WP-Safety

Retainful – WooCommerce Abandoned Cart, Newsletters, Email Marketing, Signup Forms and Automation Security & Risk Analysis

wordpress.org/plugins/retainful-next-order-coupon-for-woocommerce

WooCommerce abandoned cart recovery, Newsletters, Email campaigns, Subscription forms, Popups and Email Marketing Automation plugin

2K active installs v2.6.43 PHP 7.4+ WP 6.0.0+ Updated Mar 9, 2026
abandoned-cartemail-marketingformsnewsletterwoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Retainful – WooCommerce Abandoned Cart, Newsletters, Email Marketing, Signup Forms and Automation Safe to Use in 2026?

Generally Safe

Score 100/100

Retainful – WooCommerce Abandoned Cart, Newsletters, Email Marketing, Signup Forms and Automation has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 25d ago
Risk Assessment

The 'retainful-next-order-coupon-for-woocommerce' plugin version 2.6.43 exhibits a concerning security posture primarily due to a significant number of unprotected entry points. While the code demonstrates good practices in areas like SQL query sanitization and output escaping, the sheer volume of AJAX handlers and REST API routes lacking authentication or permission checks presents a broad attack surface. The static analysis indicates 11 AJAX handlers and 9 REST API routes that are exposed without any form of authorization, meaning any user, including unauthenticated ones, could potentially interact with these functions. Although no dangerous functions or critical taint flows were identified, and the plugin has no recorded vulnerability history, the lack of basic security measures on its entry points is a serious oversight. This could lead to unintended actions or information disclosure if an attacker can craft specific requests to these unprotected endpoints. The presence of two unsanitized paths in the taint analysis, while not classified as critical or high severity, warrants further investigation to understand their potential impact in the context of unprotected entry points.

Key Concerns

  • Unprotected AJAX handlers
  • Unprotected REST API routes
  • Taint flows with unsanitized paths
  • Limited nonce checks
  • Limited capability checks
Vulnerabilities
None known

Retainful – WooCommerce Abandoned Cart, Newsletters, Email Marketing, Signup Forms and Automation Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Retainful – WooCommerce Abandoned Cart, Newsletters, Email Marketing, Signup Forms and Automation Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
32 prepared
Unescaped Output
17
457 escaped
Nonce Checks
2
Capability Checks
3
File Operations
3
External Requests
3
Bundled Libraries
0

SQL Query Safety

97% prepared33 total queries

Output Escaping

96% escaped474 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths
set_status_header (src\helpers\Input.php:190)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
20 unprotected

Retainful – WooCommerce Abandoned Cart, Newsletters, Email Marketing, Signup Forms and Automation Attack Surface

Entry Points20
Unprotected20

AJAX Handlers 11

authwp_ajax_validate_app_keysrc\Main.php:209
authwp_ajax_rnoc_get_search_couponsrc\Main.php:210
authwp_ajax_rnoc_disconnect_licensesrc\Main.php:211
authwp_ajax_rnoc_save_settingssrc\Main.php:212
authwp_ajax_rnoc_delete_expired_couponssrc\Main.php:214
authwp_ajax_rnoc_apply_popup_couponsrc\Main.php:255
noprivwp_ajax_rnoc_apply_popup_couponsrc\Main.php:256
authwp_ajax_rnoc_track_user_datasrc\Main.php:263
noprivwp_ajax_rnoc_track_user_datasrc\Main.php:264
authwp_ajax_rnoc_ajax_get_encrypted_cartsrc\Main.php:265
noprivwp_ajax_rnoc_ajax_get_encrypted_cartsrc\Main.php:266

REST API Routes 9

POST/wp-json/retainful-api/v1/verifysrc\Main.php:70
POST/wp-json/retainful-api/v1/couponsrc\Main.php:75
GET/wp-json/retainful-api/v1/customersrc\Main.php:80
GET/wp-json/retainful-api/v1/orderssrc\Main.php:89
GET/wp-json/retainful-api/v1/orders/countsrc\Main.php:94
GET/wp-json/retainful-api/v1/productssrc\Main.php:101
GET/wp-json/retainful-api/v1/products/countsrc\Main.php:106
GET/wp-json/retainful-api/v1/category/countsrc\Main.php:111
GET/wp-json/retainful-api/v1/categorysrc\Main.php:116
WordPress Hooks 69
actionbefore_woocommerce_initretainful-next-order-coupon-for-woocommerce.php:135
actionadmin_noticessrc\admin\Settings.php:506
actionadmin_print_scriptssrc\admin\Survey.php:24
actionadmin_print_scriptssrc\admin\Survey.php:25
actionadmin_footersrc\admin\Survey.php:26
actionsave_post_afterpay_quotesrc\integrations\AfterPay.php:18
actionbefore_delete_postsrc\integrations\AfterPay.php:19
actionwoocommerce_new_ordersrc\integrations\AfterPay.php:20
filterrnoc_get_current_currency_codesrc\integrations\Currency.php:9
filterrnoc_get_default_currency_codesrc\integrations\Currency.php:10
filterrnoc_get_currency_ratesrc\integrations\Currency.php:11
filterrnoc_set_current_currency_codesrc\integrations\Currency.php:12
filterrnoc_get_available_currenciessrc\integrations\Currency.php:13
filterwoocommerce_set_cookie_optionssrc\Main.php:32
actioninitsrc\Main.php:33
actionwoocommerce_initsrc\Main.php:34
actionwoocommerce_initsrc\Main.php:36
actionrest_api_initsrc\Main.php:191
actiondeactivated_pluginsrc\Main.php:193
actionplugins_loadedsrc\Main.php:195
actionrnocp_activation_triggersrc\Main.php:196
filterrnoc_need_to_run_ac_in_cloudsrc\Main.php:197
actionadmin_initsrc\Main.php:200
filterviews_edit-shop_couponsrc\Main.php:202
actionmanage_posts_extra_tablenavsrc\Main.php:203
filterwoocommerce_coupon_optionssrc\Main.php:204
filterrequestsrc\Main.php:205
actionadmin_menusrc\Main.php:206
actionadd_meta_boxessrc\Main.php:218
actionrest_api_initsrc\Main.php:239
actionuser_registersrc\Main.php:249
actionwp_loginsrc\Main.php:250
actionwp_enqueue_scriptssrc\Main.php:251
actionwp_footersrc\Main.php:252
actionwp_loadedsrc\Main.php:257
filterscript_loader_tagsrc\Main.php:259
actionretainful_sync_abandoned_cart_ordersrc\Main.php:262
actionwoocommerce_cart_loaded_from_sessionsrc\Main.php:267
actionwoocommerce_api_retainfulsrc\Main.php:269
actionwp_loadedsrc\Main.php:270
actionwoocommerce_removed_couponsrc\Main.php:271
filterwoocommerce_checkout_fieldssrc\Main.php:277
actionwoocommerce_checkout_after_terms_and_conditionssrc\Main.php:278
actionwp_footersrc\Main.php:279
filterrnoc_can_track_abandoned_cartssrc\Main.php:280
actionwoocommerce_after_calculate_totalssrc\Main.php:284
actionwp_footersrc\Main.php:287
filterwoocommerce_add_to_cart_fragmentssrc\Main.php:288
actionwp_footersrc\Main.php:290
actionwp_enqueue_scriptssrc\Main.php:291
actionwp_authenticatesrc\Main.php:292
actionuser_registersrc\Main.php:293
actionwp_logoutsrc\Main.php:294
actionwoocommerce_thankyousrc\Main.php:298
actionwoocommerce_payment_completesrc\Main.php:299
actionwoocommerce_checkout_update_order_metasrc\Main.php:300
actionwoocommerce_store_api_checkout_update_order_metasrc\Main.php:301
actionwoocommerce_order_status_changedsrc\Main.php:307
actionwoocommerce_order_status_changedsrc\Main.php:309
actionwoocommerce_process_shop_order_metasrc\Main.php:311
filterwoocommerce_valid_webhook_resourcessrc\Main.php:315
filterwoocommerce_webhook_http_argssrc\Main.php:321
actiontemplate_redirectsrc\Main.php:342
actioncreated_product_catsrc\Main.php:343
actionedited_product_catsrc\Main.php:344
actiondelete_product_catsrc\Main.php:345
actionretainful_categorysrc\Main.php:346
filterrnoc_is_cart_has_valid_ipsrc\Main.php:377
actionadmin_noticessrc\Main.php:445
Maintenance & Trust

Retainful – WooCommerce Abandoned Cart, Newsletters, Email Marketing, Signup Forms and Automation Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedMar 9, 2026
PHP min version7.4
Downloads173K

Community Trust

Rating98/100
Number of ratings98
Active installs2K
Alternatives

Retainful – WooCommerce Abandoned Cart, Newsletters, Email Marketing, Signup Forms and Automation Alternatives

Zoho Campaigns

Zoho Campaigns

zoho-campaigns

A
95

Zoho Campaigns

4K 4 CVEs
MailPoet – Newsletters, Email Marketing, and Automation

MailPoet – Newsletters, Email Marketing, and Automation

mailpoet

A
98

Send beautiful newsletters from WordPress. Collect subscribers with signup forms, automate your emails for WooCommerce, blog post notifications & more

500K 3 CVEs
Newsletter – Send awesome emails from WordPress

Newsletter – Send awesome emails from WordPress

newsletter

A
89

An email marketing tool for your blog: subscription forms to create your lists with unlimited subscribers and newsletters.

200K 20 CVEs
Brevo – Email, SMS, Web Push, Chat, and more.

Brevo – Email, SMS, Web Push, Chat, and more.

mailin

A
92

Turn your WordPress site into a marketing powerhouse. Grow your audience, boost engagement, and drive more sales with Brevo.

100K 9 CVEs
Email Marketing for WooCommerce by Omnisend

Email Marketing for WooCommerce by Omnisend

omnisend-connect

A
99

Email Marketing, Newsletter, Email Automation, Forms, Pop Up, SMS, Abandoned Cart made easy for WordPress & WooCommerce by Omnisend

60K 2 CVEs
Developer Profile

Retainful – WooCommerce Abandoned Cart, Newsletters, Email Marketing, Signup Forms and Automation Developer Profile

retainful

2 plugins · 2K total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Retainful – WooCommerce Abandoned Cart, Newsletters, Email Marketing, Signup Forms and Automation

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about Retainful – WooCommerce Abandoned Cart, Newsletters, Email Marketing, Signup Forms and Automation