WP-Safety

Cart Abandonment Recovery for WooCommerce – Recover Lost Sales with Automated Emails Security & Risk Analysis

wordpress.org/plugins/woo-cart-abandonment-recovery

Every store loses sales to cart abandonment. But with Cart Abandonment Recovery for WooCommerce, you can win them back—automatically.

300K active installs v2.1.0 PHP 7.2+ WP 5.4+ Updated Feb 24, 2026
cart-abandonmentcart-recoverywoocommerce
100
A · Safe
CVEs total1
Unpatched0
Last CVEMar 13, 2024
Plugin page Download
Safety Verdict

Is Cart Abandonment Recovery for WooCommerce – Recover Lost Sales with Automated Emails Safe to Use in 2026?

Generally Safe

Score 100/100

Cart Abandonment Recovery for WooCommerce – Recover Lost Sales with Automated Emails has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Mar 13, 2024Updated 1mo ago
Risk Assessment

The "woo-cart-abandonment-recovery" plugin v2.1.0 exhibits a generally good security posture, with a significant majority of SQL queries utilizing prepared statements and a high percentage of outputs being properly escaped. The absence of dangerous functions and external HTTP requests in the analyzed code is also positive. However, the presence of one AJAX handler without authentication checks is a notable concern, representing a direct entry point that could be exploited if it handles user-supplied data without proper validation.

The vulnerability history shows one past medium-severity CVE, specifically a Cross-Site Request Forgery (CSRF) issue. While this vulnerability is currently patched, the pattern suggests a susceptibility to certain types of attacks. The taint analysis found three flows with unsanitized paths, although they did not reach critical or high severity. This indicates potential areas where user input might not be sufficiently cleaned before being used, which could lead to vulnerabilities if exploited in conjunction with other issues.

Overall, the plugin demonstrates a commitment to secure coding practices. The main risks lie in the unprotected AJAX endpoint and the historical presence of CSRF vulnerabilities. While the current version appears to have addressed past issues and has a robust internal security implementation, the unprotected AJAX handler requires immediate attention to prevent potential unauthorized actions.

Key Concerns

  • Unprotected AJAX handler
  • Flows with unsanitized paths
  • Past medium severity CVE (CSRF)
Vulnerabilities
1

Cart Abandonment Recovery for WooCommerce – Recover Lost Sales with Automated Emails Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2024-2322medium · 4.3Cross-Site Request Forgery (CSRF)

WooCommerce Cart Abandonment Recovery <= 1.2.26 - Cross-Site Request Forgery to Templates/Abandoned Orders Deletion

Mar 13, 2024 Patched in 1.2.27 (25d)
Code Analysis
Analyzed Mar 16, 2026

Cart Abandonment Recovery for WooCommerce – Recover Lost Sales with Automated Emails Code Analysis

Dangerous Functions
0
Raw SQL Queries
18
86 prepared
Unescaped Output
45
461 escaped
Nonce Checks
36
Capability Checks
41
File Operations
2
External Requests
4
Bundled Libraries
0

SQL Query Safety

83% prepared104 total queries

Output Escaping

91% escaped506 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

9 flows3 with unsanitized paths
reschedule_emails (admin\ajax\ajax-detailed-report.php:62)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Cart Abandonment Recovery for WooCommerce – Recover Lost Sales with Automated Emails Attack Surface

Entry Points16
Unprotected1

AJAX Handlers 16

authwp_ajax_cart_abandonment_fetch_whats_newadmin\inc\wcar-admin.php:32
authwp_ajax_cart_abandonment_install_pluginadmin\inc\wcar-admin.php:33
authwp_ajax_cart_abandonment_activate_pluginadmin\inc\wcar-admin.php:34
authwp_ajax_wcar_complete_onboardingadmin\inc\wcar-admin.php:35
authwp_ajax_wcar_disable_weekly_report_email_noticeclasses\class-cartflows-ca-admin-notices.php:35
authwp_ajax_wcar_switch_to_new_uiclasses\class-cartflows-ca-admin-notices.php:39
authwp_ajax_wcf_ca_preview_email_sendmodules\cart-abandonment\classes\class-cartflows-ca-email-schedule.php:28
authwp_ajax_wcf_ca_import_email_templatesmodules\cart-abandonment\classes\class-cartflows-ca-email-template-importer-exporter.php:58
authwp_ajax_wcf_ca_export_email_templatesmodules\cart-abandonment\classes\class-cartflows-ca-email-template-importer-exporter.php:59
authwp_ajax_activate_email_templatesmodules\cart-abandonment\classes\class-cartflows-ca-email-templates.php:78
authwp_ajax_cartflows_skip_cart_tracking_gdprmodules\cart-abandonment\classes\class-cartflows-ca-setting-functions.php:37
noprivwp_ajax_cartflows_skip_cart_tracking_gdprmodules\cart-abandonment\classes\class-cartflows-ca-setting-functions.php:38
authwp_ajax_wcf_ca_delete_garbage_couponsmodules\cart-abandonment\classes\class-cartflows-ca-setting-functions.php:42
authwp_ajax_wcf_ca_save_new_ui_optionmodules\cart-abandonment\classes\class-cartflows-ca-setting-functions.php:45
authwp_ajax_cartflows_save_cart_abandonment_datamodules\cart-abandonment\classes\class-cartflows-ca-tracking.php:40
noprivwp_ajax_cartflows_save_cart_abandonment_datamodules\cart-abandonment\classes\class-cartflows-ca-tracking.php:41
WordPress Hooks 35
filtercart_abandonment_admin_varsadmin\ajax\ajax-base.php:68
actionrest_api_initadmin\api\api-init.php:68
actionadmin_enqueue_scriptsadmin\inc\wcar-admin.php:30
actionadmin_post_wcar_rollbackadmin\inc\wcar-admin.php:36
actionadmin_initclasses\class-cartflows-ca-admin-notices.php:30
actionadmin_footerclasses\class-cartflows-ca-admin-notices.php:31
actionadmin_noticesclasses\class-cartflows-ca-admin-notices.php:33
actionadmin_noticesclasses\class-cartflows-ca-admin-notices.php:38
actionplugins_loadedclasses\class-cartflows-ca-loader.php:57
actioninitclasses\class-cartflows-ca-loader.php:58
actioninitclasses\class-cartflows-ca-loader.php:59
actionbefore_woocommerce_initclasses\class-cartflows-ca-loader.php:62
actionadmin_initclasses\class-cartflows-ca-loader.php:64
actionadmin_noticesclasses\class-cartflows-ca-loader.php:125
actionadmin_noticesclasses\class-cartflows-ca-loader.php:130
actionadmin_initclasses\class-cartflows-ca-settings.php:27
actionadmin_menuclasses\class-cartflows-ca-tabs.php:30
actionadmin_initclasses\class-cartflows-ca-update.php:32
filtercron_schedulesmodules\cart-abandonment\classes\class-cartflows-ca-cron.php:28
actionadmin_enqueue_scriptsmodules\cart-abandonment\classes\class-cartflows-ca-email-templates.php:77
filtermce_buttonsmodules\cart-abandonment\classes\class-cartflows-ca-setting-functions.php:32
filtermce_external_pluginsmodules\cart-abandonment\classes\class-cartflows-ca-setting-functions.php:33
actionadmin_enqueue_scriptsmodules\cart-abandonment\classes\class-cartflows-ca-tracking.php:31
actionwoocommerce_after_checkout_formmodules\cart-abandonment\classes\class-cartflows-ca-tracking.php:36
actionwoocommerce_blocks_enqueue_checkout_block_scripts_aftermodules\cart-abandonment\classes\class-cartflows-ca-tracking.php:37
actionwoocommerce_new_ordermodules\cart-abandonment\classes\class-cartflows-ca-tracking.php:44
actionwoocommerce_thankyoumodules\cart-abandonment\classes\class-cartflows-ca-tracking.php:45
actionwoocommerce_order_status_changedmodules\cart-abandonment\classes\class-cartflows-ca-tracking.php:46
actionwpmodules\cart-abandonment\classes\class-cartflows-ca-tracking.php:49
actionwpmodules\cart-abandonment\classes\class-cartflows-ca-tracking.php:50
actionwoocommerce_before_checkout_formmodules\cart-abandonment\classes\class-cartflows-ca-tracking.php:53
actioncartflows_ca_update_order_status_actionmodules\cart-abandonment\classes\class-cartflows-ca-tracking.php:55
actionadmin_initmodules\weekly-email-report\class-cartflows-ca-admin-report-emails.php:29
actioncartflows_ca_send_report_summary_emailmodules\weekly-email-report\class-cartflows-ca-admin-report-emails.php:31
actionadmin_initmodules\weekly-email-report\class-cartflows-ca-admin-report-emails.php:33

Scheduled Events 1

cartflows_ca_update_order_status_action
Maintenance & Trust

Cart Abandonment Recovery for WooCommerce – Recover Lost Sales with Automated Emails Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 24, 2026
PHP min version7.2
Downloads7.6M

Community Trust

Rating96/100
Number of ratings601
Active installs300K
Alternatives

Cart Abandonment Recovery for WooCommerce – Recover Lost Sales with Automated Emails Alternatives

Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools

Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools

woocommerce-jetpack

B
82

Supercharge WooCommerce with FREE Abandoned Cart Recovery, Product Variation Swatches, PDF Invoices & 100+ tools. Boost sales & save time.

30K 31 CVEs
Abandoned Cart Lite for WooCommerce

Abandoned Cart Lite for WooCommerce

woocommerce-abandoned-cart

A
93

Track abandoned carts and send automated, customizable abandoned cart recovery emails. Reduce cart abandonment, recover lost revenue & increase sales.

20K 12 CVEs
PushEngage – Web Push notification, WA Automation & Multi-Channel Chat Widget ( WA, Messenger, X, Telegram, TikTok & More)

PushEngage – Web Push notification, WA Automation & Multi-Channel Chat Widget ( WA, Messenger, X, Telegram, TikTok & More)

pushengage

A
100

Send order updates, recover abandoned carts, and boost retention with push notifications, WhatsApp automation + multichannel Chat widget.

10K No CVEs
CartBounty – Save and recover abandoned carts for WooCommerce

CartBounty – Save and recover abandoned carts for WooCommerce

woo-save-abandoned-carts

A
99

Save abandoned carts and send automated abandoned cart recovery messages. Get more leads, reduce cart abandonment, and increase sales.

10K 1 CVE
Abandoned Cart Recovery for WooCommerce

Abandoned Cart Recovery for WooCommerce

woo-abandoned-cart-recovery

A
100

A simple, effective solution to capture abandoned carts and auto-send reminders. Track logs and generate reports on carts, emails, and more

4K 1 CVE
Developer Profile

Cart Abandonment Recovery for WooCommerce – Recover Lost Sales with Automated Emails Developer Profile

Brainstorm Force

32 plugins · 8.6M total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
196 days
View full developer profile
Detection Fingerprints

How We Detect Cart Abandonment Recovery for WooCommerce – Recover Lost Sales with Automated Emails

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/woo-cart-abandonment-recovery/admin/build/settings.js/wp-content/plugins/woo-cart-abandonment-recovery/admin/build/settings.css
Script Paths
https://app.suretriggers.com/js/v2/embed.jshttps://fonts.googleapis.com/css2?family=Figtree:wght@300;400;500;600&display=swap
Version Parameters
woo-cart-abandonment-recovery/admin/build/settings.asset.php

HTML / DOM Fingerprints

CSS Classes
wcf-ca-react-app
Data Attributes
data-target="wcar-iframe-wrapper"data-client-id="4f26d5fa-d5bb-4910-8440-0fe1afaa3235"data-embedded-identifier="cart-abandonment-recovery"
JS Globals
cart_abandonment_admin
REST Endpoints
/wp-json/wcar/v1/settings
FAQ

Frequently Asked Questions about Cart Abandonment Recovery for WooCommerce – Recover Lost Sales with Automated Emails