Does Smaily for WooCommerce have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Smaily for WooCommerce compatible with WordPress 6.8.5?

According to WordPress.org data, Smaily for WooCommerce 1.12.4 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Smaily for WooCommerce compatible with PHP 5.6+?

Smaily for WooCommerce requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Smaily for WooCommerce updated?

Smaily for WooCommerce was last updated on Aug 8, 2025. Frequent updates are generally a positive security signal.

What is Smaily for WooCommerce's security score?

Smaily for WooCommerce has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Smaily for WooCommerce Security & Risk Analysis

wordpress.org/plugins/smaily-for-woocommerce

Simple and flexible Smaily newsletter and RSS-feed integration for WooCommerce.

200 active installs v1.12.4 PHP 5.6+ WP 4.5+ Updated Aug 8, 2025

emailnewslettersmailywoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Smaily for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Smaily for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9mo ago

Risk Assessment

The 'smaily-for-woocommerce' plugin, at version 1.12.4, presents a mixed security posture. On the positive side, it demonstrates good practice by having no documented past vulnerabilities and all its entry points (AJAX handlers, REST API routes, shortcodes, cron events) appear to have authentication checks in place. The plugin also shows a reasonable attempt at securing its code with a decent percentage of SQL queries using prepared statements and a good number of output escaping instances.

However, there are several areas of concern. The presence of the `unserialize` function is a significant red flag, as it is notoriously prone to object injection vulnerabilities if not handled with extreme care and strict input validation. Furthermore, the taint analysis reveals two high-severity flows with unsanitized paths, indicating potential for attackers to inject malicious data that is not properly validated or cleaned before being used. The file operations and external HTTP requests, while not explicitly shown as vulnerable, represent additional attack vectors that warrant scrutiny.

Considering the plugin's clean vulnerability history, it suggests the developers may be diligent in addressing past issues. Nevertheless, the identified code signals and taint flows point to specific weaknesses that could be exploited. The core concern lies in the potential for misuse of `unserialize` and the high-severity unsanitized paths, which could lead to serious security breaches if not thoroughly investigated and mitigated.

Key Concerns

High severity taint flow with unsanitized path
High severity taint flow with unsanitized path
Dangerous function found (unserialize)
SQL queries without prepared statements detected
Output not properly escaped
File operations present
External HTTP requests present

Vulnerabilities

None known

Smaily for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Smaily for WooCommerce Release Timeline

v1.12.4Current

v1.12.3

v1.12.2

v1.12.1

v1.12.0

v1.11.2

v1.11.1

v1.11.0

v1.10.0

v1.9.2

v1.9.1

v1.9.0

v1.8.1

v1.8.0

v1.7.2

v1.7.1

v1.7.0

v1.6.1

v1.6.0

v1.5.0

Code Analysis

Analyzed Mar 16, 2026

Smaily for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

140 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$cart_data = unserialize( $cart['cart_content'] );inc\Base\Cron.php:131

SQL Query Safety

40% prepared10 total queries

Output Escaping

61% escaped229 total outputs

Data Flows · Security

4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths

widget (inc\Widget\SmailyWidget.php:34)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Smaily for WooCommerce Attack Surface

Entry Points3

Unprotected0

AJAX Handlers 3

authwp_ajax_update_api_databaseinc\Api\Api.php:23

noprivwp_ajax_update_api_databaseinc\Api\Api.php:24

authwp_ajax_smaily_for_woocommerce_dismiss_deprecation_noticeinc\Pages\Admin.php:21

WordPress Hooks 36

actionwoocommerce_cart_updatedinc\Base\Cart.php:19

actionwoocommerce_checkout_order_processedinc\Base\Cart.php:21

filtercron_schedulesinc\Base\Cron.php:22

actionsmaily_cron_sync_contactsinc\Base\Cron.php:24

actionsmaily_cron_abandoned_carts_statusinc\Base\Cron.php:26

actionsmaily_cron_abandoned_carts_emailinc\Base\Cron.php:28

actionadmin_enqueue_scriptsinc\Base\Enqueue.php:20

actionwp_enqueue_scriptsinc\Base\Enqueue.php:21

actionwoocommerce_created_customerinc\Base\SubscriberSynchronization.php:25

actionpersonal_options_updateinc\Base\SubscriberSynchronization.php:26

actionedit_user_profile_updateinc\Base\SubscriberSynchronization.php:27

actionwoocommerce_save_account_detailsinc\Base\SubscriberSynchronization.php:28

actionwoocommerce_checkout_order_processedinc\Base\SubscriberSynchronization.php:29

actionupgrader_process_completeinc\Base\Upgrade.php:22

actionadmin_noticesinc\Base\Upgrade.php:24

actionplugins_loadedinc\Lifecycle.php:18

actionupgrader_process_completeinc\Lifecycle.php:19

actionadmin_menuinc\Pages\Admin.php:18

actionadmin_noticesinc\Pages\Admin.php:20

filterplugin_row_metainc\Pages\Admin.php:22

actionwoocommerce_register_forminc\Pages\ProfileSettings.php:28

actionwoocommerce_edit_account_forminc\Pages\ProfileSettings.php:29

filterwoocommerce_checkout_fieldsinc\Pages\ProfileSettings.php:32

actionshow_user_profileinc\Pages\ProfileSettings.php:39

actionedit_user_profileinc\Pages\ProfileSettings.php:40

actionwoocommerce_created_customerinc\Pages\ProfileSettings.php:43

actionpersonal_options_updateinc\Pages\ProfileSettings.php:44

actionedit_user_profile_updateinc\Pages\ProfileSettings.php:45

actionwoocommerce_save_account_detailsinc\Pages\ProfileSettings.php:46

actioninitinc\Rss\SmailyRss.php:20

filterquery_varsinc\Rss\SmailyRss.php:21

filtertemplate_includeinc\Rss\SmailyRss.php:22

filtersmaily_settingsinc\Rss\SmailyRss.php:23

actionwidgets_initinc\Widget\Register.php:15

actionplugins_loadedsmaily-for-woocommerce.php:64

actionadmin_noticessmaily-for-woocommerce.php:68

Scheduled Events 3

smaily_cron_sync_contacts

smaily_cron_abandoned_carts_status

smaily_cron_abandoned_carts_email

Maintenance & Trust

Smaily for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedAug 8, 2025

PHP min version5.6

Downloads10K

Community Trust

Rating100/100

Number of ratings2

Active installs200

Alternatives

Smaily for WooCommerce Alternatives

MailPoet – Newsletters, Email Marketing, and Automation

mailpoet

Send beautiful newsletters from WordPress. Collect subscribers with signup forms, automate your emails for WooCommerce, blog post notifications & more

500K 3 CVEs

Email Marketing for WooCommerce by Omnisend

omnisend-connect

Email Marketing, Newsletter, Email Automation, Forms, Pop Up, SMS, Abandoned Cart made easy for WordPress & WooCommerce by Omnisend

50K 3 CVEs

Brevo for WooCommerce

woocommerce-sendinblue-newsletter-subscription

All-in-one WooCommerce email marketing, automation, SMS, and CRM by Brevo. Grow your store with powerful marketing tools.

30K 3 CVEs

weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerce

wemail

Send email newsletters, automate email marketing with email automation, manage subscribers, post notifications, optins & emails for WooCommerce.

10K 6 CVEs

Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails

mail-mint

Use Mail Mint, the easiest email marketing automation plugin in WordPress to generate leads, send email campaigns, and run email automation workflows.

5K 8 CVEs

Developer Profile

Smaily for WooCommerce Developer Profile

Smaily

4 plugins · 2K total installs

trust score

Avg Security Score

95/100

Avg Patch Time

115 days

View full developer profile

Detection Fingerprints

How We Detect Smaily for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/smaily-for-woocommerce/static/javascript.js/wp-content/plugins/smaily-for-woocommerce/static/admin-widget.js/wp-content/plugins/smaily-for-woocommerce/static/jscolor.min.js/wp-content/plugins/smaily-for-woocommerce/static/admin-style.css/wp-content/plugins/smaily-for-woocommerce/static/admin-widget-style.css/wp-content/plugins/smaily-for-woocommerce/static/front-style.css

Script Paths

/wp-content/plugins/smaily-for-woocommerce/static/javascript.js/wp-content/plugins/smaily-for-woocommerce/static/admin-widget.js/wp-content/plugins/smaily-for-woocommerce/static/jscolor.min.js

Version Parameters

/wp-content/plugins/smaily-for-woocommerce/static/javascript.js?ver=/wp-content/plugins/smaily-for-woocommerce/static/admin-widget.js?ver=/wp-content/plugins/smaily-for-woocommerce/static/jscolor.min.js?ver=/wp-content/plugins/smaily-for-woocommerce/static/admin-style.css?ver=/wp-content/plugins/smaily-for-woocommerce/static/admin-widget-style.css?ver=/wp-content/plugins/smaily-for-woocommerce/static/front-style.css?ver=

HTML / DOM Fingerprints

JS Globals

smaily_translationssmaily_settings

FAQ