WP-Safety

Email Inquiry & Cart Options for WooCommerce Security & Risk Analysis

wordpress.org/plugins/woocommerce-email-inquiry-cart-options

Set Product Page Rules, Hide Add to Cart, Hide Price, Show Email Inquiry, Filter Rules by Roles for logged in users. 100% Mobile responsive Email Inqu …

800 active installs v3.4.3 PHP + WP 6.0+ Updated Dec 2, 2025
woocommercewoocommerce-add-to-cartwoocommerce-brochure-pagewoocommerce-catalog-visibilitywoocommerce-email-inquiry
78
B · Generally Safe
CVEs total1
Unpatched1
Last CVEJan 26, 2026
Download
Safety Verdict

Is Email Inquiry & Cart Options for WooCommerce Safe to Use in 2026?

Mostly Safe

Score 78/100

Email Inquiry & Cart Options for WooCommerce is generally safe to use. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Jan 26, 2026Updated 4mo ago
Risk Assessment

The security posture of the "woocommerce-email-inquiry-cart-options" plugin version 3.4.3 presents a mixed bag of good practices and significant concerns. While the plugin demonstrates a high percentage of properly escaped output (91%) and includes a decent number of nonce and capability checks (7 and 4 respectively), the number of unprotected entry points is a major red flag. With 4 out of 5 identified entry points (all AJAX handlers) lacking authentication checks, this plugin is highly susceptible to unauthorized access and malicious actions if these handlers can be triggered by unauthenticated users. The presence of unsanitized paths in taint analysis, even if not currently critical or high severity, hints at potential vulnerabilities that could be exploited. The plugin's vulnerability history, specifically the unpatched medium severity CVE related to Cross-site Scripting, is a critical concern. The fact that this vulnerability is dated 2026-01-26 and remains unpatched suggests a lack of active maintenance or a delay in addressing security flaws, making it a target for attackers looking for known exploits.

Overall, the plugin has some strengths in its output sanitization and the presence of some security checks. However, the critical lack of authentication on a substantial portion of its attack surface, coupled with an unpatched known vulnerability and potential for unsanitized data flows, significantly elevates the risk. The presence of raw SQL queries without prepared statements also adds to the potential for SQL injection vulnerabilities, though the static analysis did not flag any for this specific version. The reliance on bundled libraries like jQuery could also pose a risk if not kept up-to-date, although no specific issues were highlighted here. The primary concern is the ease with which an attacker could potentially interact with sensitive functionalities due to the unprotected AJAX endpoints.

Key Concerns

  • 4 unprotected AJAX handlers
  • 1 unpatched medium CVE (XSS)
  • 2 flows with unsanitized paths
  • 1 SQL query without prepared statements
Vulnerabilities
1

Email Inquiry & Cart Options for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2026-24526medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Email Inquiry & Cart Options for WooCommerce <= 3.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jan 26, 2026Unpatched
Code Analysis
Analyzed Mar 16, 2026

Email Inquiry & Cart Options for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
0 prepared
Unescaped Output
98
1000 escaped
Nonce Checks
7
Capability Checks
4
File Operations
2
External Requests
4
Bundled Libraries
1

Bundled Libraries

jQuery

SQL Query Safety

0% prepared1 total queries

Output Escaping

91% escaped1098 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

8 flows2 with unsanitized paths
a3_admin_ui_event (admin\admin-interface.php:174)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

Email Inquiry & Cart Options for WooCommerce Attack Surface

Entry Points5
Unprotected4

AJAX Handlers 4

authwp_ajax_wc_ei_yellow_message_dontshowadmin\wc-email-inquiry-init.php:63
noprivwp_ajax_wc_ei_yellow_message_dontshowadmin\wc-email-inquiry-init.php:64
authwp_ajax_wc_ei_yellow_message_dismissadmin\wc-email-inquiry-init.php:67
noprivwp_ajax_wc_ei_yellow_message_dismissadmin\wc-email-inquiry-init.php:68

Shortcodes 1

[wc_email_inquiry_bt] admin\wc-email-inquiry-init.php:146
WordPress Hooks 77
actionplugins_loadedadmin\admin-init.php:39
actionplugins_loadedadmin\admin-init.php:47
actioninitadmin\admin-interface.php:49
actioninitadmin\admin-interface.php:50
actionadmin_enqueue_scriptsadmin\admin-interface.php:65
actionadmin_enqueue_scriptsadmin\admin-interface.php:66
actionadmin_print_scriptsadmin\admin-interface.php:69
actionadmin_print_footer_scriptsadmin\admin-interface.php:70
actionadmin_enqueue_scriptsadmin\admin-interface.php:81
actionadmin_enqueue_scriptsadmin\includes\uploader\class-uploader.php:59
actionwp_enqueue_scriptsadmin\less\sass.php:22
filterfilesystem_methodadmin\less\sass.php:57
actionplugins_loadedadmin\settings\email-inquiry-button-style-settings.php:92
actionplugins_loadedadmin\settings\email-inquiry-global-settings.php:92
actionplugins_loadedadmin\settings\rules-roles-settings.php:92
actioninitadmin\wc-email-inquiry-init.php:29
actionadmin_enqueue_scriptsadmin\wc-email-inquiry-init.php:32
actionadmin_enqueue_scriptsadmin\wc-email-inquiry-init.php:35
filterplugin_row_metaadmin\wc-email-inquiry-init.php:38
actionwp_enqueue_scriptsadmin\wc-email-inquiry-init.php:53
actionwp_enqueue_scriptsadmin\wc-email-inquiry-init.php:56
filterwoocommerce_order_item_display_meta_valueadmin\wc-email-inquiry-init.php:60
filterwoocommerce_blocks_product_grid_item_htmladmin\wc-email-inquiry-init.php:71
actionwoocommerce_before_template_partadmin\wc-email-inquiry-init.php:74
actionwoocommerce_after_template_partadmin\wc-email-inquiry-init.php:75
actionwoocommerce_before_add_to_cart_buttonadmin\wc-email-inquiry-init.php:78
actionwoocommerce_after_add_to_cart_buttonadmin\wc-email-inquiry-init.php:79
actionwoocommerce_before_add_to_cart_formadmin\wc-email-inquiry-init.php:82
filtersingle_add_to_cart_textadmin\wc-email-inquiry-init.php:83
filterwoocommerce_product_single_add_to_cart_textadmin\wc-email-inquiry-init.php:84
actionwoocommerce_before_template_partadmin\wc-email-inquiry-init.php:85
actionwoocommerce_after_template_partadmin\wc-email-inquiry-init.php:86
actionwoocommerce_before_template_partadmin\wc-email-inquiry-init.php:90
actionwoocommerce_after_template_partadmin\wc-email-inquiry-init.php:91
filterwoocommerce_get_price_htmladmin\wc-email-inquiry-init.php:94
filterwoocommerce_variation_sale_price_htmladmin\wc-email-inquiry-init.php:95
filterwoocommerce_variation_price_htmladmin\wc-email-inquiry-init.php:96
filterwoocommerce_variation_free_price_htmladmin\wc-email-inquiry-init.php:97
filterwoocommerce_variation_empty_price_htmladmin\wc-email-inquiry-init.php:98
filterwoocommerce_cart_item_priceadmin\wc-email-inquiry-init.php:100
filterwoocommerce_cart_item_subtotaladmin\wc-email-inquiry-init.php:102
filterwoocommerce_widget_cart_item_quantityadmin\wc-email-inquiry-init.php:103
filterwoocommerce_cart_product_subtotaladmin\wc-email-inquiry-init.php:104
filterwc_product_options_discount_price_htmladmin\wc-email-inquiry-init.php:107
filterwc_product_options_discount_variation_onsale_price_htmladmin\wc-email-inquiry-init.php:108
filterwc_product_options_discount_variable_onsale_price_htmladmin\wc-email-inquiry-init.php:109
filterwc_product_options_discount_onsale_price_htmladmin\wc-email-inquiry-init.php:110
filterwoocommerce_cart_subtotaladmin\wc-email-inquiry-init.php:112
filterwoocommerce_cart_totaladmin\wc-email-inquiry-init.php:113
filterwoocommerce_cart_contents_totaladmin\wc-email-inquiry-init.php:114
actionwp_footeradmin\wc-email-inquiry-init.php:117
actionwoocommerce_before_template_partadmin\wc-email-inquiry-init.php:127
actionwoocommerce_after_shop_loop_itemadmin\wc-email-inquiry-init.php:129
actionwoocommerce_before_template_partadmin\wc-email-inquiry-init.php:136
actionwoocommerce_after_template_partadmin\wc-email-inquiry-init.php:138
filterrender_block_core/shortcodeadmin\wc-email-inquiry-init.php:142
filterrender_block_core/paragraphadmin\wc-email-inquiry-init.php:143
actioninitadmin\wc-email-inquiry-init.php:172
filterwp_mail_fromclasses\class-wc-email-inquiry-functions.php:286
filterwp_mail_from_nameclasses\class-wc-email-inquiry-functions.php:287
filterwp_mail_content_typeclasses\class-wc-email-inquiry-functions.php:288
actionwp_footerclasses\class-wc-email-inquiry-hook.php:323
actionwp_footerclasses\class-wc-email-inquiry-hook.php:324
actionwoocommerce_product_addons_startincludes\wc-qo-product-addons-compatibility.php:13
filterwoocommerce_product_addons_option_priceincludes\wc-qo-product-addons-compatibility.php:23
filterwoocommerce_get_item_dataincludes\wc-qo-product-addons-compatibility.php:44
filterwc_priceincludes\wc-qo-product-addons-compatibility.php:49
filterwoocommerce_get_item_dataincludes\wc-qo-product-addons-compatibility.php:56
actionwoocommerce_checkout_create_order_line_itemincludes\wc-qo-product-addons-compatibility.php:73
filterwc_priceincludes\wc-qo-product-addons-compatibility.php:75
actionwoocommerce_checkout_create_order_line_itemincludes\wc-qo-product-addons-compatibility.php:79
filterwoocommerce_order_item_display_meta_keyincludes\wc-qo-product-addons-compatibility.php:85
actioninitsrc\blocks\inquiry-button\block.php:60
actioninitsrc\blocks.php:21
actionenqueue_block_assetssrc\blocks.php:24
filterblock_categories_allsrc\blocks.php:29
actionbefore_woocommerce_initwoocommerce-email-inquiry-cart-options.php:46
Maintenance & Trust

Email Inquiry & Cart Options for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.0
Last updatedDec 2, 2025
PHP min version
Downloads141K

Community Trust

Rating64/100
Number of ratings20
Active installs800
Alternatives

Email Inquiry & Cart Options for WooCommerce Alternatives

Custom Add to Cart labels for WooCommerce

Custom Add to Cart labels for WooCommerce

wc-custom-add-to-cart-labels

A
100

This plugin lets you change the “add to cart” labels on all single product pages (per product type) and also on archive/shop page (per product type)

5K No CVEs
Add to Cart Text Changer and Customize Button, Add Custom Icon

Add to Cart Text Changer and Customize Button, Add Custom Icon

woo-add-to-cart-text-change

A
100

Easy handle: Add to Cart Text Changer and Customize Button, Add Custom Icon. With icon of shop or cart.

2K 1 CVE
Modal Fly Cart & AJAX Add to Cart for WooCommerce

Modal Fly Cart & AJAX Add to Cart for WooCommerce

woocomm-popup-cart-ajax

A
100

Popup Cart Lite for WooCommerce for WooCommerce plugin that displays popup cart for add to cart action.

2K No CVEs
XT Ajax Add To Cart for WooCommerce

XT Ajax Add To Cart for WooCommerce

xt-woo-ajax-add-to-cart

A
91

"XT Ajax Add To Cart for WooCommerce" allows users to add single products or variable products to the cart without the need to reload the en &hellip;

1K 1 CVE
Boost Sales for WooCommerce – Set up Up-Sells & Cross-Sells Popups & Auto Apply Coupon

Boost Sales for WooCommerce – Set up Up-Sells & Cross-Sells Popups & Auto Apply Coupon

woo-boost-sales

A
100

Boost Sales for WooCommerce with dynamic upsell popups, cross-sell bundles, and 'Frequently Bought Together' suggestions

300 No CVEs
Developer Profile

Email Inquiry & Cart Options for WooCommerce Developer Profile

Steve Truman

13 plugins · 117K total installs

73
trust score
Avg Security Score
91/100
Avg Patch Time
539 days
View full developer profile
Detection Fingerprints

How We Detect Email Inquiry & Cart Options for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/woocommerce-email-inquiry-cart-options/assets/css/bootstrap/bootstrap.min.css/wp-content/plugins/woocommerce-email-inquiry-cart-options/assets/css/bootstrap/bootstrap-reboot.min.css/wp-content/plugins/woocommerce-email-inquiry-cart-options/assets/css/modal.min.css/wp-content/plugins/woocommerce-email-inquiry-cart-options/assets/js/bootstrap/util.min.js/wp-content/plugins/woocommerce-email-inquiry-cart-options/assets/js/bootstrap/modal.min.js/wp-content/plugins/woocommerce-email-inquiry-cart-options/assets/js/admin-interface.min.js/wp-content/plugins/woocommerce-email-inquiry-cart-options/assets/js/custom.min.js/wp-content/plugins/woocommerce-email-inquiry-cart-options/assets/js/a3rev-admin-ui.min.js+5 more
Script Paths
/wp-content/plugins/woocommerce-email-inquiry-cart-options/assets/js/bootstrap/util.min.js/wp-content/plugins/woocommerce-email-inquiry-cart-options/assets/js/bootstrap/modal.min.js/wp-content/plugins/woocommerce-email-inquiry-cart-options/assets/js/admin-interface.min.js/wp-content/plugins/woocommerce-email-inquiry-cart-options/assets/js/custom.min.js/wp-content/plugins/woocommerce-email-inquiry-cart-options/assets/js/a3rev-admin-ui.min.js/wp-content/plugins/woocommerce-email-inquiry-cart-options/assets/js/a3rev-admin-ajax.min.js
Version Parameters
woocommerce-email-inquiry-cart-options/assets/css/bootstrap/bootstrap.min.css?ver=woocommerce-email-inquiry-cart-options/assets/css/bootstrap/bootstrap-reboot.min.css?ver=woocommerce-email-inquiry-cart-options/assets/css/modal.min.css?ver=woocommerce-email-inquiry-cart-options/assets/js/bootstrap/util.min.js?ver=woocommerce-email-inquiry-cart-options/assets/js/bootstrap/modal.min.js?ver=woocommerce-email-inquiry-cart-options/assets/js/admin-interface.min.js?ver=woocommerce-email-inquiry-cart-options/assets/js/custom.min.js?ver=woocommerce-email-inquiry-cart-options/assets/js/a3rev-admin-ui.min.js?ver=woocommerce-email-inquiry-cart-options/assets/js/a3rev-admin-ajax.min.js?ver=woocommerce-email-inquiry-cart-options/assets/css/a3rev-admin-ui.min.css?ver=woocommerce-email-inquiry-cart-options/assets/css/bootstrap/bootstrap.min.css?ver=woocommerce-email-inquiry-cart-options/assets/css/bootstrap/bootstrap-reboot.min.css?ver=woocommerce-email-inquiry-cart-options/assets/css/modal.min.css?ver=

HTML / DOM Fingerprints

CSS Classes
a3rev-admin-ui-noticea3rev-admin-ui-section-title
HTML Comments
Copyright 2012 A3 Revolution Web DesignAdmin Interface ConstructorInit scriptsInit styles
Data Attributes
data-a3rev-admin-ui-event
JS Globals
wc_ei_ajaxwc_ei_settings_pagewc_ei_admin_initwc_ei_lesswc_ei_blocksa3rev_admin_ui_params
REST Endpoints
/wp-json/wc_email_inquiry/v1/update_setting
FAQ

Frequently Asked Questions about Email Inquiry & Cart Options for WooCommerce