WP-Safety

Email Domain Blacklist for WooCommerce and EDD Security & Risk Analysis

wordpress.org/plugins/woo-email-domain-blacklist

A lightweight plugin to block any email domain from WooCommerce and Easy Digital Download checkout page

50 active installs v2.0.1 PHP + WP 3.0.1+ Updated Sep 28, 2025
blockdomainemailwoowoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Email Domain Blacklist for WooCommerce and EDD Safe to Use in 2026?

Generally Safe

Score 100/100

Email Domain Blacklist for WooCommerce and EDD has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6mo ago
Risk Assessment

The "woo-email-domain-blacklist" v2.0.1 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices regarding SQL queries, utilizing prepared statements exclusively, and shows no known CVEs or historical vulnerabilities. The attack surface is also commendably small, with no unprotected entry points. However, significant concerns arise from the code analysis. The presence of the `create_function` dangerous function is a major red flag, as it can lead to remote code execution if not handled with extreme caution and sanitization, though no specific flows were identified in the taint analysis. Furthermore, a low percentage of output escaping (36%) is a considerable risk, potentially exposing the site to cross-site scripting (XSS) vulnerabilities. The absence of nonce checks and capability checks on potential entry points (though currently zero unprotected ones exist) leaves room for future vulnerabilities if new entry points are introduced without proper authentication and authorization mechanisms.

Key Concerns

  • Dangerous function 'create_function' used
  • Low output escaping percentage (36%)
  • No nonce checks implemented
  • No capability checks implemented
Vulnerabilities
None known

Email Domain Blacklist for WooCommerce and EDD Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Email Domain Blacklist for WooCommerce and EDD Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
14
8 escaped
Nonce Checks
0
Capability Checks
0
File Operations
2
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

create_function$callback = create_function('', 'echo "'.str_replace('"', '\"', $section['desc']).'";');admin\class.settings-api.php:100

Output Escaping

36% escaped22 total outputs
Attack Surface

Email Domain Blacklist for WooCommerce and EDD Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 9
actionadmin_enqueue_scriptsadmin\class.settings-api.php:22
actionadmin_initadmin\email-blacklist-admin.php:15
actionadmin_menuadmin\email-blacklist-admin.php:16
filtersanitize_option_foa_wc_email_blacklistadmin\email-blacklist-admin.php:58
actionplugins_loadedpublic\email-blacklist.php:11
actionwoocommerce_checkout_processpublic\email-blacklist.php:12
actionedd_checkout_error_checkspublic\email-blacklist.php:13
filtercron_schedulespublic\email-blacklist.php:15
actionwedb_check_external_domain_updatepublic\email-blacklist.php:16

Scheduled Events 1

wedb_check_external_domain_update
Maintenance & Trust

Email Domain Blacklist for WooCommerce and EDD Maintenance & Trust

Maintenance Signals

WordPress version tested5.2.24
Last updatedSep 28, 2025
PHP min version
Downloads2K

Community Trust

Rating74/100
Number of ratings3
Active installs50
Alternatives

Email Domain Blacklist for WooCommerce and EDD Alternatives

Email and Domain Blocker for WooCommerce

Email and Domain Blocker for WooCommerce

email-and-domain-blocker

A
100

Block emails or domains from WooCommerce signups. Supports wildcards, logging, CSV export, and test email checker.

300 No CVEs
Block Emails for WooCommerce Checkout

Block Emails for WooCommerce Checkout

wc-block-emails

A
92

A WooCommerce plugin to block specific email addresses during checkout.

700 No CVEs
Advanced Email Domain Restriction

Advanced Email Domain Restriction

advanced-email-domain-restriction

A
100

Restrict user registrations to specific domains, TLDs, or email addresses. Includes CSV import/export and WooCommerce support.

40 No CVEs
Spam Defender – Email Blocker

Spam Defender – Email Blocker

spam-defender-email-blocker

A
100

Block specific email addresses from using your WordPress site. Stop fake orders, spam registrations, and unwanted comments.

10 No CVEs
MailPoet – Newsletters, Email Marketing, and Automation

MailPoet – Newsletters, Email Marketing, and Automation

mailpoet

A
98

Send beautiful newsletters from WordPress. Collect subscribers with signup forms, automate your emails for WooCommerce, blog post notifications & more

500K 3 CVEs
Developer Profile

Email Domain Blacklist for WooCommerce and EDD Developer Profile

Kowsar Hossain

3 plugins · 4K total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Email Domain Blacklist for WooCommerce and EDD

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Script Paths
/wp-content/plugins/woo-email-domain-blacklist/admin/js/email-blacklist-admin.js
Version Parameters
woo-email-domain-blacklist/admin/css/email-blacklist-admin.css?ver=woo-email-domain-blacklist/admin/js/email-blacklist-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
email-blacklist-notice
JS Globals
FOA_Email_Domain_Blacklist_Admin_vars
FAQ

Frequently Asked Questions about Email Domain Blacklist for WooCommerce and EDD