WP-Safety

AWeber Forms by Optin Cat Security & Risk Analysis

wordpress.org/plugins/aweber-wp

Aweber Forms by Optin Cat Helps You Convert More Blog Visitors Into Subscribers. Create Aweber Popups, Widgets & Post Boxes In Less Than 2 Minutes.

300 active installs v2.6.1 PHP + WP 3.9.1+ Updated Dec 2, 2025
aweberaweber-blockaweber-formaweber-widgetaweber-wordpress
99
A · Safe
CVEs total1
Unpatched0
Last CVEDec 2, 2024
Plugin page Download
Safety Verdict

Is AWeber Forms by Optin Cat Safe to Use in 2026?

Generally Safe

Score 99/100

AWeber Forms by Optin Cat has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Dec 2, 2024Updated 4mo ago
Risk Assessment

The aweber-wp plugin v2.6.1 demonstrates several positive security practices, including robust use of prepared statements for SQL queries and a high percentage of properly escaped output, which are strong indicators of a generally secure codebase. The presence of nonce and capability checks on its AJAX handlers further mitigates common web vulnerabilities by ensuring proper authorization and data integrity. This suggests the developers are aware of and implementing fundamental security measures.

However, the static analysis reveals three flows with unsanitized paths, which, while not classified as critical or high severity in the taint analysis, represent potential areas where user-supplied data might not be adequately validated or neutralized. This, combined with the fact that the plugin has a history of Cross-Site Scripting vulnerabilities, warrants caution. The older version of the bundled Select2 library also poses a minor risk, as outdated libraries can contain known vulnerabilities.

Overall, the plugin's security posture is moderate. The strong foundation in secure coding practices is a significant strength. Nevertheless, the presence of unsanitized paths and past XSS vulnerabilities, even if historical, indicate a need for ongoing vigilance and thorough code review to address any potential residual risks and prevent future occurrences. The current lack of unpatched CVEs is a positive sign, but the historical pattern suggests a proactive approach to security is crucial.

Key Concerns

  • Flows with unsanitized paths
  • Bundled outdated Select2 library v3.5.0
  • History of medium severity XSS vulnerability
Vulnerabilities
1

AWeber Forms by Optin Cat Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2024-11325medium · 5.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

AWeber Forms by Optin Cat <= 2.5.7 - Reflected Cross-Site Scripting

Dec 2, 2024 Patched in 2.5.8 (1d)
Code Analysis
Analyzed Mar 16, 2026

AWeber Forms by Optin Cat Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
8 prepared
Unescaped Output
13
155 escaped
Nonce Checks
8
Capability Checks
7
File Operations
6
External Requests
3
Bundled Libraries
1

Bundled Libraries

Select23.5.0

SQL Query Safety

80% prepared10 total queries

Output Escaping

92% escaped168 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

6 flows3 with unsanitized paths
<eoi-post-types> (includes\eoi-post-types.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

AWeber Forms by Optin Cat Attack Surface

Entry Points6
Unprotected0

AJAX Handlers 6

authwp_ajax_fca_eoi_activityincludes\eoi-activity.php:44
noprivwp_ajax_fca_eoi_activityincludes\eoi-activity.php:45
authwp_ajax_fca_eoi_subscribeincludes\eoi-post-types.php:53
noprivwp_ajax_fca_eoi_subscribeincludes\eoi-post-types.php:54
authwp_ajax_fca_eoi_dismissincludes\eoi-post-types.php:56
authwp_ajax_fca_eoi_uninstallincludes\eoi-uninstall.php:74
WordPress Hooks 55
filterpre_set_site_transient_update_pluginsincludes\classes\edd_sl\EDD_SL_Plugin_Updater.php:75
filterplugins_apiincludes\classes\edd_sl\EDD_SL_Plugin_Updater.php:76
actionafter_plugin_rowincludes\classes\edd_sl\EDD_SL_Plugin_Updater.php:77
actionadmin_initincludes\classes\edd_sl\EDD_SL_Plugin_Updater.php:78
actionin_admin_footerincludes\classes\k\k.php:563
actioninitincludes\eoi-block.php:48
actionenqueue_block_editor_assetsincludes\eoi-block.php:99
actionwp_dashboard_setupincludes\eoi-functions.php:18
filtertiny_mce_before_initincludes\eoi-functions.php:234
actioninitincludes\eoi-post-types.php:21
filtermanage_easy-opt-ins_posts_columnsincludes\eoi-post-types.php:22
actionmanage_easy-opt-ins_posts_custom_columnincludes\eoi-post-types.php:23
filterpost_row_actionsincludes\eoi-post-types.php:24
actionadmin_post_fca_eoi_reset_statsincludes\eoi-post-types.php:27
actionwp_dashboard_setupincludes\eoi-post-types.php:30
actionsave_postincludes\eoi-post-types.php:33
filterthe_contentincludes\eoi-post-types.php:36
actionadmin_enqueue_scriptsincludes\eoi-post-types.php:39
actionadmin_headincludes\eoi-post-types.php:41
actionadmin_noticesincludes\eoi-post-types.php:43
actionadmin_noticesincludes\eoi-post-types.php:46
filteradmin_body_classincludes\eoi-post-types.php:49
filterwp_insert_post_dataincludes\eoi-post-types.php:51
filterget_user_option_screen_layout_easy-opt-insincludes\eoi-post-types.php:58
filterget_user_option_meta-box-order_easy-opt-insincludes\eoi-post-types.php:60
filterpost_updated_messagesincludes\eoi-post-types.php:62
filterbulk_actions-edit-easy-opt-insincludes\eoi-post-types.php:64
filterpost_row_actionsincludes\eoi-post-types.php:66
actionadmin_noticesincludes\eoi-post-types.php:68
filterenter_title_hereincludes\eoi-post-types.php:70
filterinitincludes\eoi-post-types.php:72
filterthe_contentincludes\eoi-post-types.php:79
actionwp_headincludes\eoi-post-types.php:81
actionwp_footerincludes\eoi-post-types.php:82
filterwp_footerincludes\eoi-post-types.php:85
filterfca_eoi_alter_admin_noticesincludes\eoi-post-types.php:93
actionwpincludes\eoi-post-types.php:2164
actionadmin_menuincludes\eoi-powerups.php:22
actionadmin_initincludes\eoi-powerups.php:55
filterfca_eoi_setting_filterincludes\eoi-subscribers.php:27
actionfca_eoi_after_submissionincludes\eoi-subscribers.php:171
actionadmin_menuincludes\eoi-subscribers.php:172
actionplugins_loadedincludes\eoi-subscribers.php:173
filterwp_privacy_personal_data_exportersincludes\eoi-subscribers.php:174
filterwp_privacy_personal_data_erasersincludes\eoi-subscribers.php:175
actionadmin_enqueue_scriptsincludes\eoi-uninstall.php:40
actionadmin_menuincludes\eoi-upgrade.php:57
actionadmin_footerincludes\eoi-upgrade.php:58
filteradmin_footer_textincludes\eoi-upgrade.php:59
actionadmin_noticesincludes\eoi-upgrade.php:60
actionwidgets_initincludes\eoi-widget.php:12
filterfca_eoi_setting_filterpowerups\2_custom_css\powerup.php:11
actionfca_eoi_powerupspowerups\2_custom_css\powerup.php:22
actionadmin_enqueue_scriptspowerups\2_custom_css\powerup.php:23
filterfca_eoi_alter_formpowerups\2_custom_css\powerup.php:24
Maintenance & Trust

AWeber Forms by Optin Cat Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 2, 2025
PHP min version
Downloads61K

Community Trust

Rating74/100
Number of ratings18
Active installs300
Alternatives

AWeber Forms by Optin Cat Alternatives

Zotabox – 20+ Promotional Sales tools to boost your subscribers and sales

Zotabox – 20+ Promotional Sales tools to boost your subscribers and sales

zotabox

A
100

Boost your subscribers and sales with 20+ popular on-site marketing tools: Email List Builder, Social Coupon, Countdown Timer, Mailchimp Forms, Popups

500 No CVEs
Aweber Comment Optin

Aweber Comment Optin

aweber-comment-optin

A
85

This plugin allows you to insert a checkbox at the end of your comment forms so your viewers can double optin to a Aweber list of your choosing.

10 No CVEs
Simple Aweber Integration

Simple Aweber Integration

simple-aweber-integration

A
85

Simply add Aweber forms to all posts/pages at bottom or top. Alternatively use a shortcode to add forms to your content.

10 No CVEs
Genesis eNews Extended

Genesis eNews Extended

genesis-enews-extended

A
100

Creates a new widget to easily add mailing lists integration to a Genesis website. Works with FeedBurner, MailChimp, AWeber, FeedBlitz, ConvertKit and &hellip;

40K No CVEs
Optin Forms – Simple List Building Plugin for WordPress

Optin Forms – Simple List Building Plugin for WordPress

optin-forms

A
91

Create beautiful optin forms with ease. Choose a form design, customize it, and add your form to your blog with a simple mouse-click.

3K 2 CVEs
Developer Profile

AWeber Forms by Optin Cat Developer Profile

fatcatapps

13 plugins · 67K total installs

74
trust score
Avg Security Score
93/100
Avg Patch Time
242 days
View full developer profile
Detection Fingerprints

How We Detect AWeber Forms by Optin Cat

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/aweber-wp/includes/css/eoi-admin.css/wp-content/plugins/aweber-wp/includes/css/eoi-editor.css/wp-content/plugins/aweber-wp/includes/css/eoi-form.css/wp-content/plugins/aweber-wp/includes/css/eoi-layout.css/wp-content/plugins/aweber-wp/includes/css/eoi-public.css/wp-content/plugins/aweber-wp/includes/css/eoi-upgrade.css/wp-content/plugins/aweber-wp/includes/js/eoi-admin.js/wp-content/plugins/aweber-wp/includes/js/eoi-public.js
Version Parameters
aweber-wp/includes/css/eoi-admin.css?ver=aweber-wp/includes/css/eoi-editor.css?ver=aweber-wp/includes/css/eoi-form.css?ver=aweber-wp/includes/css/eoi-layout.css?ver=aweber-wp/includes/css/eoi-public.css?ver=aweber-wp/includes/css/eoi-upgrade.css?ver=aweber-wp/includes/js/eoi-admin.js?ver=aweber-wp/includes/js/eoi-public.js?ver=

HTML / DOM Fingerprints

CSS Classes
fca_eoi_form
Data Attributes
data-fca_eoi_list_iddata-fca_eoi_thank_you_modedata-fca_eoi_thank_you_text
Shortcode Output
[optin-cat][easy-opt-in][optincat][opt-in-cat]
FAQ

Frequently Asked Questions about AWeber Forms by Optin Cat