Does CM Commerce for WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in CM Commerce for WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is CM Commerce for WooCommerce compatible with WordPress 6.3.8?

According to WordPress.org data, CM Commerce for WooCommerce 1.6.7 has been tested up to WordPress 6.3.8. Check the plugin's changelog for the latest compatibility information.

How often is CM Commerce for WooCommerce updated?

CM Commerce for WooCommerce was last updated on Jul 21, 2023. Frequent updates are generally a positive security signal.

What is CM Commerce for WooCommerce's security score?

CM Commerce for WooCommerce has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

CM Commerce for WooCommerce Security & Risk Analysis

wordpress.org/plugins/receiptful-for-woocommerce

CM Commerce, the all-in-one marketing app for your WooCommerce store, increasing sales with automated email campaigns & widgets. Simply sell more.

100 active installs v1.6.7 PHP + WP 4.0.0+ Updated Jul 21, 2023

campaign-monitorcampaign-monitor-commercecm-commerceconversioconversio-woocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is CM Commerce for WooCommerce Safe to Use in 2026?

Generally Safe

Score 85/100

CM Commerce for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The "receiptful-for-woocommerce" plugin v1.6.7 exhibits a generally strong security posture, with no known historical vulnerabilities and a clean record of CVEs. The static analysis reveals good practices such as 100% of SQL queries using prepared statements and a high percentage of output escaping. The plugin also appears to have robust input validation, as evidenced by no critical or high-severity taint flows and no raw SQL queries lacking preparation. The absence of file operations and the controlled number of external HTTP requests further contribute to its security. However, there are a few areas for improvement. The presence of 4 shortcodes, while not directly flagged as unprotected, represents potential entry points that could be further scrutinized for implicit security controls, especially if they handle user-supplied data. Additionally, the lack of any explicit capability checks for the shortcodes, cron events, or AJAX handlers, while offset by the 0 unprotected entry points, means that the plugin relies on WordPress's default permission handling, which might not be granular enough for all scenarios. The single nonce check is also a minimal implementation, suggesting that not all user interactions are adequately protected against CSRF attacks.

Key Concerns

No explicit capability checks for entry points
Limited nonce checks

Vulnerabilities

None known

CM Commerce for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

CM Commerce for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

8 prepared

Unescaped Output

62 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared8 total queries

Output Escaping

82% escaped76 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

recover_cart (includes\class-cm-commerce-abandoned-cart.php:163)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

CM Commerce for WooCommerce Attack Surface

Entry Points4

Unprotected0

Shortcodes 4

[rf_feedback] includes\class-cm-commerce-feedback.php:25

[rf_recommendations] includes\class-cm-commerce-recommendations.php:25

[rf_reviews] includes\class-cm-commerce-reviews.php:25

[rf_widget] includes\class-cm-commerce-widget.php:21

WordPress Hooks 61

actionadmin_initincludes\admin\class-cm-commerce-admin.php:34

actionadmin_enqueue_scriptsincludes\admin\class-cm-commerce-admin.php:37

filterwoocommerce_settings_tabs_arrayincludes\admin\class-cm-commerce-admin.php:40

actionwoocommerce_settings_receiptfulincludes\admin\class-cm-commerce-admin.php:43

actionwoocommerce_update_options_receiptfulincludes\admin\class-cm-commerce-admin.php:46

actionwoocommerce_admin_field_conversio_optin_noticeincludes\admin\class-cm-commerce-admin.php:49

actionwoocommerce_admin_field_conversio_widgetsincludes\admin\class-cm-commerce-admin.php:50

filterwoocommerce_admin_settings_sanitize_option_receiptful_widgetsincludes\admin\class-cm-commerce-admin.php:53

actionupdate_option_receiptful_api_keyincludes\admin\class-cm-commerce-admin.php:56

filterwoocommerce_debug_toolsincludes\admin\class-cm-commerce-admin.php:59

actionadmin_initincludes\admin\class-cm-commerce-admin.php:60

actionadmin_noticesincludes\admin\class-cm-commerce-admin.php:63

actionwoocommerce_add_to_cartincludes\class-cm-commerce-abandoned-cart.php:25

actionwoocommerce_cart_item_removedincludes\class-cm-commerce-abandoned-cart.php:28

actionwoocommerce_cart_item_restoredincludes\class-cm-commerce-abandoned-cart.php:31

actionwoocommerce_after_cart_item_quantity_updateincludes\class-cm-commerce-abandoned-cart.php:34

actiontemplate_redirectincludes\class-cm-commerce-abandoned-cart.php:38

filterwoocommerce_email_classesincludes\class-cm-commerce-email.php:36

actionwoocommerce_order_status_pending_to_processingincludes\class-cm-commerce-email.php:40

actionwoocommerce_order_status_on-hold_to_processingincludes\class-cm-commerce-email.php:41

actionwoocommerce_order_status_pending_to_completedincludes\class-cm-commerce-email.php:42

actionreceiptful_add_upsellincludes\class-cm-commerce-email.php:45

filterwoocommerce_my_account_my_orders_actionsincludes\class-cm-commerce-email.php:48

actionwoocommerce_order_actionsincludes\class-cm-commerce-email.php:51

actionwoocommerce_order_action_conversio_send_receiptincludes\class-cm-commerce-email.php:54

actionwp_footerincludes\class-cm-commerce-front-end.php:25

actionwp_footerincludes\class-cm-commerce-front-end.php:29

actionwoocommerce_thankyouincludes\class-cm-commerce-front-end.php:33

actionwoocommerce_billing_fieldsincludes\class-cm-commerce-front-end.php:36

actionwoocommerce_checkout_create_orderincludes\class-cm-commerce-front-end.php:38

actionwoocommerce_checkout_update_customerincludes\class-cm-commerce-front-end.php:41

actioninitincludes\class-cm-commerce-front-end.php:44

filterwoocommerce_product_tabsincludes\class-cm-commerce-front-end.php:227

actionwoocommerce_checkout_update_order_metaincludes\class-cm-commerce-order.php:25

actionwoocommerce_reduce_order_stockincludes\class-cm-commerce-order.php:28

actionpublish_postincludes\class-cm-commerce-products.php:26

actionsave_postincludes\class-cm-commerce-products.php:27

actiontrash_productincludes\class-cm-commerce-products.php:30

actionwoocommerce_scheduled_salesincludes\class-cm-commerce-products.php:33

filtercron_schedulesincludes\cm-commerce-cron-functions.php:33

actioninitincludes\cm-commerce-cron-functions.php:68

actionreceiptful_check_resendincludes\cm-commerce-cron-functions.php:91

actionreceiptful_initial_product_syncincludes\cm-commerce-cron-functions.php:182

actionreceiptful_initial_receipt_syncincludes\cm-commerce-cron-functions.php:272

actionsave_post_pageincludes\cm-commerce-helper-functions.php:17

actionupdate_option_woocommerce_cart_page_idincludes\cm-commerce-helper-functions.php:20

actioninitincludes\cm-commerce-helper-functions.php:151

actionreceiptful_order_status_processing_notificationincludes\emails\class-cm-commerce-email-customer-new-order.php:32

filterreceiptful_get_download_urlsincludes\integrations\sensei.php:96

filterwoocommerce_email_classesincludes\integrations\woocommerce-subscriptions.php:13

filterwoocommerce_subscriptions_renewal_order_meta_queryincludes\integrations\woocommerce-subscriptions.php:47

filterreceiptful_hidden_order_itemmetaincludes\integrations\woocommerce-subscriptions.php:67

filterwoocommerce_order_is_download_permittedincludes\integrations\woocommerce-subscriptions.php:124

actionwoocommerce_order_status_completed_notificationincludes\integrations\wpml.php:28

actionwoocommerce_order_status_completedincludes\integrations\wpml.php:46

actionwoocommerce_order_status_pending_to_processing_notificationincludes\integrations\wpml.php:65

actionwoocommerce_order_status_pending_to_on-hold_notificationincludes\integrations\wpml.php:84

actionadmin_noticesreceiptful-woocommerce.php:113

actionadmin_initreceiptful-woocommerce.php:213

actionwp_enqueue_scriptsreceiptful-woocommerce.php:216

actionplugins_loadedreceiptful-woocommerce.php:219

Scheduled Events 3

receiptful_check_resend

receiptful_initial_product_sync

receiptful_initial_receipt_sync

Maintenance & Trust

CM Commerce for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.3.8

Last updatedJul 21, 2023

PHP min version

Downloads51K

Community Trust

Rating94/100

Number of ratings28

Active installs100

Alternatives

CM Commerce for WooCommerce Alternatives

AIWIS

wp-aiwis

AIWIS is the World’s Most Advanced Artificial Intelligence Website Interaction System. He talks with your visitors in many different languages.

10 No CVEs

Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder

popup-maker

Want to boost sales & marketing efforts? Use your favorite forms & builder. Unlimited popups & impressions, keep your data, no monthly subscription.

700K 18 CVEs

Meta for WooCommerce

facebook-for-woocommerce

Get the Official Meta for WooCommerce plugin for powerful ways to help grow your business.

500K 3 CVEs

PixelYourSite – Your smart PIXEL (TAG) & API Manager

pixelyoursite

Add Meta Pixel with Conversion API, Google Analytics (GA4) + Consent Mode, Google Tag Manager, and Head & Footer scripts.

500K 11 CVEs

Meta pixel for WordPress

official-facebook-pixel

Grow your business with Meta for WordPress!

400K 2 CVEs

Developer Profile

CM Commerce for WooCommerce Developer Profile

receiptful

1 plugin · 100 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect CM Commerce for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Script Paths

/wp-content/plugins/receiptful-for-woocommerce/assets/js/admin.js/wp-content/plugins/receiptful-for-woocommerce/assets/js/frontend.js/wp-content/plugins/receiptful-for-woocommerce/assets/css/admin.css/wp-content/plugins/receiptful-for-woocommerce/assets/css/frontend.css

Version Parameters

receiptful-for-woocommerce/assets/js/admin.js?ver=receiptful-for-woocommerce/assets/js/frontend.js?ver=receiptful-for-woocommerce/assets/css/admin.css?ver=receiptful-for-woocommerce/assets/css/frontend.css?ver=

HTML / DOM Fingerprints

CSS Classes

receiptful-admin-noticereceiptful-admin-reviewreceiptful-admin-thankyoureceiptful-admin-feedback-formreceiptful-frontend-widgetreceiptful-widget-container

HTML Comments

Data Attributes

data-receiptful-iddata-receiptful-emaildata-receiptful-product-iddata-receiptful-order-total

JS Globals

receiptful_tracking_paramsCMCommerceAdmincm_commerce_frontend_vars

REST Endpoints

/wp-json/receiptful/v1/track/wp-json/receiptful/v1/feedback

Shortcode Output

[receiptful_recent_purchases][receiptful_recommendations][receiptful_feedback_form]

FAQ