Recover Exit For WooCommerce Security & Risk Analysis

wordpress.org/plugins/recoverexit-for-woocommerce

Stop cart and checkout abandonment in minutes with RecoverExit for WooCommerce, easily offer users an instant discount when exit intension is detected …

0 active installs v1.0.3 PHP + WP 4.0+ Updated Mar 17, 2022
abandoned-cartscart-abandonmentexit-popupwoocommerce
60
C · Use Caution
CVEs total1
Unpatched1
Last CVEJun 8, 2026
Safety Verdict

Is Recover Exit For WooCommerce Safe to Use in 2026?

Use With Caution

Score 60/100

Recover Exit For WooCommerce has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Jun 8, 2026Updated 4yr ago
Risk Assessment

The "recoverexit-for-woocommerce" plugin version 1.0.3 presents a mixed security posture. On the positive side, the plugin demonstrates good practices in database interaction, utilizing prepared statements for all SQL queries and a high percentage of proper output escaping, suggesting an effort to prevent common injection vulnerabilities. Furthermore, there is no recorded vulnerability history, indicating a lack of publicly known exploits or past security flaws.

However, significant security concerns are highlighted by the static analysis. The plugin exposes two AJAX handlers, both of which lack any authentication checks. This creates a substantial attack surface where any unauthenticated user could potentially trigger these handlers, leading to unintended actions or data manipulation. The absence of nonce checks and capability checks further exacerbates this risk, as it provides no mechanism to verify the legitimacy of the requests. The taint analysis revealing unsanitized paths, although not resulting in critical or high severity flaws in this scan, warrants attention due to the open entry points.

In conclusion, while the plugin exhibits strengths in areas like SQL sanitization and output escaping, the critical lack of authentication on its AJAX endpoints represents a serious security weakness. The absence of nonce and capability checks amplifies this risk. Until these authentication deficiencies are addressed, the plugin remains vulnerable to unauthorized access and potential exploitation.

Key Concerns

  • AJAX handlers without authentication checks
  • No nonce checks on entry points
  • No capability checks on entry points
  • Unsanitized paths identified in taint analysis
Vulnerabilities
1 published

Recover Exit For WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

High
1

1 total CVE

CVE-2026-9662high · 8.1Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Recover Exit For WooCommerce <= 1.0.3 - Unauthenticated Local File Inclusion via 'tpf' Parameter

Jun 8, 2026Unpatched
Version History

Recover Exit For WooCommerce Release Timeline

v1.0.3Current1 CVE
v1.0.21 CVE
v1.0.11 CVE
v1.0.01 CVE
Code Analysis
Analyzed Apr 16, 2026

Recover Exit For WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
91
648 escaped
Nonce Checks
0
Capability Checks
0
File Operations
23
External Requests
2
Bundled Libraries
0

Output Escaping

88% escaped739 total outputs
Data Flows · Security
8 unsanitized

Data Flow Analysis

8 flows8 with unsanitized paths
recover_exit_template_editor (admin_area.php:553)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Recover Exit For WooCommerce Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

noprivwp_ajax_recexit_total_counter_functrecoverexit_woocommerce.php:162
authwp_ajax_recexit_total_counter_functrecoverexit_woocommerce.php:163
WordPress Hooks 4
actionadmin_menuincludes/functions.php:4
actionadmin_headincludes/functions.php:5
actionwoocommerce_after_checkout_formrecoverexit_woocommerce.php:44
actionwoocommerce_after_cartrecoverexit_woocommerce.php:52
Maintenance & Trust

Recover Exit For WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested5.9.13
Last updatedMar 17, 2022
PHP min version
Downloads1K

Community Trust

Rating100/100
Number of ratings1
Active installs0
Developer Profile

Recover Exit For WooCommerce Developer Profile

Plasmatize Media LTD

2 plugins · 0 total installs

75
trust score
Avg Security Score
73/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Recover Exit For WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/recoverexit-for-woocommerce/assets/css/admin-styles.css/wp-content/plugins/recoverexit-for-woocommerce/assets/css/previewadminstyle.css/wp-content/plugins/recoverexit-for-woocommerce/assets/js/admin-features.js
Script Paths
/wp-content/plugins/recoverexit-for-woocommerce/assets/js/admin-features.js

HTML / DOM Fingerprints

CSS Classes
recoverexit-dialog
Data Attributes
data-recoverexit-coupon-code
JS Globals
recoverExit
FAQ

Frequently Asked Questions about Recover Exit For WooCommerce