Does Capture have any unpatched vulnerabilities?

No. All known vulnerabilities in Capture have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Capture compatible with WordPress 6.8.5?

According to WordPress.org data, Capture 1.0.6 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Capture compatible with PHP 7.4+?

Capture requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Capture updated?

Capture was last updated on Oct 31, 2025. Frequent updates are generally a positive security signal.

What is Capture's security score?

Capture has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Capture Security & Risk Analysis

wordpress.org/plugins/capture

A WordPress plugin for capturing email subscriptions with EMS integration and local storage options.

0 active installs v1.0.6 PHP 7.4+ WP 5.0+ Updated Oct 31, 2025

emailemail-marketingformsnewslettersubscribers

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Capture Safe to Use in 2026?

Generally Safe

Score 100/100

Capture has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago

Risk Assessment

The 'capture' plugin version 1.0.6 exhibits a generally strong security posture, with all identified entry points (AJAX handlers, REST API routes, and shortcodes) appearing to have authentication and permission checks in place. The high percentage of SQL queries using prepared statements and properly escaped output further indicates good coding practices. The absence of known CVEs and a clean vulnerability history are positive signs, suggesting the plugin has been well-maintained and has not historically posed significant risks.

However, the static analysis does reveal areas of concern. The presence of two taint flows with unsanitized paths, flagged as high severity, is the most significant risk. While the analysis doesn't specify the exact nature of these flows, unsanitized paths can lead to directory traversal or other file system manipulation vulnerabilities if not handled with extreme care. Additionally, while the number of file operations and external HTTP requests is low, their potential interaction with unsanitized paths warrants careful scrutiny. The plugin also has a moderate attack surface with 8 total entry points, and while all appear protected, any oversight in these checks could expose vulnerabilities.

In conclusion, 'capture' v1.0.6 benefits from robust input validation and output sanitization in many areas, coupled with a clean security track record. Nevertheless, the high-severity taint flows related to unsanitized paths represent a critical area that requires immediate attention and remediation. Addressing these specific taint flows would significantly strengthen the plugin's overall security.

Key Concerns

High severity unsanitized taint flows found
Two flows with unsanitized paths

Vulnerabilities

None known

Capture Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Capture Code Analysis

Dangerous Functions

Raw SQL Queries

19 prepared

Unescaped Output

169 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

95% prepared20 total queries

Output Escaping

85% escaped200 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths

display_page (includes\admin\class-admin-subscribers.php:146)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Capture Attack Surface

Entry Points8

Unprotected0

AJAX Handlers 4

authwp_ajax_capture_save_test_connectionincludes\admin\class-admin-connections.php:37

authwp_ajax_capture_test_connectionincludes\admin\class-admin-connections.php:38

authwp_ajax_capture_remove_connectionincludes\admin\class-admin-connections.php:39

authwp_ajax_capture_update_connectionincludes\admin\class-admin-connections.php:40

REST API Routes 3

GET/wp-json/capture/v1/get-ems-lists/includes\rest-api-handlers.php:24

GET/wp-json/capture/v1/get-ems-providers/includes\rest-api-handlers.php:44

GET/wp-json/capture/v1/get-options/includes\rest-api-handlers.php:56

Shortcodes 1

[capture_form] includes\class-shortcodes.php:24

WordPress Hooks 15

actionadmin_initincludes\admin\class-admin-settings.php:25

actionadmin_initincludes\admin\class-admin-subscribers.php:28

actionadmin_enqueue_scriptsincludes\admin\class-admin-subscribers.php:30

actionadmin_noticesincludes\admin\class-admin-subscribers.php:81

actionadmin_noticesincludes\admin\class-admin-subscribers.php:88

actionadmin_noticesincludes\admin\class-admin-subscribers.php:129

actionadmin_enqueue_scriptsincludes\admin\class-admin.php:82

actionadmin_noticesincludes\admin\class-admin.php:84

actioninitincludes\block-registration.php:29

actionadmin_menuincludes\class-core.php:165

actioninitincludes\class-post-types.php:24

actioninitincludes\class-unsubscribe.php:28

actionwp_enqueue_scriptsincludes\class-unsubscribe.php:29

actionrest_api_initincludes\rest-api-handlers.php:21

actioninitwp-capture.php:78

Maintenance & Trust

Capture Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedOct 31, 2025

PHP min version7.4

Downloads155

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Capture Alternatives

Newsletter – Send awesome emails from WordPress

newsletter

An email marketing tool for your blog: subscription forms to create your lists with unlimited subscribers and newsletters.

200K 20 CVEs

Brevo – Email, SMS, Web Push, Chat, and more.

mailin

Turn your WordPress site into a marketing powerhouse. Grow your audience, boost engagement, and drive more sales with Brevo.

100K 9 CVEs

FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution

fluent-crm

The easiest and fastest Email Marketing, Newsletter, Marketing Automation Plugin & CRM Solution for WordPress

70K 3 CVEs

Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress

email-subscribers

Add subscription forms on the website and send newsletters & automatically send post notification about new blog posts once it gets published.

60K 42 CVEs

Kit (formerly ConvertKit) – Email Newsletter, Email Marketing, Membership, Subscribers and Landing Pages

convertkit

Build your email subscriber lists, send email marketing newsletters, sell more products and build your membership site with Kit (formerly ConvertKit).

40K 4 CVEs

Developer Profile

Capture Developer Profile

DannyCooper

9 plugins · 5K total installs

trust score

Avg Security Score

91/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Capture

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/capture/assets/css/admin-subscribers.css/wp-content/plugins/capture/assets/js/admin-subscribers.js/wp-content/plugins/capture/assets/css/capture-forms.css/wp-content/plugins/capture/assets/js/capture-forms.js

Version Parameters

capture/assets/css/admin-subscribers.css?ver=capture/assets/js/admin-subscribers.js?ver=capture/assets/css/capture-forms.css?ver=capture/assets/js/capture-forms.js?ver=

HTML / DOM Fingerprints

CSS Classes

capture-form

Data Attributes

data-form-id

JS Globals

capture_form_vars

Shortcode Output

[capture_form

FAQ