Does Add-on WooCommerce – MailPoet 3 have any unpatched vulnerabilities?

No. All known vulnerabilities in Add-on WooCommerce – MailPoet 3 have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Add-on WooCommerce – MailPoet 3 compatible with WordPress 6.5.8?

According to WordPress.org data, Add-on WooCommerce – MailPoet 3 1.1.10 has been tested up to WordPress 6.5.8. Check the plugin's changelog for the latest compatibility information.

Is Add-on WooCommerce – MailPoet 3 compatible with PHP 7.2+?

Add-on WooCommerce – MailPoet 3 requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Add-on WooCommerce – MailPoet 3 updated?

Add-on WooCommerce – MailPoet 3 was last updated on Jan 30, 2025. Frequent updates are generally a positive security signal.

What is Add-on WooCommerce – MailPoet 3's security score?

Add-on WooCommerce – MailPoet 3 has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Add-on WooCommerce – MailPoet 3 Security & Risk Analysis

wordpress.org/plugins/add-on-woocommerce-mailpoet

Let your customers subscribe to your MailPoet 3 newsletter as they checkout from WooCommerce with their purchase.

600 active installs v1.1.10 PHP 7.2+ WP 5.2+ Updated Jan 30, 2025

e-commercemailmailpoetwoocommercewysija

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Add-on WooCommerce – MailPoet 3 Safe to Use in 2026?

Generally Safe

Score 92/100

Add-on WooCommerce – MailPoet 3 has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The "add-on-woocommerce-mailpoet" plugin v1.1.10 presents a mixed security posture. On the positive side, the plugin has no recorded CVEs, a clean vulnerability history, and a seemingly small attack surface based on the static analysis (zero AJAX handlers, REST API routes, shortcodes, or cron events without checks). This indicates a potential for good security practices in core areas. However, significant concerns arise from the code analysis. The complete lack of output escaping for all 12 identified outputs is a major weakness, potentially leading to cross-site scripting (XSS) vulnerabilities. Furthermore, the single SQL query is not using prepared statements, posing a risk of SQL injection. The two identified taint flows with unsanitized paths, even if not classified as critical or high severity in the provided data, are concerning and warrant further investigation as they suggest potential for insecure data handling.

Despite the lack of documented vulnerabilities, the presence of unescaped output and raw SQL queries, coupled with unsanitized taint flows, creates tangible risks. The absence of nonce and capability checks, while not directly tied to an attack surface in this specific analysis, is a general best practice that is being overlooked. The plugin's strengths lie in its lack of external dependencies and a clean historical record, but the identified code-level weaknesses represent immediate threats that could be exploited if an attacker discovers a way to trigger these insecure code paths.

Key Concerns

All outputs are unescaped
SQL queries not using prepared statements
Taint flows with unsanitized paths
No nonce checks
No capability checks

Vulnerabilities

None known

Add-on WooCommerce – MailPoet 3 Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Add-on WooCommerce – MailPoet 3 Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared1 total queries

Output Escaping

0% escaped12 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

save (includes\class-mpwa-admin-settings.php:296)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Add-on WooCommerce – MailPoet 3 Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 9

actionplugins_loadedadd-on-woocommerce-mailpoet.php:53

actionadmin_noticesadd-on-woocommerce-mailpoet.php:84

actionadmin_noticesadd-on-woocommerce-mailpoet.php:99

actionadmin_noticesadd-on-woocommerce-mailpoet.php:130

filterwoocommerce_get_settings_pagesadd-on-woocommerce-mailpoet.php:168

actionwoocommerce_checkout_update_order_metaadd-on-woocommerce-mailpoet.php:194

filterwoocommerce_settings_tabs_arrayincludes\class-mpwa-admin-settings.php:36

actionwoocommerce_checkout_update_order_reviewincludes\class-mpwa-frontend-fields.php:228

actionposts_selectionincludes\class-mpwa-frontend-fields.php:230

Maintenance & Trust

Add-on WooCommerce – MailPoet 3 Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8

Last updatedJan 30, 2025

PHP min version7.2

Downloads29K

Community Trust

Rating100/100

Number of ratings3

Active installs600

Alternatives

Add-on WooCommerce – MailPoet 3 Alternatives

MailPoet Checkout Subscription for WooCommerce (Legacy)

mailpoet-woocommerce-add-on

Let your customers subscribe to your newsletters as they checkout with their purchase.

300 No CVEs

Ninja Forms – MailPoet

ninja-forms-mailpoet

This extension integrates Ninja Forms with MailPoet by providing an option to add users who submit a form to an existing newsletter.

200 No CVEs

Carrot quest

carrot-quest

Carrot quest совмещает в себе все инструменты для автоматизации маркетинга, продаж и коммуникации с пользователями. Поддерживает WooCommerce 5.x, 6.

100 No CVEs

MailPoet Gravity Forms Add-on

mailpoet-gravity-forms-add-on

Adds a new field for you to allow your visitors to subscriber to your MailPoet newsletters.

100 No CVEs

WangGuard – MailPoet Connector

wangguard-wysija-newsletter-connector

WangGuard - MailPoet Connector is a plugin for connect WangGuard plugin with MailPoet.

80 No CVEs

Developer Profile

Add-on WooCommerce – MailPoet 3 Developer Profile

Tikweb Management

4 plugins · 7K total installs

trust score

Avg Security Score

87/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Add-on WooCommerce – MailPoet 3

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/add-on-woocommerce-mailpoet/assets/css/style.css/wp-content/plugins/add-on-woocommerce-mailpoet/assets/js/script.js

Script Paths

/wp-content/plugins/add-on-woocommerce-mailpoet/assets/js/script.js

Version Parameters

add-on-woocommerce-mailpoet/assets/css/style.css?ver=add-on-woocommerce-mailpoet/assets/js/script.js?ver=

HTML / DOM Fingerprints

CSS Classes

mpwa-checkbox-wrappermpwa-label-wrappermpwa-checkbox-inputmpwa-list-checkbox-wrappermpwa-list-label-wrappermpwa-list-checkbox-inputmailpoet-woocommerce-checkout-wrap

Data Attributes

data-mpwa-enable-subscriptiondata-mpwa-is-required

FAQ