WP-Safety

MoceanAPI Abandoned Carts for WooCommerce Security & Risk Analysis

wordpress.org/plugins/moceanapi-abandoned-carts

A plugin to save abandoned carts and send SMS notification to both admin and customer after received abandoned carts in WooCommerce.

0 active installs v1.2.0 PHP 5.6+ WP 4.6+ Updated Apr 26, 2023
abandon-cartsabandoned-cartsmoceansmswoocommerce
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is MoceanAPI Abandoned Carts for WooCommerce Safe to Use in 2026?

Generally Safe

Score 85/100

MoceanAPI Abandoned Carts for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago
Risk Assessment

The "moceanapi-abandoned-carts" plugin v1.2.0 presents a mixed security posture. While it demonstrates good practices in SQL query handling and a clean vulnerability history, significant concerns arise from its attack surface. A substantial number of AJAX handlers (6) lack authentication checks, creating a direct entry point for potential attackers. Furthermore, the presence of four high-severity taint flows with unsanitized paths is a critical red flag, indicating that user-supplied data is being processed in a way that could lead to exploitation, such as arbitrary code execution or data leakage. The use of the `unserialize` function, a known source of vulnerabilities when handling untrusted data, further amplifies this risk.

The absence of any recorded CVEs is positive, suggesting a history of diligent security maintenance or a lack of public discovery of vulnerabilities. However, the current static analysis results, particularly the high-severity taint flows and the large number of unprotected AJAX endpoints, overshadow this positive history. The plugin's strengths lie in its use of prepared statements for SQL and a decent rate of output escaping. Nevertheless, the identified critical risks in data handling and attack surface management necessitate immediate attention to mitigate potential security breaches.

Key Concerns

  • AJAX handlers without auth checks
  • High severity taint flows with unsanitized paths
  • Dangerous function 'unserialize' used
  • Only 64% of outputs properly escaped
  • Bundled outdated Freemius library
Vulnerabilities
None known

MoceanAPI Abandoned Carts for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

MoceanAPI Abandoned Carts for WooCommerce Release Timeline

v1.2.0Current
v1.0.0
Code Analysis
Analyzed Apr 16, 2026

MoceanAPI Abandoned Carts for WooCommerce Code Analysis

Dangerous Functions
6
Raw SQL Queries
0
56 prepared
Unescaped Output
110
193 escaped
Nonce Checks
1
Capability Checks
7
File Operations
3
External Requests
1
Bundled Libraries
1

Dangerous Functions Found

unserialize$location_data = @unserialize($item['location']);admin/class-moceanapi-abandoned-carts-admin-table.php:161
unserialize$other_fields = @unserialize($item['other_fields']);admin/class-moceanapi-abandoned-carts-admin-table.php:179
unserialize$product_array = @unserialize($item['cart_contents']); //Retrieving array from database column cart_admin/class-moceanapi-abandoned-carts-admin-table.php:215
unserialize$location_data = unserialize($location);admin/class-moceanapi-abandoned-carts-admin-table.php:560
unserialize$other_fields = @unserialize($row->other_fields);public/class-moceanapi-abandoned-carts-public.php:726
unserialize$location_data = unserialize($row->location);public/class-moceanapi-abandoned-carts-public.php:729

Bundled Libraries

Freemius1.0

SQL Query Safety

100% prepared56 total queries

Output Escaping

64% escaped303 total outputs
Data Flows · Security
4 unsanitized

Data Flow Analysis

5 flows4 with unsanitized paths
display_page (admin/class-moceanapi-abandoned-carts-admin.php:205)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
6 unprotected

MoceanAPI Abandoned Carts for WooCommerce Attack Surface

Entry Points6
Unprotected6

AJAX Handlers 6

noprivwp_ajax_moceanapi_abandoned_carts_saveincludes/class-moceanapi-abandoned-carts.php:149
authwp_ajax_moceanapi_abandoned_carts_saveincludes/class-moceanapi-abandoned-carts.php:150
noprivwp_ajax_insert_exit_intentincludes/class-moceanapi-abandoned-carts.php:156
authwp_ajax_insert_exit_intentincludes/class-moceanapi-abandoned-carts.php:157
noprivwp_ajax_remove_exit_intentincludes/class-moceanapi-abandoned-carts.php:158
authwp_ajax_remove_exit_intentincludes/class-moceanapi-abandoned-carts.php:159
WordPress Hooks 29
actionadmin_enqueue_scriptsincludes/class-moceanapi-abandoned-carts.php:113
actionadmin_enqueue_scriptsincludes/class-moceanapi-abandoned-carts.php:114
actionadmin_menuincludes/class-moceanapi-abandoned-carts.php:115
actionadmin_headincludes/class-moceanapi-abandoned-carts.php:116
actionadmin_headincludes/class-moceanapi-abandoned-carts.php:117
actionadmin_headincludes/class-moceanapi-abandoned-carts.php:118
actionplugins_loadedincludes/class-moceanapi-abandoned-carts.php:119
actioninitincludes/class-moceanapi-abandoned-carts.php:120
filtermoceanapi_abandoned_carts_remove_empty_carts_hookincludes/class-moceanapi-abandoned-carts.php:121
filtercron_schedulesincludes/class-moceanapi-abandoned-carts.php:122
filterupdate_option_moceanapi_abandoned_carts_notification_frequencyincludes/class-moceanapi-abandoned-carts.php:123
filterupdate_option_moceanapi_abandoned_carts_sms_notification_frequencyincludes/class-moceanapi-abandoned-carts.php:124
actionadmin_noticesincludes/class-moceanapi-abandoned-carts.php:125
actionmoceanapi_abandoned_carts_notification_sendout_hookincludes/class-moceanapi-abandoned-carts.php:126
actionmoceanapi_abandoned_carts_sms_auto_sendout_hookincludes/class-moceanapi-abandoned-carts.php:127
filterwoocommerce_billing_fieldsincludes/class-moceanapi-abandoned-carts.php:128
actionwoocommerce_new_orderincludes/class-moceanapi-abandoned-carts.php:129
actionwoocommerce_thankyouincludes/class-moceanapi-abandoned-carts.php:130
actionprofile_updateincludes/class-moceanapi-abandoned-carts.php:131
actionwp_enqueue_scriptsincludes/class-moceanapi-abandoned-carts.php:146
actionwp_enqueue_scriptsincludes/class-moceanapi-abandoned-carts.php:147
actionwoocommerce_before_checkout_formincludes/class-moceanapi-abandoned-carts.php:148
actionwoocommerce_add_to_cartincludes/class-moceanapi-abandoned-carts.php:151
actionwoocommerce_cart_actionsincludes/class-moceanapi-abandoned-carts.php:152
actionwoocommerce_cart_item_removedincludes/class-moceanapi-abandoned-carts.php:153
filterwoocommerce_checkout_fieldsincludes/class-moceanapi-abandoned-carts.php:154
actionwp_footerincludes/class-moceanapi-abandoned-carts.php:155
filterwoocommerce_create_account_default_checkedpublic/class-moceanapi-abandoned-carts-public.php:778
filterwoocommerce_ship_to_different_address_checkedpublic/class-moceanapi-abandoned-carts-public.php:785

Scheduled Events 5

moceanapi_abandoned_carts_notification_sendout_hook
moceanapi_abandoned_carts_sms_auto_sendout_hook
moceanapi_abandoned_carts_remove_empty_carts_hook
moceanapi_abandoned_carts_notification_sendout_hook
moceanapi_abandoned_carts_sms_auto_sendout_hook
Maintenance & Trust

MoceanAPI Abandoned Carts for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.0.11
Last updatedApr 26, 2023
PHP min version5.6
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

MoceanAPI Abandoned Carts for WooCommerce Alternatives

MoceanAPI Order SMS Notification for WooCommerce

MoceanAPI Order SMS Notification for WooCommerce

moceansms-order-sms-notification-for-woocommerce

A
100

A plugin to send SMS notification to both buyer and seller after an order is placed in WooCommerce. SMS notification can be sent on all order statuses …

50 No CVEs
Email Marketing for WooCommerce by Omnisend

Email Marketing for WooCommerce by Omnisend

omnisend-connect

A
95

Email Marketing, Newsletter, Email Automation, Forms, Pop Up, SMS, Abandoned Cart made easy for WordPress & WooCommerce by Omnisend

50K 3 CVEs
افزونه پیامک ووکامرس Persian WooCommerce SMS

افزونه پیامک ووکامرس Persian WooCommerce SMS

persian-woocommerce-sms

B
72

افزونه کامل و حرفه ای برای اطلاع رسانی پیامکی سفارشات و رویداد های محصولات ووکامرس

40K 1 unpatched
Brevo for WooCommerce

Brevo for WooCommerce

woocommerce-sendinblue-newsletter-subscription

A
93

All-in-one WooCommerce email marketing, automation, SMS, and CRM by Brevo. Grow your store with powerful marketing tools.

30K 3 CVEs
CartBounty – Save and recover abandoned carts for WooCommerce

CartBounty – Save and recover abandoned carts for WooCommerce

woo-save-abandoned-carts

A
99

Save abandoned carts and send automated abandoned cart recovery messages. Get more leads, reduce cart abandonment, and increase sales.

10K 1 CVE
Developer Profile

MoceanAPI Abandoned Carts for WooCommerce Developer Profile

moceanapiplugin

5 plugins · 60 total installs

86
trust score
Avg Security Score
88/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect MoceanAPI Abandoned Carts for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/moceanapi-abandoned-carts/assets/css/general.css/wp-content/plugins/moceanapi-abandoned-carts/assets/css/modal.css/wp-content/plugins/moceanapi-abandoned-carts/assets/css/settings.css/wp-content/plugins/moceanapi-abandoned-carts/assets/js/exit_intent.js/wp-content/plugins/moceanapi-abandoned-carts/assets/js/main.js/wp-content/plugins/moceanapi-abandoned-carts/assets/js/settings.js
Script Paths
/wp-content/plugins/moceanapi-abandoned-carts/assets/js/exit_intent.js/wp-content/plugins/moceanapi-abandoned-carts/assets/js/main.js/wp-content/plugins/moceanapi-abandoned-carts/assets/js/settings.js
Version Parameters
/wp-content/plugins/moceanapi-abandoned-carts/assets/css/general.css?ver=/wp-content/plugins/moceanapi-abandoned-carts/assets/css/modal.css?ver=/wp-content/plugins/moceanapi-abandoned-carts/assets/css/settings.css?ver=/wp-content/plugins/moceanapi-abandoned-carts/assets/js/exit_intent.js?ver=/wp-content/plugins/moceanapi-abandoned-carts/assets/js/main.js?ver=/wp-content/plugins/moceanapi-abandoned-carts/assets/js/settings.js?ver=

HTML / DOM Fingerprints

CSS Classes
moceanapi-abandoned-carts-settings-pagemoceanapi-abandoned-carts-wrapmoceanapi-abandoned-carts-exit-intent-formmoceanapi-abandoned-carts-exit-intent-modal
HTML Comments
<!-- MoceanAPI Abandoned Carts Settings --><!-- MoceanAPI Abandoned Carts Exit Intent Settings -->
Data Attributes
data-moceanapi-abandoned-carts-settingsdata-moceanapi-abandoned-carts-exit-intent
JS Globals
moceanapi_abandoned_carts_ajax_object
REST Endpoints
/wp-json/moceanapi-abandoned-carts/v1/settings/wp-json/moceanapi-abandoned-carts/v1/exit-intent
FAQ

Frequently Asked Questions about MoceanAPI Abandoned Carts for WooCommerce