WP-Safety

Recapture for Easy Digital Downloads Security & Risk Analysis

wordpress.org/plugins/recapture-for-edd

Recapture is the easiest and most effective way to recover abandoned carts and do email marketing for your Easy Digital Downloads (EDD) store in WordP …

700 active installs v1.0.45 PHP 5.6+ WP 6.2+ Updated Feb 14, 2026
abandoned-cartscart-abandonmenteasy-digital-downloadsemail-marketingjilt
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Recapture for Easy Digital Downloads Safe to Use in 2026?

Generally Safe

Score 100/100

Recapture for Easy Digital Downloads has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "recapture-for-edd" plugin version 1.0.45 exhibits a mixed security posture. On the positive side, it demonstrates good practices in handling SQL queries with 100% prepared statements and a high percentage (98%) of properly escaped outputs. Furthermore, there is no recorded vulnerability history, suggesting a generally stable and well-maintained codebase.

However, a significant concern lies in the plugin's attack surface. All three identified AJAX handlers lack authentication checks, creating potential entry points for unauthorized actions. While the static analysis and taint flows did not reveal any critical or high-severity issues like dangerous functions or unsanitized paths, the absence of capability checks across the board further exacerbates the risk associated with these unprotected AJAX handlers. The presence of file operations and external HTTP requests, while not inherently insecure, warrant careful review in conjunction with the unprotected entry points.

In conclusion, while the plugin benefits from strong data handling practices and a clean vulnerability history, the unprotected AJAX handlers represent a notable weakness. This requires immediate attention to implement proper authentication and authorization mechanisms to mitigate potential security risks.

Key Concerns

  • AJAX handlers without authentication checks
  • No capability checks on entry points
  • Unescaped outputs present
Vulnerabilities
None known

Recapture for Easy Digital Downloads Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Recapture for Easy Digital Downloads Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
2
128 escaped
Nonce Checks
2
Capability Checks
0
File Operations
1
External Requests
2
Bundled Libraries
0

Output Escaping

98% escaped130 total outputs
Attack Surface
3 unprotected

Recapture for Easy Digital Downloads Attack Surface

Entry Points3
Unprotected3

AJAX Handlers 3

authwp_ajax_recapture_connection_statusrecapture.php:74
authwp_ajax_recapture_submit_reviewsrecapture.php:77
noprivwp_ajax_recapture_submit_reviewsrecapture.php:78
WordPress Hooks 35
actionedd_post_add_to_cartplatforms\class-edd.php:28
actionedd_post_remove_from_cartplatforms\class-edd.php:29
actionedd_after_set_cart_item_quantityplatforms\class-edd.php:30
actionedd_cart_discounts_updatedplatforms\class-edd.php:31
actionedd_complete_purchaseplatforms\class-edd.php:32
actionedd_after_checkout_cartplatforms\class-edd.php:33
actionwpplatforms\class-edd.php:34
actionedd_insert_paymentplatforms\class-edd.php:35
actionedd_free_downloads_pre_complete_paymentplatforms\class-edd.php:38
actionedd_free_downloads_post_complete_paymentplatforms\class-edd.php:39
actionedd_straight_to_gateway_purchase_dataplatforms\class-edd.php:41
filteredd_should_update_order_statusplatforms\class-edd.php:45
actionwoocommerce_order_status_changedplatforms\class-woocommerce.php:15
actionwoocommerce_checkout_order_processedplatforms\class-woocommerce.php:17
actionadmin_initrecapture.php:48
actionadmin_noticesrecapture.php:49
actioninitrecapture.php:58
actioninitrecapture.php:59
actioninitrecapture.php:60
actioninitrecapture.php:61
actioninitrecapture.php:62
actionadmin_enqueue_scriptsrecapture.php:63
actionwp_enqueue_scriptsrecapture.php:64
actioninitrecapture.php:67
actionwp_loadedrecapture.php:68
actionwp_loadedrecapture.php:69
actionadmin_noticesrecapture.php:70
actionadmin_menurecapture.php:71
actionadmin_post_recapture_disconnectrecapture.php:81
actionadmin_post_recapture_connectrecapture.php:84
actionadmin_post_recapture_confirm_disconnectrecapture.php:87
filterallowed_redirect_hostsrecapture.php:90
actionadmin_initrecapture.php:395
actionplugins_loadedrecapture.php:727
actionactivated_pluginrecapture.php:737
Maintenance & Trust

Recapture for Easy Digital Downloads Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 14, 2026
PHP min version5.6
Downloads28K

Community Trust

Rating100/100
Number of ratings11
Active installs700
Alternatives

Recapture for Easy Digital Downloads Alternatives

Recapture for WooCommerce

Recapture for WooCommerce

recapture-for-woocommerce

A
99

Recapture is the easiest and most effective way to recover abandoned carts and do SMS and email marketing for your WooCommerce store in WordPress.

300 1 CVE
Recapture for Restrict Content Pro

Recapture for Restrict Content Pro

recapture-for-restrict-content-pro

A
100

Recapture is the easiest and most effective way to recover abandoned carts and do email marketing for your Restrict Content Pro site in WordPress.

20 No CVEs
FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce

FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce

wp-marketing-automations

B
82

Recover lost revenue with Cart Abandonment Recovery for WooCommerce. Increase retention with Post Purchase Follow-Up Emails.

20K 11 CVEs
CartBounty – Save and recover abandoned carts for WooCommerce

CartBounty – Save and recover abandoned carts for WooCommerce

woo-save-abandoned-carts

A
99

Save abandoned carts and send automated abandoned cart recovery messages. Get more leads, reduce cart abandonment, and increase sales.

10K 1 CVE
ShopMagic Abandoned Cart Recovery for WooCommerce

ShopMagic Abandoned Cart Recovery for WooCommerce

shopmagic-abandoned-carts

A
100

Allows saving customer details on partial WooCommerce purchases and sending abandoned cart emails.

3K No CVEs
Developer Profile

Recapture for Easy Digital Downloads Developer Profile

Recapture Cart Recovery and Email Marketing

3 plugins · 1K total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
8 days
View full developer profile
Detection Fingerprints

How We Detect Recapture for Easy Digital Downloads

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/recapture-for-edd/css/reviews.css/wp-content/plugins/recapture-for-edd/js/reviews.js/wp-content/plugins/recapture-for-edd/css/styles.css
Script Paths
https://cdn.recapture.io/recapture-loader.js
Version Parameters
recapture-for-edd/css/styles.css?ver=1.0.45recapture-for-edd/js/reviews.js?ver=falserecapture-for-edd/css/reviews.css?ver=false

HTML / DOM Fingerprints

CSS Classes
recapture-review-container
HTML Comments
Ignoring wpecs warning because we receive this URL from Recaptureso we can't add/check a nonce<!-- Plugin Name: Recapture for Easy Digital Downloads -->
Data Attributes
data-recapture-api-keydata-recapture-emaildata-recapture-productdata-recapture-pagedata-recapture-order-hash
JS Globals
window.ra
FAQ

Frequently Asked Questions about Recapture for Easy Digital Downloads