WP-Safety

RetentionFox – Abandoned Cart Recovery, Exit Intent & Popups for WooCommerce Security & Risk Analysis

wordpress.org/plugins/retentionfox-for-woocommerce

Recover abandoned carts with on‑site nudges, exit‑intent popups, and branded recovery emails. No monthly fees or sending limits.

0 active installs v1.4.0 PHP + WP 5.0+ Updated Dec 8, 2025
abandoned-cartemail-recoveryexit-intentpopupwoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is RetentionFox – Abandoned Cart Recovery, Exit Intent & Popups for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

RetentionFox – Abandoned Cart Recovery, Exit Intent & Popups for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago
Risk Assessment

The retentionfox-for-woocommerce plugin v1.4.0 exhibits a generally strong security posture due to its adherence to secure coding practices. The complete absence of dangerous functions, reliance on prepared statements for all SQL queries, and 100% proper output escaping are significant strengths. The plugin also demonstrates good use of nonce and capability checks. However, a notable concern arises from the presence of 7 AJAX handlers, with 4 of them lacking authentication checks. This creates an attack surface that could be exploited by unauthenticated users. While the taint analysis identified one flow with unsanitized paths, it was not classified as critical or high severity, suggesting a potentially low-impact issue or a false positive. The plugin's vulnerability history is clean, with no recorded CVEs, indicating a history of responsible development and maintenance. Overall, the plugin benefits from robust internal security measures, but the unprotected AJAX endpoints represent a distinct area of risk that warrants attention.

Key Concerns

  • Unprotected AJAX handlers
  • Flow with unsanitized path (low severity)
Vulnerabilities
None known

RetentionFox – Abandoned Cart Recovery, Exit Intent & Popups for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

RetentionFox – Abandoned Cart Recovery, Exit Intent & Popups for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
1
315 escaped
Nonce Checks
5
Capability Checks
6
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

100% escaped316 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths
<class-retentionfox> (includes\class-retentionfox.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

RetentionFox – Abandoned Cart Recovery, Exit Intent & Popups for WooCommerce Attack Surface

Entry Points7
Unprotected4

AJAX Handlers 7

authwp_ajax_retentionfox_cart_countincludes\class-retentionfox-public.php:31
noprivwp_ajax_retentionfox_cart_countincludes\class-retentionfox-public.php:32
authwp_ajax_retentionfox_send_test_emailincludes\class-retentionfox.php:46
authwp_ajax_retentionfox_send_recovery_allincludes\class-retentionfox.php:49
authwp_ajax_retentionfox_preview_recovery_allincludes\class-retentionfox.php:50
authwp_ajax_retentionfox_cart_countincludes\class-retentionfox.php:53
noprivwp_ajax_retentionfox_cart_countincludes\class-retentionfox.php:54
WordPress Hooks 14
actionwp_enqueue_scriptsincludes\class-retentionfox-public.php:27
actionwp_enqueue_scriptsincludes\class-retentionfox-public.php:28
actionwp_footerincludes\class-retentionfox-public.php:29
actioninitincludes\class-retentionfox-public.php:34
actioninitincludes\class-retentionfox-public.php:35
actionwoocommerce_thankyouincludes\class-retentionfox-public.php:38
actionplugins_loadedincludes\class-retentionfox-public.php:441
actionadmin_menuincludes\class-retentionfox.php:31
actionadmin_initincludes\class-retentionfox.php:32
actionadmin_enqueue_scriptsincludes\class-retentionfox.php:33
actionwp_enqueue_scriptsincludes\class-retentionfox.php:36
actionphpmailer_initincludes\class-retentionfox.php:43
actioninitincludes\class-retentionfox.php:57
actionwoocommerce_cart_updatedincludes\class-retentionfox.php:60
Maintenance & Trust

RetentionFox – Abandoned Cart Recovery, Exit Intent & Popups for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 8, 2025
PHP min version
Downloads111

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

RetentionFox – Abandoned Cart Recovery, Exit Intent & Popups for WooCommerce Alternatives

Cart Lift – Abandoned Cart Recovery for WooCommerce and EDD

Cart Lift – Abandoned Cart Recovery for WooCommerce and EDD

cart-lift

A
99

Track abandoned carts and send automated, customizable abandoned cart recovery emails. Get more leads, reduce cart abandonment, and increase revenue.

1K 2 CVEs
Onsite Messaging by PushAlert – Exit Intent Popups, Email Optins, Discount Overlays

Onsite Messaging by PushAlert – Exit Intent Popups, Email Optins, Discount Overlays

pushalert-onsite-messaging

A
100

A plugin by PushAlert to enable onsite messaging for your WordPress and WooCommerce Store to build email list, boost sales and recover abandoned cart.

60 No CVEs
Wahra Abandoned Cart Recovery

Wahra Abandoned Cart Recovery

wahra-abandoned-cart-recovery

A
100

Recover lost sales by capturing abandoned carts and sending automated recovery emails. GDPR-compliant, lightweight, and built for WooCommerce.

0 No CVEs
CartBounty – Save and recover abandoned carts for WooCommerce

CartBounty – Save and recover abandoned carts for WooCommerce

woo-save-abandoned-carts

A
99

Save abandoned carts and send automated abandoned cart recovery messages. Get more leads, reduce cart abandonment, and increase sales.

10K 1 CVE
Poptics – Popup Builder, Email Opt-ins, Exit-Intent & WooCommerce Popups Sales

Poptics – Popup Builder, Email Opt-ins, Exit-Intent & WooCommerce Popups Sales

poptics

A
99

Create high-converting popups, email opt-ins, exit-intent popups & WooCommerce popups to boost leads, subscribers and sales.

2K 1 CVE
Developer Profile

RetentionFox – Abandoned Cart Recovery, Exit Intent & Popups for WooCommerce Developer Profile

adprozz

2 plugins · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect RetentionFox – Abandoned Cart Recovery, Exit Intent & Popups for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/retentionfox-for-woocommerce/public/css/retentionfox-public.css/wp-content/plugins/retentionfox-for-woocommerce/assets/js/notifications.js
Script Paths
/wp-content/plugins/retentionfox-for-woocommerce/public/js/retentionfox-public.js/wp-content/plugins/retentionfox-for-woocommerce/assets/js/notifications.js
Version Parameters
retentionfox-for-woocommerce/public/css/retentionfox-public.css?ver=retentionfox-for-woocommerce/public/js/retentionfox-public.js?ver=retentionfox-for-woocommerce/assets/js/notifications.js?ver=

HTML / DOM Fingerprints

JS Globals
retentionfox_dataretentionFoxLegacySettings
FAQ

Frequently Asked Questions about RetentionFox – Abandoned Cart Recovery, Exit Intent & Popups for WooCommerce