Does Campaign Monitor Synchronization have any unpatched vulnerabilities?

No. All known vulnerabilities in Campaign Monitor Synchronization have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Campaign Monitor Synchronization compatible with WordPress 4.4.34?

According to WordPress.org data, Campaign Monitor Synchronization 1.0.15 has been tested up to WordPress 4.4.34. Check the plugin's changelog for the latest compatibility information.

How often is Campaign Monitor Synchronization updated?

Campaign Monitor Synchronization was last updated on Dec 11, 2015. Frequent updates are generally a positive security signal.

What is Campaign Monitor Synchronization's security score?

Campaign Monitor Synchronization has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Campaign Monitor Synchronization Security & Risk Analysis

wordpress.org/plugins/campaign-monitor-synchronization

Use the user list in your Wordpress installation as your mailing list for Campaign Monitor.

10 active installs v1.0.15 PHP + WP 3.0.1+ Updated Dec 11, 2015

campaign-monitormailing-listuser-management

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Campaign Monitor Synchronization Safe to Use in 2026?

Generally Safe

Score 85/100

Campaign Monitor Synchronization has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago

Risk Assessment

The 'campaign-monitor-synchronization' plugin, in version 1.0.15, exhibits a mixed security posture. While the absence of known CVEs and the use of prepared statements for all SQL queries are positive indicators, significant concerns arise from the static code analysis. The plugin utilizes the dangerous `unserialize` function without apparent authentication or capability checks, presenting a potential for Remote Code Execution (RCE) if malicious data can be supplied to this function. Furthermore, a very low percentage of output is properly escaped, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities across the plugin's output. The lack of any recorded vulnerabilities in its history is a positive trend, but it does not mitigate the immediate risks identified in the code. The plugin's attack surface appears small and protected, but the presence of a dangerous function and widespread unescaped output are critical weaknesses that require immediate attention.

Key Concerns

Dangerous unserialize function without auth/capability checks
Low percentage of properly escaped output
No nonce checks implemented
No capability checks implemented

Vulnerabilities

None known

Campaign Monitor Synchronization Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Campaign Monitor Synchronization Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

132

3 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$cms_settings[ 'user_fields' ] = ( array ) unserialize( base64_decode( get_option( 'cms_user_fields'campaignmonitor-synchronization.php:184

SQL Query Safety

100% prepared1 total queries

Output Escaping

2% escaped135 total outputs

Attack Surface

Campaign Monitor Synchronization Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 10

actionadmin_initcampaignmonitor-synchronization.php:20

actionadmin_menucampaignmonitor-synchronization.php:21

actioncms_cron_updatecampaignmonitor-synchronization.php:22

actioninitcampaignmonitor-synchronization.php:23

actiondeleted_usercampaignmonitor-synchronization.php:24

actionprofile_updatecampaignmonitor-synchronization.php:25

actionupdate_option_cms_settingscampaignmonitor-synchronization.php:26

actionuser_registercampaignmonitor-synchronization.php:27

filtercron_schedulescampaignmonitor-synchronization.php:29

filterupdate_user_metadatacampaignmonitor-synchronization.php:30

Scheduled Events 1

cms_cron_update

Maintenance & Trust

Campaign Monitor Synchronization Maintenance & Trust

Maintenance Signals

WordPress version tested4.4.34

Last updatedDec 11, 2015

PHP min version

Downloads3K

Community Trust

Rating94/100

Number of ratings3

Active installs10

Alternatives

Campaign Monitor Synchronization Alternatives

Campaign Monitor Dual Registration

campaign-monitor-dual-registration

Automatically add new Wordpress users to your mailing list on Campaign Monitor.

10 No CVEs

New User Approve

new-user-approve

WordPress user approval plugin to moderate registrations. Approve or deny real users and prevent fake signups to control who registers on site.

20K 9 CVEs

User Access Manager

user-access-manager

With the "User Access Manager"-plugin you can manage the access to your posts, pages and files.

10K 4 CVEs

Delete Me

delete-me

Allow users with specific WordPress roles to delete themselves from the Your Profile page or anywhere Shortcodes can be used.

8K 1 CVE

Participants Database

participants-database

Build and maintain a fully customizable database of participants, members or anything with signup forms, admin backend, custom lists, and CSV support.

7K 9 CVEs

Developer Profile

Campaign Monitor Synchronization Developer Profile

Carlo Roosen

5 plugins · 140 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Campaign Monitor Synchronization

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ