajax_convesioconvert_pause_integrationadmin\class-integration.php:15
authwp_ajax_convesioconvert_resume_integrationadmin\class-integration.php:16
authwp_ajax_convesioconvert_dismiss_integrated_noticeadmin\class-notices.php:19
authwp_ajax_convesioconvert_dismiss_caching_plugin_noticeadmin\class-notices.php:20
authwp_ajax_convesioconvert_dismiss_smart_ratingadmin\class-smart-rating.php:12
WordPress Hooks 108
actionregister_formadmin\class-email-consent.php:24
actionuser_registeradmin\class-email-consent.php:25
actionlogin_enqueue_scriptsadmin\class-email-consent.php:26
actionwoocommerce_register_formadmin\class-email-consent.php:30
actionwoocommerce_created_customeradmin\class-email-consent.php:31
filterwoocommerce_get_default_value_for_convesioconvert/email_consentadmin\class-email-consent.php:49
actionwoocommerce_store_api_checkout_order_processedadmin\class-email-consent.php:83
filterwoocommerce_order_button_htmladmin\class-email-consent.php:101
actionwoocommerce_checkout_update_order_metaadmin\class-email-consent.php:102
actionedd_purchase_form_user_info_fieldsadmin\class-email-consent.php:107
actionedd_built_orderadmin\class-email-consent.php:110
filteredd_payment_metaadmin\class-email-consent.php:112
actioncurrent_screenadmin\class-feedback.php:13
actionadmin_enqueue_scriptsadmin\class-feedback.php:22
actionadmin_footeradmin\class-feedback.php:23
actionload-index.phpadmin\class-health-check.php:15
actionadmin_initadmin\class-init.php:11
actionadmin_menuadmin\class-init.php:12
actionadmin_enqueue_scriptsadmin\class-init.php:13
actionadmin_initadmin\class-init.php:14
actionadmin_post_convesioconvert_integrateadmin\class-integration.php:11
actionadmin_noticesadmin\class-notices.php:15
actionadmin_noticesadmin\class-notices.php:16
actionadmin_noticesadmin\class-notices.php:17
actionadmin_noticesadmin\class-notices.php:225
actionadmin_noticesadmin\class-smart-rating.php:11
actioninitconvesioconvert.php:29
actionbefore_woocommerce_initconvesioconvert.php:31
actionwp_enqueue_scriptsincludes\class-assets-manager.php:10
actionadmin_enqueue_scriptsincludes\class-assets-manager.php:11
actionwp_headincludes\class-assets-manager.php:12
actionedit_post_shop_couponincludes\class-coupon-handler.php:13
actionbefore_delete_postincludes\class-coupon-handler.php:14
actionmanage_shop_coupon_posts_custom_columnincludes\class-coupon-handler.php:16
actionuser_registerincludes\class-event-handler.php:8
actionwp_loginincludes\class-event-handler.php:9
actionwp_insert_commentincludes\class-event-handler.php:10
actionedit_commentincludes\class-event-handler.php:11
actionuser_registerincludes\class-modification-handler.php:47
actionprofile_updateincludes\class-modification-handler.php:48
actionpersonal_options_updateincludes\class-modification-handler.php:49
actionedit_user_profile_updateincludes\class-modification-handler.php:50
actionwp_insert_commentincludes\class-modification-handler.php:57
actionupdated_post_metaincludes\class-modification-handler.php:61
actionwoocommerce_before_trash_orderincludes\class-modification-handler.php:64
actionwoocommerce_untrash_orderincludes\class-modification-handler.php:65
actionwoocommerce_update_orderincludes\class-modification-handler.php:71
actionedd_updated_edited_purchaseincludes\class-modification-handler.php:76
actionwp_enqueue_scriptsincludes\class-session-manager.php:86
actionwp_enqueue_scriptsincludes\class-session-manager.php:108
actionwp_enqueue_scriptsincludes\class-session-manager.php:135
actioninitincludes\class-woo-marketplace-integration.php:14
actiontemplate_redirectincludes\controller\class-woocommerce-checkout-controller.php:47
filterconvesioconvert_user_purchased_product_ids_wooincludes\controller\class-woocommerce-checkout-controller.php:221
filterconvesioconvert_user_total_purchased_items_wooincludes\controller\class-woocommerce-checkout-controller.php:222
filterconvesioconvert_data_layer_commerce_entryincludes\ecommerce\class-commerce-data-layer.php:12
actiontemplate_redirectincludes\edd\class-checkout.php:34
filterconvesioconvert_user_purchased_product_ids_eddincludes\edd\class-checkout.php:227
filterconvesioconvert_user_total_purchased_items_eddincludes\edd\class-checkout.php:228
actionedd_post_update_discountincludes\edd\class-discount-handler.php:17
actionedd_pre_delete_discountincludes\edd\class-discount-handler.php:18
filteredd_discount_row_actionsincludes\edd\class-discount-handler.php:23
filterconvesioconvert_attach_user_ecommerce_dataincludes\edd\class-init.php:24
filterconvesioconvert_ecommerce_status_dataincludes\edd\class-init.php:25
filterconvesioconvert_ecommerce_infoincludes\edd\class-init.php:26
filterconvesioconvert_modification_post_typesincludes\edd\class-init.php:27
filterconvesioconvert_modification_taxonomiesincludes\edd\class-init.php:28
filterconvesioconvert_modification_user_meta_fieldsincludes\edd\class-init.php:29
actionconvesioconvert_populate_page_content_detailsincludes\edd\class-init.php:31
actionrest_api_initincludes\edd\class-routes.php:10
filterconvesioconvert_user_purchased_product_ids_eddincludes\edd2\class-checkout.php:24
filterconvesioconvert_user_total_purchased_items_eddincludes\edd2\class-checkout.php:25
actionedit_post_edd_discountincludes\edd2\class-discount-handler.php:11
actionedd_pre_delete_discountincludes\edd2\class-discount-handler.php:12
filteredd_discount_row_actionsincludes\edd2\class-discount-handler.php:17
actionrest_api_initincludes\edd2\class-routes.php:11
actionplugins_loadedincludes\form-integration\class-init.php:15
actionwpcf7_submitincludes\form-integration\contact-form-7\class-form.php:11
filteret_core_get_third_party_componentsincludes\form-integration\divi\class-loader.php:18
actionafter_setup_themeincludes\form-integration\divi\class-loader.php:19
actionelementor_pro/initincludes\form-integration\elementor\class-form.php:10
actionelementor/editor/before_enqueue_scriptsincludes\form-integration\elementor\class-form.php:11
actiongform_field_standard_settingsincludes\form-integration\gravityforms\class-form.php:12
actiongform_editor_jsincludes\form-integration\gravityforms\class-form.php:13
actiongform_after_submissionincludes\form-integration\gravityforms\class-form.php:14
filterninja_forms_field_load_settingsincludes\form-integration\ninja-forms\class-form.php:12
actionninja_forms_after_submissionincludes\form-integration\ninja-forms\class-form.php:13
actionelementor/element/raven-form/section_settings/after_section_endincludes\form-integration\raven\class-raven-form-action.php:16
actionjupiterx_core_raven_initincludes\form-integration\raven\class-raven-handler.php:11
actionelementor/editor/before_enqueue_scriptsincludes\form-integration\raven\class-raven-handler.php:17
actionwpforms_process_completeincludes\form-integration\wpforms\class-form.php:11
actionwpforms_field_options_bottom_basic-optionsincludes\form-integration\wpforms\class-form.php:12
filterwp_new_user_notification_emailincludes\hooks.php:5
filterscript_loader_tagincludes\hooks.php:13
filterautoptimize_filter_js_excludeincludes\hooks.php:23
filterlitespeed_optimize_js_excludesincludes\hooks.php:30
filterrocket_excluded_inline_js_contentincludes\hooks.php:44
filterrocket_minify_excluded_external_jsincludes\hooks.php:52
actionrest_api_initincludes\routes.php:5
filterconvesioconvert_attach_user_ecommerce_dataincludes\woocommerce\class-init.php:20
filterconvesioconvert_ecommerce_status_dataincludes\woocommerce\class-init.php:21
filterconvesioconvert_ecommerce_infoincludes\woocommerce\class-init.php:22
actionconvesioconvert_populate_page_content_detailsincludes\woocommerce\class-init.php:24
actionwoocommerce_order_status_changedincludes\woocommerce\class-order-status-change-hooks.php:30
actionuser_registerincludes\woocommerce\class-order-status-change-hooks.php:32
actionrest_api_initincludes\woocommerce\class-routes.php:10
actionwp_enqueue_scriptspublic\class-init.php:13
actionwp_enqueue_scriptspublic\class-init.php:14
Maintenance & Trust

Convesio Convert – WooCommerce Email Marketing Automation with Website Personalization, Popups and Forms Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedMar 19, 2026
PHP min version7.0
Downloads38K

Community Trust

Rating96/100
Number of ratings17
Active installs100
Alternatives

Convesio Convert – WooCommerce Email Marketing Automation with Website Personalization, Popups and Forms Alternatives

ActiveCampaign – The autonomous marketing platform

ActiveCampaign – The autonomous marketing platform

activecampaign-subscription-forms

A
97

Add ActiveCampaign contact forms and live chat to any post, page, or sidebar. Also enable ActiveCampaign site tracking for your WordPress blog.

40K 4 CVEs
Brevo for WooCommerce

Brevo for WooCommerce

woocommerce-sendinblue-newsletter-subscription

A
93

All-in-one WooCommerce email marketing, automation, SMS, and CRM by Brevo. Grow your store with powerful marketing tools.

30K 3 CVEs
FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce

FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce

wp-marketing-automations

B
82

Recover lost revenue with Cart Abandonment Recovery for WooCommerce. Increase retention with Post Purchase Follow-Up Emails.

20K 12 CVEs
MWB HubSpot for WooCommerce – CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics

MWB HubSpot for WooCommerce – CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics

makewebbetter-hubspot-for-woocommerce

A
98

Integrate WooCommerce with HubSpot’s free CRM, abandoned cart tracking, email marketing, marketing automation, analytics & more.

7K 1 CVE
CleverReach® WP

CleverReach® WP

cleverreach-wp

A
94

Connect your WordPress account with our easy-to-use email software and increase the success of your website or blog with newsletter marketing!

4K 2 CVEs
Developer Profile

Convesio Convert – WooCommerce Email Marketing Automation with Website Personalization, Popups and Forms Developer Profile

Tom Fanelli

1 plugin · 100 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Convesio Convert – WooCommerce Email Marketing Automation with Website Personalization, Popups and Forms

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/marketing-automation-and-personalization/assets/css/admin.css/wp-content/plugins/marketing-automation-and-personalization/assets/js/admin.js/wp-content/plugins/marketing-automation-and-personalization/assets/css/frontend.css/wp-content/plugins/marketing-automation-and-personalization/assets/js/frontend.js/wp-content/plugins/marketing-automation-and-personalization/assets/css/feedback.css/wp-content/plugins/marketing-automation-and-personalization/assets/js/feedback.js/wp-content/plugins/marketing-automation-and-personalization/vendor/wp-plugin-framework/assets/css/customizer.css/wp-content/plugins/marketing-automation-and-personalization/vendor/wp-plugin-framework/assets/js/customizer.js
Script Paths
/wp-content/plugins/marketing-automation-and-personalization/assets/js/admin.js/wp-content/plugins/marketing-automation-and-personalization/assets/js/frontend.js/wp-content/plugins/marketing-automation-and-personalization/assets/js/feedback.js/wp-content/plugins/marketing-automation-and-personalization/vendor/wp-plugin-framework/assets/js/customizer.js
Version Parameters
/wp-content/plugins/marketing-automation-and-personalization/assets/css/admin.css?ver=/wp-content/plugins/marketing-automation-and-personalization/assets/js/admin.js?ver=/wp-content/plugins/marketing-automation-and-personalization/assets/css/frontend.css?ver=/wp-content/plugins/marketing-automation-and-personalization/assets/js/frontend.js?ver=/wp-content/plugins/marketing-automation-and-personalization/assets/css/feedback.css?ver=/wp-content/plugins/marketing-automation-and-personalization/assets/js/feedback.js?ver=/wp-content/plugins/marketing-automation-and-personalization/vendor/wp-plugin-framework/assets/css/customizer.css?ver=/wp-content/plugins/marketing-automation-and-personalization/vendor/wp-plugin-framework/assets/js/customizer.js?ver=

HTML / DOM Fingerprints

CSS Classes
convesioconvert-feedback-modal-innerconvesioconvert-question-rowconvesioconvert-hintconvesioconvert-explanationconvesioconvert-err-noteconvesioconvert-modal-bgconvesioconvert-feedback-modal
Data Attributes
id="convesioconvert-modal-bg"id="convesioconvert-feedback-modal"id="convesioconvert-send-modal"id="convesioconvert-discard-modal"
FAQ

Frequently Asked Questions about Convesio Convert – WooCommerce Email Marketing Automation with Website Personalization, Popups and Forms