Does Email Marketing for WordPress and WooCommerce – Retainful have any unpatched vulnerabilities?

No. All known vulnerabilities in Email Marketing for WordPress and WooCommerce – Retainful have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Email Marketing for WordPress and WooCommerce – Retainful compatible with WordPress 6.9.4?

According to WordPress.org data, Email Marketing for WordPress and WooCommerce – Retainful 1.0.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Email Marketing for WordPress and WooCommerce – Retainful compatible with PHP 7.4+?

Email Marketing for WordPress and WooCommerce – Retainful requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

Email Marketing for WordPress and WooCommerce – Retainful Security & Risk Analysis

wordpress.org/plugins/retainful

Email marketing, newsletters for WordPress and WooCommerce. Send newsletters and campaigns, recover abandoned carts, signup forms, and more

60 active installs v1.0.0 PHP 7.4+ WP 6.0+ Updated Mar 9, 2026

email-campaignsemail-marketingformsnewsletterspopups

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Email Marketing for WordPress and WooCommerce – Retainful Safe to Use in 2026?

Generally Safe

Score 100/100

Email Marketing for WordPress and WooCommerce – Retainful has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 25d ago

Risk Assessment

This analysis of Retainful v1.0.0 reveals a plugin with a mixed security posture. While the plugin demonstrates good practices in areas like SQL query preparation and output escaping, it has significant weaknesses regarding its attack surface. A major concern is the presence of six AJAX handlers, all of which lack authentication checks. This presents a substantial risk, as any unauthenticated user could potentially trigger these functions. Furthermore, the taint analysis identified one flow with unsanitized paths and high severity, indicating a potential vulnerability where user-supplied data could be processed in an unsafe manner, leading to unauthorized actions or data leakage. The absence of any recorded vulnerabilities, including CVEs, is a positive indicator of past security diligence, but it does not mitigate the immediate risks identified in the current code. The plugin's strengths in SQL and output handling are overshadowed by the critical lack of authorization on its AJAX endpoints and the identified taint flow.

Key Concerns

AJAX handlers without auth checks
High severity unsanitized path taint flow
Missing nonce checks on AJAX
Missing capability checks on AJAX

Vulnerabilities

None known

Email Marketing for WordPress and WooCommerce – Retainful Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Email Marketing for WordPress and WooCommerce – Retainful Code Analysis

Dangerous Functions

Raw SQL Queries

7 prepared

Unescaped Output

66 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared7 total queries

Output Escaping

96% escaped69 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths

<Auth> (App\Helpers\Auth.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

6 unprotected

Email Marketing for WordPress and WooCommerce – Retainful Attack Surface

Entry Points6

Unprotected6

AJAX Handlers 6

authwp_ajax_retainful_integrationApp\Controllers\AjaxHooks.php:17

noprivwp_ajax_retainful_integrationApp\Controllers\AjaxHooks.php:18

authwp_ajax_retainful_set_popup_coupon_codeApp\Controllers\AjaxHooks.php:24

noprivwp_ajax_retainful_set_popup_coupon_codeApp\Controllers\AjaxHooks.php:26

authwp_ajax_rnoc_track_user_dataApp\Controllers\Store\Common.php:33

noprivwp_ajax_rnoc_track_user_dataApp\Controllers\Store\Common.php:34

WordPress Hooks 45

actionadmin_menuApp\Controllers\Admin\Common.php:19

actionadmin_enqueue_scriptsApp\Controllers\Admin\Common.php:20

actionwoocommerce_payment_completeApp\Controllers\Orders.php:18

actionwoocommerce_thankyouApp\Controllers\Orders.php:19

actionwoocommerce_checkout_update_order_metaApp\Controllers\Orders.php:20

actionwoocommerce_store_api_checkout_update_order_metaApp\Controllers\Orders.php:21

actionwoocommerce_order_status_changedApp\Controllers\Orders.php:26

filterwoocommerce_rest_prepare_shop_order_objectApp\Controllers\Orders.php:29

actionrest_api_initApp\Controllers\RestApi.php:27

filterwoocommerce_rest_prepare_product_objectApp\Controllers\RestApi.php:28

filterwoocommerce_rest_prepare_product_variation_objectApp\Controllers\RestApi.php:32

actionwp_enqueue_scriptsApp\Controllers\Store\Common.php:24

filterwoocommerce_checkout_fieldsApp\Controllers\Store\Common.php:25

actionwoocommerce_checkout_after_terms_and_conditionsApp\Controllers\Store\Common.php:26

actionwoocommerce_initApp\Controllers\Store\Common.php:27

actionwoocommerce_add_to_cartApp\Controllers\Store\Common.php:29

actionwoocommerce_cart_updatedApp\Controllers\Store\Common.php:30

actionrtfl_track_user_data_cart_syncApp\Controllers\Store\Common.php:37

actionwp_loadedApp\Controllers\Store\Common.php:38

actionwp_loadedApp\Controllers\Store\Common.php:40

actionwoocommerce_api_retainfulApp\Controllers\Store\RecreateCart.php:23

actionwp_authenticateApp\Controllers\Store\Users.php:17

actionuser_registerApp\Controllers\Store\Users.php:18

actionwp_logoutApp\Controllers\Store\Users.php:19

filterwoocommerce_webhook_topicsApp\Controllers\Webhook.php:26

filterwoocommerce_valid_webhook_eventsApp\Controllers\Webhook.php:27

filterwoocommerce_valid_webhook_resourcesApp\Controllers\Webhook.php:28

filterwoocommerce_webhook_http_argsApp\Controllers\Webhook.php:32

filterwoocommerce_webhook_http_argsApp\Controllers\Webhook.php:33

filterwoocommerce_webhook_should_deliverApp\Controllers\Webhook.php:34

actioncreated_product_catApp\Controllers\Webhook.php:37

actionedited_product_catApp\Controllers\Webhook.php:40

actiondelete_product_catApp\Controllers\Webhook.php:43

actionretainful_categoryApp\Controllers\Webhook.php:46

actiontransition_post_statusApp\Controllers\Webhook.php:52

actionretainful_product_created_syncApp\Controllers\Webhook.php:65

actionretainful_product_updated_syncApp\Controllers\Webhook.php:66

actionretainful_product_deleted_syncApp\Controllers\Webhook.php:67

actiontemplate_redirectApp\Controllers\Webhook.php:70

actionretainful_track_product_viewedApp\Controllers\Webhook.php:71

actionretainful_checkout_started_syncApp\Controllers\Webhook.php:74

actionretainful_order_status_changeApp\Controllers\Webhook.php:78

actionadmin_noticesApp\Helpers\Plugins.php:125

actionbefore_woocommerce_initretainful.php:24

actioninitretainful.php:57

Maintenance & Trust

Email Marketing for WordPress and WooCommerce – Retainful Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 9, 2026

PHP min version7.4

Downloads56

Community Trust

Rating100/100

Number of ratings1

Active installs60

Alternatives

Email Marketing for WordPress and WooCommerce – Retainful Alternatives

Newsletter – Send awesome emails from WordPress

newsletter

An email marketing tool for your blog: subscription forms to create your lists with unlimited subscribers and newsletters.

200K 20 CVEs

Brevo – Email, SMS, Web Push, Chat, and more.

mailin

Turn your WordPress site into a marketing powerhouse. Grow your audience, boost engagement, and drive more sales with Brevo.

100K 9 CVEs

WebToffee eCommerce Marketing Automation – Email marketing, Popups, Email customizer

decorator-woocommerce-email-customizer

Create and send marketing emails and campaigns. Enable email automations, Popups, spin-a-wheel, sign-up forms, and more. Customize WooCommerce emails.

10K 2 CVEs

Mailster WordPress Newsletter Plugin

mailster

Send beautiful newsletters from WordPress. Collect subscribers with signup forms, automate your emails for WooCommerce, blog post notifications & …

9K 5 CVEs

Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce

sender-net-automated-emails

Sender is an all-in-one email & SMS marketing platform designed keeping the challenges of ecommerce and small businesses in mind.

5K 2 CVEs

Developer Profile

Email Marketing for WordPress and WooCommerce – Retainful Developer Profile

retainful

2 plugins · 2K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Email Marketing for WordPress and WooCommerce – Retainful

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/retainful/assets/css/app.css/wp-content/plugins/retainful/assets/js/app.js/wp-content/plugins/retainful/assets/js/chunk-vendors.js/wp-content/plugins/retainful/assets/css/chunk-vendors.css

Version Parameters

retainful/assets/css/app.css?ver=retainful/assets/js/app.js?ver=retainful/assets/js/chunk-vendors.js?ver=retainful/assets/css/chunk-vendors.css?ver=

HTML / DOM Fingerprints

CSS Classes

rtfl-app-wrapperrtfl-dashboard-cardrtfl-plugin-informationrtfl-card-descriptionrtfl-add-on-box

HTML Comments

Data Attributes

data-plugin-name="Retainful"data-connect-url

JS Globals

window.RetainfulData

REST Endpoints

/wp-json/retainful/v1/settings

FAQ