Does Abandoned Cart Recovery for WooCommerce have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Abandoned Cart Recovery for WooCommerce compatible with WordPress 6.9.4?

According to WordPress.org data, Abandoned Cart Recovery for WooCommerce 1.1.11 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Abandoned Cart Recovery for WooCommerce compatible with PHP 7.0+?

Abandoned Cart Recovery for WooCommerce requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Abandoned Cart Recovery for WooCommerce updated?

Abandoned Cart Recovery for WooCommerce was last updated on Feb 25, 2026. Frequent updates are generally a positive security signal.

What is Abandoned Cart Recovery for WooCommerce's security score?

Abandoned Cart Recovery for WooCommerce has a WP-Safety security score of 96/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Abandoned Cart Recovery for WooCommerce Security & Risk Analysis

wordpress.org/plugins/woo-abandoned-cart-recovery

A simple, effective solution to capture abandoned carts and auto-send reminders. Track logs and generate reports on carts, emails, and more

4K active installs v1.1.11 PHP 7.0+ WP 5.0+ Updated Feb 25, 2026

abandoned-cart-pro-for-woocommercewoocommercewoocommerce-abandoned-cartwoocommerce-abandoned-cart-emailwoocommerce-abandoned-cart-recovery

A · Safe

CVEs total2

Unpatched0

Last CVEMar 20, 2026

Plugin page Download

Safety Verdict

Is Abandoned Cart Recovery for WooCommerce Safe to Use in 2026?

Generally Safe

Score 96/100

Abandoned Cart Recovery for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

2 known CVEsLast CVE: Mar 20, 2026Updated 2mo ago

Risk Assessment

The "woo-abandoned-cart-recovery" v1.1.11 plugin exhibits a generally strong security posture, with excellent practices in output escaping and SQL query preparation. The complete absence of unescaped outputs and the overwhelming use of prepared statements for SQL queries are significant strengths. Furthermore, the plugin demonstrates diligent use of nonces and capability checks for its AJAX handlers, ensuring a protected attack surface in this regard.

However, a few areas warrant attention. The presence of a dangerous `unserialize` function, while not directly linked to a critical or high severity taint flow in this analysis, represents a potential area for future exploit if misused. The taint analysis revealing three high-severity flows with unsanitized paths, even if not critical, indicates potential for injection vulnerabilities. The plugin's historical vulnerability record shows one medium severity CVE, which, while patched and not recent, suggests a past need for security remediation. The plugin also bundles the Select2 library, which, if outdated, could introduce risks.

Overall, the plugin is well-secured in many critical areas, but the identified high-severity taint flows and the presence of `unserialize` should be proactively monitored and addressed to maintain a robust security posture. The historical medium vulnerability indicates a need for continued vigilance, even with no currently unpatched issues.

Key Concerns

High severity taint flows with unsanitized paths
Presence of dangerous unserialize function
Bundled library (Select2) - potential for outdated version
Past medium severity vulnerability

Vulnerabilities

2 published

Abandoned Cart Recovery for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2021

2021

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

High

Medium

2 total CVEs

CVE-2026-32526high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Abandoned Cart Recovery for WooCommerce <= 1.1.10 - Unauthenticated Stored Cross-Site Scripting

Mar 20, 2026 Patched in 1.1.11 (7d)

CVE-2021-4395medium · 4.3Cross-Site Request Forgery (CSRF)

Abandoned Cart Recovery for WooCommerce <= 1.0.4 - Cross-Site Request Forgery Bypass

Jul 5, 2021 Patched in 1.0.4.1 (932d)

Version History

Abandoned Cart Recovery for WooCommerce Release Timeline

No version history available.

Code Analysis

Analyzed Mar 17, 2026

Abandoned Cart Recovery for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

67 prepared

Unescaped Output

474 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$data = $el->data ? unserialize( $el->data ) : array();includes\execute\cart-logs.php:99

Bundled Libraries

Select2

SQL Query Safety

99% prepared68 total queries

Output Escaping

100% escaped476 total outputs

Data Flows · Security

5 unsanitized

Data Flow Analysis

13 flows5 with unsanitized paths

wacv_send_test_email (includes\email\email-templates.php:479)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Abandoned Cart Recovery for WooCommerce Attack Surface

Entry Points13

Unprotected0

AJAX Handlers 13

authwp_ajax_wacv_searchincludes\ajax.php:25

authwp_ajax_wacv_get_email_historyincludes\ajax.php:26

authwp_ajax_wacv_get_abd_cart_detailincludes\ajax.php:27

authwp_ajax_wacv_remove_recordincludes\ajax.php:28

authwp_ajax_wacv_export_customer_emailsincludes\ajax.php:31

authwp_ajax_wacv_send_test_emailincludes\email\email-templates.php:29

authwp_ajax_wacv_send_abd_orderincludes\email\send-email-cron.php:45

authwp_ajax_send_email_abd_manualincludes\email\send-email-cron.php:46

noprivwp_ajax_wacv_get_infoincludes\execute\guest.php:32

authwp_ajax_wacv_get_infoincludes\execute\guest.php:34

noprivwp_ajax_wacv_update_gdprincludes\execute\guest.php:36

authwp_ajax_wacv_update_gdprincludes\execute\guest.php:37

authwp_ajax_get_reportsincludes\reports\reports.php:30

WordPress Hooks 64

actionadmin_initincludes\ajax.php:32

filtercron_schedulesincludes\cron.php:20

actionwacv_execute_cronincludes\cron.php:26

actionwacv_remove_abandoned_cartincludes\cron.php:32

filterwacv_default_paramsincludes\data.php:191

actionadmin_enqueue_scriptsincludes\define.php:98

actioninitincludes\define.php:99

actionadmin_initincludes\email\email-templates.php:24

actionadd_meta_boxesincludes\email\email-templates.php:25

actionsave_post_wacv_email_templateincludes\email\email-templates.php:26

filtermanage_wacv_email_template_posts_columnsincludes\email\email-templates.php:27

actionmanage_wacv_email_template_posts_custom_columnincludes\email\email-templates.php:28

actionadmin_menuincludes\email\email-templates.php:30

filterpost_row_actionsincludes\email\email-templates.php:32

actionadmin_action_duplicate_emailincludes\email\email-templates.php:33

actionadmin_enqueue_scriptsincludes\email\email-templates.php:35

actionadmin_initincludes\email\email-templates.php:36

actionwacv_cron_send_email_abd_cartincludes\email\send-email-cron.php:42

actionwacv_cron_send_email_abd_orderincludes\email\send-email-cron.php:43

filterwoocommerce_email_stylesincludes\email\send-email-cron.php:47

actionadmin_initincludes\email\send-email-cron.php:48

filterwoocommerce_matched_ratesincludes\email\send-email-cron.php:163

actionwoocommerce_add_to_cartincludes\execute\abandoned-cart.php:40

actionwoocommerce_cart_item_removedincludes\execute\abandoned-cart.php:41

actionwoocommerce_cart_item_restoredincludes\execute\abandoned-cart.php:42

actionwoocommerce_after_cart_item_quantity_updateincludes\execute\abandoned-cart.php:43

actionwoocommerce_calculate_totalsincludes\execute\abandoned-cart.php:44

actionwoocommerce_checkout_update_order_metaincludes\execute\abandoned-cart.php:46

actionwoocommerce_thankyouincludes\execute\abandoned-cart.php:47

actionwp_loginincludes\execute\abandoned-cart.php:48

actionwoocommerce_add_to_cartincludes\execute\cart-logs.php:39

actionwoocommerce_cart_item_removedincludes\execute\cart-logs.php:40

actionwoocommerce_before_cart_item_quantity_zeroincludes\execute\cart-logs.php:41

actionwoocommerce_after_cart_item_quantity_updateincludes\execute\cart-logs.php:42

actionwacv_delete_couponincludes\execute\cron-job.php:31

actionwp_enqueue_scriptsincludes\execute\guest.php:39

filterwoocommerce_checkout_get_valueincludes\execute\guest.php:42

actioninitincludes\execute\guest.php:44

actionwoo_lucky_wheel_get_emailincludes\execute\guest.php:46

actiontemplate_redirectincludes\execute\recovered.php:31

actionwoocommerce_before_checkout_formincludes\execute\recovered.php:32

actionwoocommerce_before_cartincludes\execute\recovered.php:33

actionwp_enqueue_scriptsincludes\execute\recovered.php:34

actionwp_footerincludes\execute\recovered.php:35

actionadmin_menuincludes\reports\reports.php:29

filterset-screen-optionincludes\reports\reports.php:31

filterwoocommerce_get_geolocationincludes\reports\reports.php:32

actionadmin_initincludes\settings\admin-settings.php:24

actionadmin_menuincludes\settings\admin-settings.php:25

actionadmin_enqueue_scriptsincludes\support.php:32

actionadmin_noticesincludes\support.php:33

actionadmin_initincludes\support.php:34

actionadmin_menuincludes\support.php:35

filterplugin_row_metaincludes\support.php:37

actionadmin_initincludes\support.php:39

actionadmin_bar_menuincludes\support.php:41

actionadmin_noticesincludes\support.php:55

actionadmin_footerincludes\support.php:672

actionadmin_bar_menuincludes\support.php:810

actionadmin_noticesincludes\support.php:956

actionbefore_woocommerce_initwoo-abandoned-cart-recovery.php:27

actionplugins_loadedwoo-abandoned-cart-recovery.php:52

actionwpmu_new_blogwoo-abandoned-cart-recovery.php:82

filterwpmu_drop_tableswoo-abandoned-cart-recovery.php:83

Scheduled Events 3

wacv_execute_cron

wacv_remove_abandoned_cart

wacv_delete_coupon

Maintenance & Trust

Abandoned Cart Recovery for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 25, 2026

PHP min version7.0

Downloads199K

Community Trust

Rating90/100

Number of ratings28

Active installs4K

Alternatives

Abandoned Cart Recovery for WooCommerce Alternatives

Cart Lift – Abandoned Cart Recovery for WooCommerce and EDD

cart-lift

Track abandoned carts and send automated, customizable abandoned cart recovery emails. Get more leads, reduce cart abandonment, and increase revenue.

1K 2 CVEs

ShopMagic – email automation

shopmagic-for-woocommerce

Flexible email automation and workflows triggered by customer and site events.

10K 2 CVEs

LetsRecover – WooCommerce Abandoned Cart Notifications

letsrecover-woocommerce-abandoned-cart

Recover your lost revenue and abandoned carts using multiple automated Web Push Notification reminder by WooCommerce Abandoned Cart Recovery Notificat …

0 3 CVEs

NS Recover Abandoned Cart

ns-recover-abandoned-cart

Helps to find out how many lost carts your store has by keeping track when users abandon them. It also sends an mail to those users to help recover th …

0 No CVEs

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.

2.0M 59 CVEs

Developer Profile

Abandoned Cart Recovery for WooCommerce Developer Profile

VillaTheme

59 plugins · 166K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

205 days

View full developer profile

Detection Fingerprints

How We Detect Abandoned Cart Recovery for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/woo-abandoned-cart-recovery/assets/css/admin-style.css/wp-content/plugins/woo-abandoned-cart-recovery/assets/css/style.css/wp-content/plugins/woo-abandoned-cart-recovery/assets/js/admin.js/wp-content/plugins/woo-abandoned-cart-recovery/assets/js/frontend.js/wp-content/plugins/woo-abandoned-cart-recovery/assets/js/script.js

Script Paths

/wp-content/plugins/woo-abandoned-cart-recovery/assets/js/admin.js/wp-content/plugins/woo-abandoned-cart-recovery/assets/js/frontend.js/wp-content/plugins/woo-abandoned-cart-recovery/assets/js/script.js

Version Parameters

woo-abandoned-cart-recovery/assets/css/admin-style.css?ver=woo-abandoned-cart-recovery/assets/css/style.css?ver=woo-abandoned-cart-recovery/assets/js/admin.js?ver=woo-abandoned-cart-recovery/assets/js/frontend.js?ver=woo-abandoned-cart-recovery/assets/js/script.js?ver=

HTML / DOM Fingerprints

CSS Classes

wacv-admin-sectionwacv-tab-contentwacv-setting-fieldwacv-setting-labelwacv-setting-inputwacv-content-wrap

HTML Comments

VillaTheme: Abandoned Cart Recovery for WooCommerce

Data Attributes

data-wacv-sectiondata-wacv-tabdata-wacv-field

JS Globals

wacv_paramswacv_settings

FAQ

Abandoned Cart Recovery for WooCommerce Security & Risk Analysis

Is Abandoned Cart Recovery for WooCommerce Safe to Use in 2026?

Generally Safe

Key Concerns

Abandoned Cart Recovery for WooCommerce Security Vulnerabilities

CVEs by Year

Severity Breakdown

Abandoned Cart Recovery for WooCommerce Release Timeline

Abandoned Cart Recovery for WooCommerce Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

Abandoned Cart Recovery for WooCommerce Attack Surface

AJAX Handlers 13

Scheduled Events 3

Abandoned Cart Recovery for WooCommerce Maintenance & Trust

Maintenance Signals

Community Trust

Abandoned Cart Recovery for WooCommerce Alternatives

Cart Lift – Abandoned Cart Recovery for WooCommerce and EDD

ShopMagic – email automation

LetsRecover – WooCommerce Abandoned Cart Notifications

NS Recover Abandoned Cart

Essential Addons for Elementor – Popular Elementor Templates & Widgets

Abandoned Cart Recovery for WooCommerce Developer Profile

How We Detect Abandoned Cart Recovery for WooCommerce

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Abandoned Cart Recovery for WooCommerce