Does Boldermail – Email Marketing and Newsletters for WordPress have any unpatched vulnerabilities?

Yes — Boldermail – Email Marketing and Newsletters for WordPress currently has 1 published unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Boldermail – Email Marketing and Newsletters for WordPress compatible with WordPress 6.5.8?

According to WordPress.org data, Boldermail – Email Marketing and Newsletters for WordPress 2.4.0 has been tested up to WordPress 6.5.8. Check the plugin's changelog for the latest compatibility information.

Is Boldermail – Email Marketing and Newsletters for WordPress compatible with PHP 7.4.30+?

Boldermail – Email Marketing and Newsletters for WordPress requires PHP 7.4.30 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

Boldermail – Email Marketing and Newsletters for WordPress Security & Risk Analysis

wordpress.org/plugins/boldermail

Send marketing emails reliably from your WordPress dashboard with Boldermail, a powerful email marketing and automation platform.

10 active installs v2.4.0 PHP 7.4.30+ WP 5.4+ Updated Apr 20, 2024

emailemail-automationemail-marketingmarketing-automationnewsletter

C · Use Caution

CVEs total1

Unpatched1

Last CVEAug 5, 2025

Plugin page Download

Safety Verdict

Is Boldermail – Email Marketing and Newsletters for WordPress Safe to Use in 2026?

Use With Caution

Score 61/100

Boldermail – Email Marketing and Newsletters for WordPress has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Aug 5, 2025Updated 2yr ago

Risk Assessment

The boldermail plugin v2.4.0 exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices by utilizing prepared statements for all SQL queries and performing a high percentage of output escaping. It also incorporates a significant number of nonce and capability checks, indicating an effort to secure its entry points. However, the presence of dangerous functions like 'assert' and 'unserialize', even if not directly exploited in the analyzed taint flows, presents a latent risk. The plugin's attack surface, while seemingly protected at entry points according to the static analysis, relies on the effectiveness of these checks against potential bypasses.

The plugin's vulnerability history is a significant concern. The existence of one currently unpatched high-severity CVE, specifically related to deserialization of untrusted data, directly correlates with the presence of the 'unserialize' function. This suggests a pattern where deserialization vulnerabilities have been a recurring issue, and the current version still carries an unaddressed risk. While the static analysis shows no overt taint flows, this does not negate the historical and functional risk associated with deserialization.

In conclusion, boldermail v2.4.0 has strengths in its SQL handling and output escaping. However, the combination of dangerous functions, a history of deserialization vulnerabilities, and an active unpatched CVE creates a notable risk. The focus should be on addressing the unpatched CVE and potentially refactoring the use of 'unserialize' to mitigate future risks.

Key Concerns

Currently unpatched high severity CVE
Presence of 'unserialize' function
Presence of 'assert' function

Vulnerabilities

1 published

Boldermail – Email Marketing and Newsletters for WordPress Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

High

1 total CVE

CVE-2025-52740high · 7.5Deserialization of Untrusted Data

Boldermail <= 2.4.0 - Authenticated (Contributor+) PHP Object Injection

Aug 5, 2025Unpatched

Version History

Boldermail – Email Marketing and Newsletters for WordPress Release Timeline

No version history available.

Code Analysis

Analyzed Apr 16, 2026

Boldermail – Email Marketing and Newsletters for WordPress Code Analysis

Dangerous Functions

Raw SQL Queries

22 prepared

Unescaped Output

1039 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

assertassert(is_array($frames));includes/plugins/AnimGif/lunakid/anim-gif/src/GifCreator/AnimGif.php:152

unserialize$GLOBALS['wp_filter']['media_buttons'] = unserialize( $media_buttons ); /* phpcs:ignore WordPress.WPincludes/tools/class-boldermail-editor.php:156

Bundled Libraries

TinyMCE

SQL Query Safety

100% prepared22 total queries

Output Escaping

93% escaped1121 total outputs

Attack Surface

Boldermail – Email Marketing and Newsletters for WordPress Attack Surface

Entry Points36

Unprotected0

REST API Routes 1

GET/wp-json/boldermail/v1/countdown/(?P<timestamp>\d+)includes/api/class-boldermail-countdown-rest-controller.php:29

Shortcodes 35

[boldermail_block_template_body] includes/shortcodes/class-boldermail-shortcodes.php:103

[boldermail_block_template_style] includes/shortcodes/class-boldermail-shortcodes.php:104

[boldermail_html_comment] includes/shortcodes/class-boldermail-shortcodes.php:105

[boldermail_site_title] includes/shortcodes/class-boldermail-shortcodes.php:140

[boldermail_rss_loop] includes/shortcodes/class-boldermail-shortcodes.php:141

[boldermail_title] includes/shortcodes/class-boldermail-shortcodes.php:142

[boldermail_subject] includes/shortcodes/class-boldermail-shortcodes.php:143

[boldermail_excerpt] includes/shortcodes/class-boldermail-shortcodes.php:144

[boldermail_thumbnail] includes/shortcodes/class-boldermail-shortcodes.php:145

[boldermail_content] includes/shortcodes/class-boldermail-shortcodes.php:146

[boldermail_permalink] includes/shortcodes/class-boldermail-shortcodes.php:147

[boldermail_company_name] includes/shortcodes/class-boldermail-shortcodes.php:148

[boldermail_company_address] includes/shortcodes/class-boldermail-shortcodes.php:149

[boldermail_permission] includes/shortcodes/class-boldermail-shortcodes.php:150

[boldermail_confirm] includes/shortcodes/class-boldermail-shortcodes.php:151

[boldermail_unsubscribe] includes/shortcodes/class-boldermail-shortcodes.php:152

[boldermail_resubscribe] includes/shortcodes/class-boldermail-shortcodes.php:153

[boldermail_email] includes/shortcodes/class-boldermail-shortcodes.php:154

[boldermail_name] includes/shortcodes/class-boldermail-shortcodes.php:155

[boldermail_last_name] includes/shortcodes/class-boldermail-shortcodes.php:156

[boldermail_company] includes/shortcodes/class-boldermail-shortcodes.php:157

[boldermail_city] includes/shortcodes/class-boldermail-shortcodes.php:158

[boldermail_state] includes/shortcodes/class-boldermail-shortcodes.php:159

[boldermail_zip_code] includes/shortcodes/class-boldermail-shortcodes.php:160

[boldermail_country] includes/shortcodes/class-boldermail-shortcodes.php:161

[boldermail_phone] includes/shortcodes/class-boldermail-shortcodes.php:162

[boldermail_custom_field] includes/shortcodes/class-boldermail-shortcodes.php:163

[boldermail_current_year] includes/shortcodes/class-boldermail-shortcodes.php:164

[boldermail_preview_text] includes/shortcodes/class-boldermail-shortcodes.php:165

[embed] includes/shortcodes/class-boldermail-shortcodes.php:933

[youtube] includes/shortcodes/class-boldermail-shortcodes.php:934

[vimeo] includes/shortcodes/class-boldermail-shortcodes.php:935

[instagram] includes/shortcodes/class-boldermail-shortcodes.php:936

[tweet] includes/shortcodes/class-boldermail-shortcodes.php:937

[gallery] includes/shortcodes/class-boldermail-shortcodes.php:938

WordPress Hooks 109

actionboldermail_initboldermail.php:83

filterrest_pre_serve_requestincludes/api/class-boldermail-countdown-rest-controller.php:47

actionrest_api_initincludes/api/class-boldermail-countdown-rest-controller.php:137

actionsave_postincludes/api/class-boldermail-transitions.php:58

actiontransition_post_statusincludes/api/class-boldermail-transitions.php:65

actiontransition_post_statusincludes/api/class-boldermail-transitions.php:72

actiontransition_post_statusincludes/api/class-boldermail-transitions.php:73

actiontransition_post_statusincludes/api/class-boldermail-transitions.php:74

actiontransition_post_statusincludes/api/class-boldermail-transitions.php:75

actiontransition_post_statusincludes/api/class-boldermail-transitions.php:76

actionpost_action_unsubscribeincludes/api/class-boldermail-transitions.php:83

actionpost_action_resubscribeincludes/api/class-boldermail-transitions.php:84

actionpost_action_import_subscribersincludes/api/class-boldermail-transitions.php:85

actionpost_action_pauseincludes/api/class-boldermail-transitions.php:86

actionpost_action_duplicateincludes/api/class-boldermail-transitions.php:87

filterredirect_post_locationincludes/api/class-boldermail-transitions.php:94

actionsave_postincludes/api/class-boldermail-transitions.php:1258

actionsave_postincludes/api/class-boldermail-transitions.php:1281

filteris_protected_metaincludes/boldermail-admin-functions.php:23

actioninitincludes/class-boldermail-cron.php:35

actionboldermail_subscribers_updateincludes/class-boldermail-cron.php:36

actionboldermail_scheduled_newsletter_rss_feedincludes/class-boldermail-cron.php:43

actionboldermail_instagram_integration_refresh_tokenincludes/class-boldermail-cron.php:50

actionsave_postincludes/class-boldermail-cron.php:297

actiontransition_post_statusincludes/class-boldermail-cron.php:446

filterthe_postsincludes/class-boldermail-fetch.php:37

filterthe_postsincludes/class-boldermail-fetch.php:38

actioncurrent_screenincludes/class-boldermail-help.php:30

actionafter_setup_themeincludes/class-boldermail-install.php:43

actioninitincludes/class-boldermail-install.php:54

filtercron_schedulesincludes/class-boldermail-install.php:61

filterplugin_row_metaincludes/class-boldermail-install.php:69

actionadmin_headincludes/class-boldermail-menus.php:34

actionadmin_headincludes/class-boldermail-menus.php:35

actionadmin_menuincludes/class-boldermail-menus.php:42

actionwp_loadedincludes/class-boldermail-menus.php:50

filtergettextincludes/class-boldermail-messages.php:34

filtergettext_with_contextincludes/class-boldermail-messages.php:35

filterpost_updated_messagesincludes/class-boldermail-messages.php:42

filterbulk_post_updated_messagesincludes/class-boldermail-messages.php:49

actionin_admin_headerincludes/class-boldermail-messages.php:56

actionadmin_noticesincludes/class-boldermail-messages.php:616

actionadd_meta_boxesincludes/class-boldermail-meta-boxes.php:37

actionadd_meta_boxesincludes/class-boldermail-meta-boxes.php:38

actionsave_post_bm_newsletterincludes/class-boldermail-meta-boxes.php:45

actionsave_post_bm_newsletter_rssincludes/class-boldermail-meta-boxes.php:46

actionsave_post_bm_newsletter_aresincludes/class-boldermail-meta-boxes.php:47

actionsave_post_bm_templateincludes/class-boldermail-meta-boxes.php:48

actionsave_post_bm_listincludes/class-boldermail-meta-boxes.php:49

actionsave_post_bm_subscriberincludes/class-boldermail-meta-boxes.php:50

actionsave_post_bm_autoresponderincludes/class-boldermail-meta-boxes.php:51

filterheartbeat_receivedincludes/class-boldermail-meta-boxes.php:58

filterheartbeat_receivedincludes/class-boldermail-meta-boxes.php:59

actionedit_form_after_titleincludes/class-boldermail-meta-boxes.php:67

actionboldermail_submitbox_delete_actionincludes/class-boldermail-meta-boxes.php:249

actionboldermail_submitbox_publishing_actionincludes/class-boldermail-meta-boxes.php:250

actioninitincludes/class-boldermail-post-types.php:35

actioninitincludes/class-boldermail-post-types.php:36

actionboldermail_after_register_post_typeincludes/class-boldermail-post-types.php:37

actionadmin_print_scriptsincludes/class-boldermail-post-types.php:38

filtersharing_meta_box_showincludes/class-boldermail-post-types.php:45

filterenter_title_hereincludes/class-boldermail-post-types.php:52

actioncurrent_screenincludes/class-boldermail-post-types.php:59

filteradmin_body_classincludes/class-boldermail-post-types.php:66

actioninitincludes/class-boldermail-taxonomies.php:30

actiontemplate_redirectincludes/class-boldermail-template-loader.php:30

actioninitincludes/class-boldermail-template-loader.php:62

actioninitincludes/class-boldermail-upgrade.php:75

actionwp_loadedincludes/class-boldermail-upgrade.php:80

actionadmin_enqueue_scriptsincludes/class-boldermail.php:98

actionadmin_enqueue_scriptsincludes/class-boldermail.php:99

filterblock_categoriesincludes/gutenberg/class-boldermail-gutenberg.php:32

actioninitincludes/gutenberg/class-boldermail-gutenberg.php:33

actioninitincludes/gutenberg/class-boldermail-gutenberg.php:34

actioninitincludes/gutenberg/class-boldermail-gutenberg.php:35

filterblock_editor_settingsincludes/gutenberg/class-boldermail-gutenberg.php:36

filteruse_block_editor_for_postincludes/gutenberg/class-boldermail-gutenberg.php:37

filteruse_block_editor_for_post_typeincludes/gutenberg/class-boldermail-gutenberg.php:38

filtergutenberg_can_edit_post_typeincludes/gutenberg/class-boldermail-gutenberg.php:39

filterimage_size_names_chooseincludes/gutenberg/class-boldermail-gutenberg.php:40

actionenqueue_block_editor_assetsincludes/gutenberg/class-boldermail-gutenberg.php:101

actioninitincludes/gutenberg/src/blocks/embed/index.php:15

actionmanage_posts_extra_tablenavincludes/list-tables/abstract-class-boldermail-list-table.php:47

filterview_mode_post_typesincludes/list-tables/abstract-class-boldermail-list-table.php:48

filteradmin_urlincludes/list-tables/abstract-class-boldermail-list-table.php:49

actionrestrict_manage_postsincludes/list-tables/abstract-class-boldermail-list-table.php:52

filterparse_queryincludes/list-tables/abstract-class-boldermail-list-table.php:53

filterdefault_hidden_columnsincludes/list-tables/abstract-class-boldermail-list-table.php:56

filterlist_table_primary_columnincludes/list-tables/abstract-class-boldermail-list-table.php:57

filterpost_row_actionsincludes/list-tables/abstract-class-boldermail-list-table.php:59

filteradmin_urlincludes/list-tables/abstract-class-boldermail-list-table.php:145

filterpost_date_column_statusincludes/list-tables/class-boldermail-newsletters-regular-list-table.php:41

filterdisplay_post_statesincludes/list-tables/class-boldermail-newsletters-regular-list-table.php:42

filterdisplay_post_statesincludes/list-tables/class-boldermail-templates-list-table.php:48

actionboldermail_submitbox_misc_actionsincludes/meta-boxes/class-boldermail-meta-box-submit.php:40

actionboldermail_admin_field_social_integrationsincludes/settings/class-boldermail-settings-integrations.php:32

actionboldermail_settings_startincludes/settings/class-boldermail-settings-integrations.php:33

filterboldermail_settings_tabs_arrayincludes/settings/class-boldermail-settings-page.php:45

filterthe_contentincludes/shortcodes/class-boldermail-shortcodes.php:955

filterthe_contentincludes/shortcodes/class-boldermail-shortcodes.php:956

filtertiny_mce_pluginsincludes/tools/class-boldermail-editor.php:79

filtertiny_mce_before_initincludes/tools/class-boldermail-editor.php:80

filtermce_external_pluginsincludes/tools/class-boldermail-editor.php:81

filtermce_cssincludes/tools/class-boldermail-editor.php:82

filtertiny_mce_before_initincludes/tools/class-boldermail-editor.php:83

filtermce_buttonsincludes/tools/class-boldermail-editor.php:84

filtermce_buttons_2includes/tools/class-boldermail-editor.php:85

filterwp_editor_settingsincludes/tools/class-boldermail-editor.php:88

actionmedia_buttonsincludes/tools/class-boldermail-editor.php:101

Scheduled Events 4

boldermail_subscribers_update

boldermail_instagram_integration_refresh_token

boldermail_scheduled_newsletter_rss_feed

boldermail_instagram_integration_refresh_token

Maintenance & Trust

Boldermail – Email Marketing and Newsletters for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8

Last updatedApr 20, 2024

PHP min version7.4.30

Downloads6K

Community Trust

Rating74/100

Number of ratings3

Active installs10

Alternatives

Boldermail – Email Marketing and Newsletters for WordPress Alternatives

CleverReach® WP

cleverreach-wp

Connect your WordPress account with our easy-to-use email software and increase the success of your website or blog with newsletter marketing!

4K 2 CVEs

Newsletter Sign-Up for CleverReach

cleverreach

100

Easily integrate a CleverReach Sign-Up form in your website. Supports widget, shortcode, comment integration and template function

2K No CVEs

Official CleverReach® Plugin for WooCommerce

cleverreach-wc

Connect your WooCommerce store to our email software and say hello to successful and simple newsletter marketing – just like Spotify, Bugatti & DHL!

400 1 CVE

MailPoet – Newsletters, Email Marketing, and Automation

mailpoet

Send beautiful newsletters from WordPress. Collect subscribers with signup forms, automate your emails for WooCommerce, blog post notifications & more

500K 3 CVEs

Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress

email-subscribers

Add subscription forms on the website and send newsletters & automatically send post notification about new blog posts once it gets published.

60K 42 CVEs

Developer Profile

Boldermail – Email Marketing and Newsletters for WordPress Developer Profile

Hernan Villanueva

1 plugin · 10 total installs

trust score

Avg Security Score

61/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Boldermail – Email Marketing and Newsletters for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/boldermail/assets/css/admin.css/wp-content/plugins/boldermail/assets/css/boldermail-select.css/wp-content/plugins/boldermail/assets/css/boldermail-settings.css/wp-content/plugins/boldermail/assets/js/admin.js/wp-content/plugins/boldermail/assets/js/boldermail-select.js/wp-content/plugins/boldermail/assets/js/boldermail-settings.js/wp-content/plugins/boldermail/assets/js/boldermail-tinymce.js/wp-content/plugins/boldermail/assets/js/boldermail-utils.js+9 more

Script Paths

/wp-content/plugins/boldermail/assets/js/admin.js/wp-content/plugins/boldermail/assets/js/boldermail-select.js/wp-content/plugins/boldermail/assets/js/boldermail-settings.js/wp-content/plugins/boldermail/assets/js/boldermail-tinymce.js/wp-content/plugins/boldermail/assets/js/boldermail-utils.js/wp-content/plugins/boldermail/assets/js/vendor/codemirror.js+8 more

Version Parameters

boldermail/style.css?ver=boldermail/admin.css?ver=boldermail/boldermail-select.css?ver=boldermail/boldermail-settings.css?ver=boldermail/admin.js?ver=boldermail/boldermail-select.js?ver=boldermail/boldermail-settings.js?ver=boldermail/boldermail-tinymce.js?ver=boldermail/boldermail-utils.js?ver=boldermail/vendor/codemirror.js?ver=boldermail/vendor/emmet.js?ver=boldermail/vendor/htmlhint.js?ver=boldermail/vendor/javascript-lint.js?ver=boldermail/vendor/jshint.js?ver=boldermail/vendor/marked.js?ver=boldermail/vendor/react.development.js?ver=boldermail/vendor/react-dom.development.js?ver=boldermail/vendor/tinymce.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

boldermail-editor-toolbarboldermail-editor-contentboldermail-previewboldermail-settings-sectionboldermail-select-wrapperboldermail-country-selectboldermail-error-message

HTML Comments

Data Attributes

data-boldermail-editordata-boldermail-templatedata-boldermail-field-typedata-boldermail-country-code

JS Globals

window.Boldermailwindow.BoldermailSelectwindow.BoldermailSettingswindow.BoldermailEditorwindow.BoldermailTinymce

REST Endpoints

/wp-json/boldermail/v1/settings/wp-json/boldermail/v1/templates/wp-json/boldermail/v1/subscriber/count/wp-json/boldermail/v1/countdown

Shortcode Output

[boldermail-form][boldermail-countdown][boldermail-subscribe-button]

FAQ

Boldermail – Email Marketing and Newsletters for WordPress Security & Risk Analysis

Is Boldermail – Email Marketing and Newsletters for WordPress Safe to Use in 2026?

Use With Caution

Key Concerns

Boldermail – Email Marketing and Newsletters for WordPress Security Vulnerabilities

CVEs by Year

Severity Breakdown

Boldermail – Email Marketing and Newsletters for WordPress Release Timeline

Boldermail – Email Marketing and Newsletters for WordPress Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Boldermail – Email Marketing and Newsletters for WordPress Attack Surface

REST API Routes 1

Shortcodes 35

Scheduled Events 4

Boldermail – Email Marketing and Newsletters for WordPress Maintenance & Trust

Maintenance Signals

Community Trust

Boldermail – Email Marketing and Newsletters for WordPress Alternatives

CleverReach® WP

Newsletter Sign-Up for CleverReach

Official CleverReach® Plugin for WooCommerce

MailPoet – Newsletters, Email Marketing, and Automation

Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress

Boldermail – Email Marketing and Newsletters for WordPress Developer Profile

How We Detect Boldermail – Email Marketing and Newsletters for WordPress

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Boldermail – Email Marketing and Newsletters for WordPress