WP-Safety

Cart Abandonment Recovery for WooCommerce – Recover Lost Sales with Automated Emails Security & Risk Analysis

wordpress.org/plugins/woo-cart-abandonment-recovery

Every store loses sales to cart abandonment. But with Cart Abandonment Recovery for WooCommerce, you can win them back—automatically.

300K active installs v2.1.1 PHP 7.2+ WP 5.4+ Updated Mar 18, 2026
cart-abandonmentcart-recoverywoocommerce
96
A · Safe
CVEs total2
Unpatched0
Last CVEApr 8, 2026
Plugin page Download
Safety Verdict

Is Cart Abandonment Recovery for WooCommerce – Recover Lost Sales with Automated Emails Safe to Use in 2026?

Generally Safe

Score 96/100

Cart Abandonment Recovery for WooCommerce – Recover Lost Sales with Automated Emails has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

2 known CVEsLast CVE: Apr 8, 2026Updated 2mo ago
Risk Assessment

The "woo-cart-abandonment-recovery" plugin v2.1.0 exhibits a generally good security posture, with a significant majority of SQL queries utilizing prepared statements and a high percentage of outputs being properly escaped. The absence of dangerous functions and external HTTP requests in the analyzed code is also positive. However, the presence of one AJAX handler without authentication checks is a notable concern, representing a direct entry point that could be exploited if it handles user-supplied data without proper validation.

The vulnerability history shows one past medium-severity CVE, specifically a Cross-Site Request Forgery (CSRF) issue. While this vulnerability is currently patched, the pattern suggests a susceptibility to certain types of attacks. The taint analysis found three flows with unsanitized paths, although they did not reach critical or high severity. This indicates potential areas where user input might not be sufficiently cleaned before being used, which could lead to vulnerabilities if exploited in conjunction with other issues.

Overall, the plugin demonstrates a commitment to secure coding practices. The main risks lie in the unprotected AJAX endpoint and the historical presence of CSRF vulnerabilities. While the current version appears to have addressed past issues and has a robust internal security implementation, the unprotected AJAX handler requires immediate attention to prevent potential unauthorized actions.

Key Concerns

  • Unprotected AJAX handler
  • Flows with unsanitized paths
  • Past medium severity CVE (CSRF)
Vulnerabilities
2 published

Cart Abandonment Recovery for WooCommerce – Recover Lost Sales with Automated Emails Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

High
1
Medium
1

2 total CVEs

CVE-2026-39470high · 7.2Incorrect Privilege Assignment

Cart Abandonment Recovery for WooCommerce – Recover Lost Sales with Automated Emails < 2.1.0 - Authenticated (Shop Manager+) Privilege Escalation

Apr 8, 2026 Patched in 2.1.0 (8d)
CVE-2024-2322medium · 4.3Cross-Site Request Forgery (CSRF)

WooCommerce Cart Abandonment Recovery <= 1.2.26 - Cross-Site Request Forgery to Templates/Abandoned Orders Deletion

Mar 13, 2024 Patched in 1.2.27 (25d)
Version History

Cart Abandonment Recovery for WooCommerce – Recover Lost Sales with Automated Emails Release Timeline

v2.1.1Current19 files changed
v2.1.076 files changed
v2.0.71 CVE12 files changed
CVE-2026-39470
v2.0.61 CVE56 files changed
CVE-2026-39470
v2.0.51 CVE71 files changed
CVE-2026-39470
v2.0.41 CVE15 files changed
CVE-2026-39470
v2.0.31 CVE16 files changed
CVE-2026-39470
v2.0.21 CVE21 files changed
CVE-2026-39470
v2.0.11 CVE69 files changed
CVE-2026-39470
v2.0.01 CVE225 files changed
CVE-2026-39470
v1.3.31 CVE19 files changed
CVE-2026-39470
v1.3.21 CVE32 files changed
CVE-2026-39470
v1.3.11 CVE6 files changed
CVE-2026-39470
v1.3.01 CVE8 files changed
CVE-2026-39470
v1.2.271 CVE9 files changed
CVE-2026-39470
v1.2.262 CVEs8 files changed
CVE-2024-2322 CVE-2026-39470
v1.2.252 CVEs7 files changed
CVE-2024-2322 CVE-2026-39470
v1.2.242 CVEs7 files changed
CVE-2024-2322 CVE-2026-39470
v1.2.232 CVEs24 files changed
CVE-2024-2322 CVE-2026-39470
v1.2.222 CVEs
CVE-2024-2322 CVE-2026-39470
Code Analysis
Analyzed Mar 16, 2026

Cart Abandonment Recovery for WooCommerce – Recover Lost Sales with Automated Emails Code Analysis

Dangerous Functions
0
Raw SQL Queries
18
86 prepared
Unescaped Output
45
461 escaped
Nonce Checks
36
Capability Checks
41
File Operations
2
External Requests
4
Bundled Libraries
0

SQL Query Safety

83% prepared104 total queries

Output Escaping

91% escaped506 total outputs
Data Flows · Security
3 unsanitized

Data Flow Analysis

9 flows3 with unsanitized paths
reschedule_emails (admin\ajax\ajax-detailed-report.php:62)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Cart Abandonment Recovery for WooCommerce – Recover Lost Sales with Automated Emails Attack Surface

Entry Points16
Unprotected1

AJAX Handlers 16

authwp_ajax_cart_abandonment_fetch_whats_newadmin\inc\wcar-admin.php:32
authwp_ajax_cart_abandonment_install_pluginadmin\inc\wcar-admin.php:33
authwp_ajax_cart_abandonment_activate_pluginadmin\inc\wcar-admin.php:34
authwp_ajax_wcar_complete_onboardingadmin\inc\wcar-admin.php:35
authwp_ajax_wcar_disable_weekly_report_email_noticeclasses\class-cartflows-ca-admin-notices.php:35
authwp_ajax_wcar_switch_to_new_uiclasses\class-cartflows-ca-admin-notices.php:39
authwp_ajax_wcf_ca_preview_email_sendmodules\cart-abandonment\classes\class-cartflows-ca-email-schedule.php:28
authwp_ajax_wcf_ca_import_email_templatesmodules\cart-abandonment\classes\class-cartflows-ca-email-template-importer-exporter.php:58
authwp_ajax_wcf_ca_export_email_templatesmodules\cart-abandonment\classes\class-cartflows-ca-email-template-importer-exporter.php:59
authwp_ajax_activate_email_templatesmodules\cart-abandonment\classes\class-cartflows-ca-email-templates.php:78
authwp_ajax_cartflows_skip_cart_tracking_gdprmodules\cart-abandonment\classes\class-cartflows-ca-setting-functions.php:37
noprivwp_ajax_cartflows_skip_cart_tracking_gdprmodules\cart-abandonment\classes\class-cartflows-ca-setting-functions.php:38
authwp_ajax_wcf_ca_delete_garbage_couponsmodules\cart-abandonment\classes\class-cartflows-ca-setting-functions.php:42
authwp_ajax_wcf_ca_save_new_ui_optionmodules\cart-abandonment\classes\class-cartflows-ca-setting-functions.php:45
authwp_ajax_cartflows_save_cart_abandonment_datamodules\cart-abandonment\classes\class-cartflows-ca-tracking.php:40
noprivwp_ajax_cartflows_save_cart_abandonment_datamodules\cart-abandonment\classes\class-cartflows-ca-tracking.php:41
WordPress Hooks 35
filtercart_abandonment_admin_varsadmin\ajax\ajax-base.php:68
actionrest_api_initadmin\api\api-init.php:68
actionadmin_enqueue_scriptsadmin\inc\wcar-admin.php:30
actionadmin_post_wcar_rollbackadmin\inc\wcar-admin.php:36
actionadmin_initclasses\class-cartflows-ca-admin-notices.php:30
actionadmin_footerclasses\class-cartflows-ca-admin-notices.php:31
actionadmin_noticesclasses\class-cartflows-ca-admin-notices.php:33
actionadmin_noticesclasses\class-cartflows-ca-admin-notices.php:38
actionplugins_loadedclasses\class-cartflows-ca-loader.php:57
actioninitclasses\class-cartflows-ca-loader.php:58
actioninitclasses\class-cartflows-ca-loader.php:59
actionbefore_woocommerce_initclasses\class-cartflows-ca-loader.php:62
actionadmin_initclasses\class-cartflows-ca-loader.php:64
actionadmin_noticesclasses\class-cartflows-ca-loader.php:125
actionadmin_noticesclasses\class-cartflows-ca-loader.php:130
actionadmin_initclasses\class-cartflows-ca-settings.php:27
actionadmin_menuclasses\class-cartflows-ca-tabs.php:30
actionadmin_initclasses\class-cartflows-ca-update.php:32
filtercron_schedulesmodules\cart-abandonment\classes\class-cartflows-ca-cron.php:28
actionadmin_enqueue_scriptsmodules\cart-abandonment\classes\class-cartflows-ca-email-templates.php:77
filtermce_buttonsmodules\cart-abandonment\classes\class-cartflows-ca-setting-functions.php:32
filtermce_external_pluginsmodules\cart-abandonment\classes\class-cartflows-ca-setting-functions.php:33
actionadmin_enqueue_scriptsmodules\cart-abandonment\classes\class-cartflows-ca-tracking.php:31
actionwoocommerce_after_checkout_formmodules\cart-abandonment\classes\class-cartflows-ca-tracking.php:36
actionwoocommerce_blocks_enqueue_checkout_block_scripts_aftermodules\cart-abandonment\classes\class-cartflows-ca-tracking.php:37
actionwoocommerce_new_ordermodules\cart-abandonment\classes\class-cartflows-ca-tracking.php:44
actionwoocommerce_thankyoumodules\cart-abandonment\classes\class-cartflows-ca-tracking.php:45
actionwoocommerce_order_status_changedmodules\cart-abandonment\classes\class-cartflows-ca-tracking.php:46
actionwpmodules\cart-abandonment\classes\class-cartflows-ca-tracking.php:49
actionwpmodules\cart-abandonment\classes\class-cartflows-ca-tracking.php:50
actionwoocommerce_before_checkout_formmodules\cart-abandonment\classes\class-cartflows-ca-tracking.php:53
actioncartflows_ca_update_order_status_actionmodules\cart-abandonment\classes\class-cartflows-ca-tracking.php:55
actionadmin_initmodules\weekly-email-report\class-cartflows-ca-admin-report-emails.php:29
actioncartflows_ca_send_report_summary_emailmodules\weekly-email-report\class-cartflows-ca-admin-report-emails.php:31
actionadmin_initmodules\weekly-email-report\class-cartflows-ca-admin-report-emails.php:33

Scheduled Events 1

cartflows_ca_update_order_status_action
Maintenance & Trust

Cart Abandonment Recovery for WooCommerce – Recover Lost Sales with Automated Emails Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 18, 2026
PHP min version7.2
Downloads7.8M

Community Trust

Rating96/100
Number of ratings605
Active installs300K
Alternatives

Cart Abandonment Recovery for WooCommerce – Recover Lost Sales with Automated Emails Alternatives

Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools

Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools

woocommerce-jetpack

B
82

Supercharge WooCommerce with FREE Abandoned Cart Recovery, Product Variation Swatches, PDF Invoices & 100+ tools. Boost sales & save time.

30K 32 CVEs
Abandoned Cart Lite for WooCommerce

Abandoned Cart Lite for WooCommerce

woocommerce-abandoned-cart

A
93

Track abandoned carts and send automated, customizable abandoned cart recovery emails. Reduce cart abandonment, recover lost revenue & increase sales.

20K 12 CVEs
PushEngage – Web Push Notifications, WooCommerce Automation & Chat Widget

PushEngage – Web Push Notifications, WooCommerce Automation & Chat Widget

pushengage

A
100

The #1 push notification plugin for WordPress & WooCommerce. Recover abandoned carts, automate alerts, and grow subscribers — no code needed.

10K No CVEs
CartBounty – Save and recover abandoned carts for WooCommerce

CartBounty – Save and recover abandoned carts for WooCommerce

woo-save-abandoned-carts

A
99

Save abandoned carts and send automated abandoned cart recovery messages. Get more leads, reduce cart abandonment, and increase sales.

10K 1 CVE
Abandoned Cart Recovery for WooCommerce

Abandoned Cart Recovery for WooCommerce

woo-abandoned-cart-recovery

A
96

A simple, effective solution to capture abandoned carts and auto-send reminders. Track logs and generate reports on carts, emails, and more

4K 2 CVEs
Developer Profile

Cart Abandonment Recovery for WooCommerce – Recover Lost Sales with Automated Emails Developer Profile

Brainstorm Force

34 plugins · 8.8M total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
185 days
View full developer profile
Detection Fingerprints

How We Detect Cart Abandonment Recovery for WooCommerce – Recover Lost Sales with Automated Emails

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/woo-cart-abandonment-recovery/admin/build/settings.js/wp-content/plugins/woo-cart-abandonment-recovery/admin/build/settings.css
Script Paths
https://app.suretriggers.com/js/v2/embed.jshttps://fonts.googleapis.com/css2?family=Figtree:wght@300;400;500;600&display=swap
Version Parameters
woo-cart-abandonment-recovery/admin/build/settings.asset.php

HTML / DOM Fingerprints

CSS Classes
wcf-ca-react-app
Data Attributes
data-target="wcar-iframe-wrapper"data-client-id="4f26d5fa-d5bb-4910-8440-0fe1afaa3235"data-embedded-identifier="cart-abandonment-recovery"
JS Globals
cart_abandonment_admin
REST Endpoints
/wp-json/wcar/v1/settings
FAQ

Frequently Asked Questions about Cart Abandonment Recovery for WooCommerce – Recover Lost Sales with Automated Emails