Multiple Carts, Persistent Carts, Abandoned Carts, MultiVendors for Woo – Free by WP Masters Security & Risk Analysis

wordpress.org/plugins/multiple-carts-for-woo-free-by-wp-masters

MultiCart gives customers a feature to save different cart items and shipping address. Reminders for not finished order.

40 active installs v1.0.2 PHP 7.0+ WP 4.7+ Updated Jul 24, 2023

add-products-user-cartdemand-ordermulti-cartremind-cartsave-cart

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Multiple Carts, Persistent Carts, Abandoned Carts, MultiVendors for Woo – Free by WP Masters Safe to Use in 2026?

Generally Safe

Score 85/100

Multiple Carts, Persistent Carts, Abandoned Carts, MultiVendors for Woo – Free by WP Masters has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The plugin "multiple-carts-for-woo-free-by-wp-masters" v1.0.2 exhibits a mixed security posture. On the positive side, it demonstrates good practices by having all identified entry points protected by authorization checks, no unescaped output, and no file operations or external HTTP requests. The high percentage of SQL queries using prepared statements is also commendable, and the absence of any known vulnerabilities in its history suggests a generally stable codebase. However, significant concerns arise from the static analysis. The presence of the `unserialize` function, a known dangerous function, along with two taint flows identified as high severity and having unsanitized paths, presents a critical risk. These findings indicate potential for code injection or unauthorized data manipulation if the plugin handles user-supplied data that is then passed to `unserialize` without proper sanitization. The single nonce check is also insufficient for the number of potential entry points, leaving room for Cross-Site Request Forgery (CSRF) attacks.

Key Concerns

High severity unsanitized taint flows
Use of dangerous function: unserialize
Insufficient nonce checks for entry points
No capability checks on AJAX handlers

Vulnerabilities

None known

Multiple Carts, Persistent Carts, Abandoned Carts, MultiVendors for Woo – Free by WP Masters Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Multiple Carts, Persistent Carts, Abandoned Carts, MultiVendors for Woo – Free by WP Masters Code Analysis

Dangerous Functions

Raw SQL Queries

21 prepared

Unescaped Output

122 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$address = unserialize($session->address);templates\frontend\select_multicart_session.php:5

unserialize<?php foreach(unserialize($session->cart_items) as $product_item) { ?>templates\frontend\select_multicart_session.php:25

unserializeforeach(unserialize($cart->cart_items) as $product_item) {templates\mail\remind_carts.php:88

unserialize$session_carts = isset( $_SESSION['session_carts'] ) && ! empty( $_SESSION['session_carts'] ) ? unsewpm-multicart.php:611

unserialize$items_content = isset( $cart_data ) && ! empty( $cart_data ) ? unserialize( $cart_data->cart_items wpm-multicart.php:664

unserialize$session_ids = isset( $_SESSION['session_carts'] ) && ! empty( $_SESSION['session_carts'] ) ? unsewpm-multicart.php:932

unserializeforeach ( unserialize( $cart_data->cart_items ) as $item ) {wpm-multicart.php:995

unserialize$billing = unserialize( $cart_data->address )['billing'];wpm-multicart.php:1004

unserialize$shipping = unserialize( $cart_data->address )['shipping'];wpm-multicart.php:1005

unserialize$session_ids = isset( $_SESSION['session_carts'] ) && ! empty( $_SESSION['session_carts'] ) ? unsewpm-multicart.php:1050

SQL Query Safety

88% prepared24 total queries

Output Escaping

100% escaped122 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths

<create_order_metabox> (templates\admin\create_order_metabox.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Multiple Carts, Persistent Carts, Abandoned Carts, MultiVendors for Woo – Free by WP Masters Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_get_variations_productwpm-multicart.php:48

WordPress Hooks 21

actioninitwpm-multicart.php:35

actionwp_enqueue_scriptswpm-multicart.php:38

actionadmin_enqueue_scriptswpm-multicart.php:39

actionwoocommerce_before_cartwpm-multicart.php:42

actionwoocommerce_cart_is_emptywpm-multicart.php:43

filterwoocommerce_add_to_cart_validationwpm-multicart.php:44

actionwoocommerce_thankyouwpm-multicart.php:45

actionwp_loadedwpm-multicart.php:51

actionwp_loadedwpm-multicart.php:52

actionwp_loadedwpm-multicart.php:53

actionwp_loadedwpm-multicart.php:54

actionadd_meta_boxeswpm-multicart.php:57

actioninitwpm-multicart.php:58

actioninitwpm-multicart.php:59

actioninitwpm-multicart.php:60

actionsave_postwpm-multicart.php:63

actionsave_postwpm-multicart.php:64

actionload-edit.phpwpm-multicart.php:67

actionwpm_carts_reminderwpm-multicart.php:70

filtercron_scheduleswpm-multicart.php:71

actioninitwpm-multicart.php:76

Scheduled Events 1

wpm_carts_reminder

Maintenance & Trust

Multiple Carts, Persistent Carts, Abandoned Carts, MultiVendors for Woo – Free by WP Masters Maintenance & Trust

Maintenance Signals

WordPress version tested6.2.9

Last updatedJul 24, 2023

PHP min version7.0

Downloads2K

Community Trust

Rating100/100

Number of ratings1

Active installs40

Alternatives

Multiple Carts, Persistent Carts, Abandoned Carts, MultiVendors for Woo – Free by WP Masters Alternatives

Lean Cart Share and Save for Later for WooCommerce

lean-cart-share-and-save

100

Lightweight cart sharing and saving for WooCommerce - let customers share carts via URLs and save carts for later.

0 No CVEs

Unagui Save Cart for WooCommerce

unagui-save-cart-for-woocommerce

100

Allows logged-in users to save their current WooCommerce cart and restore it later.

0 No CVEs

Developer Profile

Multiple Carts, Persistent Carts, Abandoned Carts, MultiVendors for Woo – Free by WP Masters Developer Profile

WP Masters

7 plugins · 1K total installs

trust score

Avg Security Score

87/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Multiple Carts, Persistent Carts, Abandoned Carts, MultiVendors for Woo – Free by WP Masters

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/multiple-carts-for-woo-free-by-wp-masters/assets/css/wpm-multicart-style.css/wp-content/plugins/multiple-carts-for-woo-free-by-wp-masters/assets/js/wpm-multicart-script.js

Script Paths

/wp-content/plugins/multiple-carts-for-woo-free-by-wp-masters/assets/js/wpm-multicart-script.js

Version Parameters

multiple-carts-for-woo-free-by-wp-masters/assets/css/wpm-multicart-style.css?ver=multiple-carts-for-woo-free-by-wp-masters/assets/js/wpm-multicart-script.js?ver=

HTML / DOM Fingerprints

CSS Classes

wpm-multicart-cart-list

HTML Comments

Data Attributes

data-cart-iddata-product-id

JS Globals

WPM_Multicart_Ajax

FAQ