Does Campaign have any unpatched vulnerabilities?

No. All known vulnerabilities in Campaign have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Campaign compatible with WordPress 4.8.28?

According to WordPress.org data, Campaign 1.1 has been tested up to WordPress 4.8.28. Check the plugin's changelog for the latest compatibility information.

How often is Campaign updated?

Campaign was last updated on Sep 4, 2017. Frequent updates are generally a positive security signal.

What is Campaign's security score?

Campaign has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Campaign Security Review — Score 85/100 (safe)

Safety Verdict

Is Campaign Safe to Use in 2026?

Generally Safe

Score 85/100

Campaign has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The "campaign" plugin v1.1 exhibits a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for all SQL queries and avoids file operations and external HTTP requests. The absence of any recorded vulnerabilities in its history is also a strong indicator of past security diligence. However, significant concerns arise from the static analysis. The plugin has a notable attack surface, with two out of three entry points lacking authentication checks. Furthermore, the taint analysis reveals 15 flows with unsanitized paths, including four classified as high severity. This suggests potential for attackers to inject malicious data that could be processed without proper validation, leading to vulnerabilities like Cross-Site Scripting (XSS) or other injection attacks. The complete absence of nonce checks is particularly worrying for the unprotected AJAX handlers, as it opens them up to Cross-Site Request Forgery (CSRF) attacks. While the plugin has no known CVEs, the identified high-severity taint flows represent a significant risk that needs immediate attention.

Key Concerns

Unprotected AJAX handlers
High severity taint flows
Unsanitized paths in taint flows
Missing nonce checks
Low percentage of properly escaped output

Vulnerabilities

None known

Campaign Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Campaign Code Analysis

Dangerous Functions

0

Raw SQL Queries

0

6 prepared

Unescaped Output

35

21 escaped

Nonce Checks

0

Capability Checks

0

File Operations

0

External Requests

0

Bundled Libraries

0

SQL Query Safety

100% prepared6 total queries

Output Escaping

38% escaped56 total outputs

Data Flows

15 unsanitized

Data Flow Analysis

15 flows15 with unsanitized paths

camp_listing (admin\camp_details.php:10)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Campaign Attack Surface

Entry Points3

Unprotected2

AJAX Handlers 2

authwp_ajax_set_livecampaign_plugin.php:155

noprivwp_ajax_set_livecampaign_plugin.php:156

Shortcodes 1

[campaign_funding] camp_shortcode.php:2

WordPress Hooks 6

actionadmin_menuadmin\admin_dasboard_menu.php:2

actionadmin_footeradmin\class-wp-list-table.php:94

actionwp_enqueue_scriptscampaign_plugin.php:42

filtershow_admin_barcampaign_plugin.php:67

actioninitcampaign_plugin.php:72

actioninitcp_post_type.php:2

Maintenance & Trust

Campaign Maintenance & Trust

Maintenance Signals

WordPress version tested4.8.28

Last updatedSep 4, 2017

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Campaign Alternatives

ActiveCampaign – The autonomous marketing platform

activecampaign-subscription-forms

A

96

Add ActiveCampaign contact forms and live chat to any post, page, or sidebar. Also enable ActiveCampaign site tracking for your WordPress blog.

40K 4 CVEs

Featured Images in RSS for Mailchimp & More

featured-images-for-rss-feeds

A

100

Send images to RSS instantly for free. Output blog or WooCommerce photos to Mailchimp RSS email campaigns, ActiveCampaign, Hubspot, Feedly and more.

20K No CVEs

CartBounty – Save and recover abandoned carts for WooCommerce

woo-save-abandoned-carts

A

99

Save abandoned carts and send automated abandoned cart recovery messages. Get more leads, reduce cart abandonment, and increase sales.

10K 1 CVE

ActiveCampaign for WooCommerce

activecampaign-for-woocommerce

A

100

https://youtu.be/wHPrLFXQTgQ

6K 1 CVE

Finale Lite – Sales Countdown Timer & Discount for WooCommerce

finale-woocommerce-sales-countdown-timer-discount

C

58

Finale lets you create scheduled one time or recurring campaigns. It induces urgency with visual elements such as Countdown Timer and Counter Bar to m …

4K 1 unpatched

Developer Profile

Campaign Developer Profile

Infoway LLC

2 plugins · 20 total installs

76

trust score

Avg Security Score

74/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Campaign

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/campaign/css/camp_css.css/wp-content/plugins/campaign/js/camp_front_end_js.js

Script Paths

/wp-content/plugins/campaign/js/camp_front_end_js.js

Version Parameters

campaign/css/camp_css.css?ver=campaign/js/camp_front_end_js.js?ver=

HTML / DOM Fingerprints

Data Attributes

data-campaign-id

JS Globals

CampAjax

FAQ

Campaign Security & Risk Analysis