Does NS Recover Abandoned Cart have any unpatched vulnerabilities?

No. All known vulnerabilities in NS Recover Abandoned Cart have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is NS Recover Abandoned Cart compatible with WordPress 5.9.13?

According to WordPress.org data, NS Recover Abandoned Cart 1.1.3 has been tested up to WordPress 5.9.13. Check the plugin's changelog for the latest compatibility information.

Is NS Recover Abandoned Cart compatible with PHP 5.6+?

NS Recover Abandoned Cart requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is NS Recover Abandoned Cart updated?

NS Recover Abandoned Cart was last updated on Unknown. Frequent updates are generally a positive security signal.

What is NS Recover Abandoned Cart's security score?

NS Recover Abandoned Cart has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

NS Recover Abandoned Cart Security & Risk Analysis

wordpress.org/plugins/ns-recover-abandoned-cart

Helps to find out how many lost carts your store has by keeping track when users abandon them. It also sends an mail to those users to help recover th …

0 active installs v1.1.3 PHP 5.6+ WP 4.3+ Updated Unknown

abandoned-cartabandoned-cart-woocommerceabandoned-cart-wordpresswoocommerce-abandoned-cartwordpress-abandoned-cart

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is NS Recover Abandoned Cart Safe to Use in 2026?

Generally Safe

Score 100/100

NS Recover Abandoned Cart has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The ns-recover-abandoned-cart plugin version 1.1.3 exhibits significant security concerns primarily due to its unprotected entry points and lack of robust input validation. The presence of two AJAX handlers without any authentication or capability checks creates a substantial attack surface, allowing unauthenticated users to potentially interact with sensitive plugin functionalities. This is compounded by a critical taint flow identified during static analysis, indicating that user-supplied data could be manipulated in a way that leads to a security vulnerability. Furthermore, the plugin's code signals reveal a concerning trend with a high percentage of improperly escaped output, raising the risk of Cross-Site Scripting (XSS) vulnerabilities, and the use of the `unserialize` function without clear sanitization could lead to Remote Code Execution (RCE) if improperly handled data is processed. While the plugin has no recorded historical vulnerabilities, this does not negate the immediate risks identified in the current version. The lack of nonces and capability checks on AJAX actions are critical oversights that need immediate attention to prevent potential exploitation.

Key Concerns

AJAX handlers without auth checks
Critical severity taint flow
High percentage of unescaped output
Use of unserialize function
Missing nonce checks
Missing capability checks

Vulnerabilities

None known

NS Recover Abandoned Cart Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

NS Recover Abandoned Cart Code Analysis

Dangerous Functions

Raw SQL Queries

23 prepared

Unescaped Output

16 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserializeforeach(unserialize($ns_cart[0]->cart) as $prod_id=>$inner_arr){inc\mail-templates\ns-rac-email-advanced-fourth.php:7

unserializeforeach(unserialize($ns_cart[0]->cart) as $prod_id=>$inner_arr){inc\mail-templates\ns-rac-email-advanced-one.php:10

unserializeforeach(unserialize($ns_cart[0]->cart) as $prod_id=>$inner_arr){inc\mail-templates\ns-rac-email-advanced-three.php:7

unserializeforeach(unserialize($ns_cart[0]->cart) as $prod_id=>$inner_arr){inc\mail-templates\ns-rac-email-advanced-two.php:9

unserialize$cart_obj_count = count(unserialize($ns_cart[0]->cart));inc\mail-templates\ns-rac-email-advanced-two.php:12

unserializeforeach(unserialize($ns_cart[0]->cart) as $prod_id=>$inner_arr){inc\mail-templates\ns-rac-email-template-base-simple.php:9

unserializeforeach(unserialize($res->cart) as $prod_id=>$inner_arr){ns-admin-options\ns_setting_custom_graph.php:47

unserialize$item_num = count(unserialize($cart[0]->cart));ns-admin-options\ns_setting_custom_report.php:234

unserializeforeach(unserialize($cart[0]->cart) as $prod_id=>$inner_arr){ns-admin-options\ns_setting_custom_report.php:236

unserializeforeach(unserialize($cart[$i]->cart) as $prod_id=>$inner_arr){ns-cart-class.php:212

SQL Query Safety

82% prepared28 total queries

Output Escaping

20% escaped81 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths

pe_deactivation_ajax_function (plugineye\plugineye-ajax\plugineye_on_deactivation_function.php:5)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

NS Recover Abandoned Cart Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

authwp_ajax_pe_deactivation_ajax_functionplugineye\plugineye-ajax\plugineye_on_deactivation_function.php:2

noprivwp_ajax_pe_deactivation_ajax_functionplugineye\plugineye-ajax\plugineye_on_deactivation_function.php:3

WordPress Hooks 27

actionadmin_noticesinc\ns-rac-check-woocommerce.php:13

actionadmin_menuns-admin-options\ns-admin-options-setup.php:11

actionadmin_initns-admin-options\ns-admin-options-setup.php:30

actionadmin_enqueue_scriptsns-admin-options\ns-admin-options-setup.php:36

actiontemplate_redirectns-plugin-home.php:74

filterwp_mail_content_typens-plugin-home.php:85

actionwoocommerce_add_to_cartns-plugin-home.php:89

actionwoocommerce_cart_item_removedns-plugin-home.php:90

filterwp_mail_from_namens-plugin-home.php:121

filterwp_mail_fromns-plugin-home.php:125

actionwp_loadedns-plugin-home.php:129

actionwoocommerce_order_status_completedns-plugin-home.php:180

actionwoocommerce_order_status_processingns-plugin-home.php:200

actionwoocommerce_order_status_refundedns-plugin-home.php:208

actionwoocommerce_order_status_failedns-plugin-home.php:218

actionwoocommerce_order_status_cancelledns-plugin-home.php:219

actionwoocommerce_order_status_pendingns-plugin-home.php:228

actionwoocommerce_checkout_order_processedns-plugin-home.php:239

actionplugins_loadedns-plugin-home.php:315

actionadmin_initns-rac-options.php:64

filterplugin_action_linksplugineye\plugineye-class.php:96

actionadmin_menuplugineye\plugineye-class.php:113

actionadmin_enqueue_scriptsplugineye\plugineye-class.php:125

actionadmin_enqueue_scriptsplugineye\plugineye-class.php:136

actionactivated_pluginplugineye\plugineye-class.php:147

actionin_admin_footerplugineye\plugineye-class.php:401

actionactivated_pluginplugineye\plugineye-class.php:440

Maintenance & Trust

NS Recover Abandoned Cart Maintenance & Trust

Maintenance Signals

WordPress version tested5.9.13

Last updatedUnknown

PHP min version5.6

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

NS Recover Abandoned Cart Alternatives

ShopMagic – email automation

shopmagic-for-woocommerce

Flexible email automation and workflows triggered by customer and site events.

10K 2 CVEs

Abandoned Cart Recovery for WooCommerce

woo-abandoned-cart-recovery

A simple, effective solution to capture abandoned carts and auto-send reminders. Track logs and generate reports on carts, emails, and more

4K 2 CVEs

Cart Lift – Abandoned Cart Recovery for WooCommerce and EDD

cart-lift

Track abandoned carts and send automated, customizable abandoned cart recovery emails. Get more leads, reduce cart abandonment, and increase revenue.

1K 2 CVEs

LetsRecover – WooCommerce Abandoned Cart Notifications

letsrecover-woocommerce-abandoned-cart

Recover your lost revenue and abandoned carts using multiple automated Web Push Notification reminder by WooCommerce Abandoned Cart Recovery Notificat …

0 3 CVEs

Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools

woocommerce-jetpack

Supercharge WooCommerce with FREE Abandoned Cart Recovery, Product Variation Swatches, PDF Invoices & 100+ tools. Boost sales & save time.

30K 32 CVEs

Developer Profile

NS Recover Abandoned Cart Developer Profile

NsThemes

24 plugins · 4K total installs

trust score

Avg Security Score

88/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect NS Recover Abandoned Cart

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/ns-recover-abandoned-cart/assets/css/style.css/wp-content/plugins/ns-recover-abandoned-cart/assets/js/main.js/wp-content/plugins/ns-recover-abandoned-cart/assets/js/ns-rac-scripts.js

Script Paths

/wp-content/plugins/ns-recover-abandoned-cart/assets/js/main.js/wp-content/plugins/ns-recover-abandoned-cart/assets/js/ns-rac-scripts.js

Version Parameters

ns-recover-abandoned-cart/assets/css/style.css?ver=ns-recover-abandoned-cart/assets/js/main.js?ver=ns-recover-abandoned-cart/assets/js/ns-rac-scripts.js?ver=

HTML / DOM Fingerprints

CSS Classes

ns-rac-email-template-prens-rac-email-template-mainns-rac-email-template-foot

HTML Comments

*** plugin options ***

Data Attributes

data-rac-email-template-iddata-rac-email-template-colordata-rac-email-template-btn-text

JS Globals

rac_ajax_object

FAQ