Does ChimpPress have any unpatched vulnerabilities?

No. All known vulnerabilities in ChimpPress have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is ChimpPress compatible with WordPress 3.2.1?

According to WordPress.org data, ChimpPress 0.8.9 has been tested up to WordPress 3.2.1. Check the plugin's changelog for the latest compatibility information.

How often is ChimpPress updated?

ChimpPress was last updated on Dec 14, 2012. Frequent updates are generally a positive security signal.

What is ChimpPress's security score?

ChimpPress has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

ChimpPress Security Review — Score 85/100 (safe)

Safety Verdict

Is ChimpPress Safe to Use in 2026?

Generally Safe

Score 85/100

ChimpPress has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 13yr ago

Risk Assessment

The "chimppress" plugin version 0.8.9 exhibits a mixed security posture. While it demonstrates good practices such as using prepared statements for all SQL queries and only a limited number of file operations, significant concerns exist regarding its attack surface and code sanitization. The presence of an unprotected AJAX handler represents a direct entry point for potential attackers, and the use of `unserialize` without proper validation is a critical vulnerability, especially when combined with unsanitized input paths identified in the taint analysis. The plugin's lack of known historical vulnerabilities is a positive indicator, suggesting the developers may have a general awareness of security, but the current analysis reveals significant gaps in fundamental security controls like capability checks and proper output escaping.

Key Concerns

Unprotected AJAX handler
Dangerous function: unserialize without validation
Taint flows with unsanitized paths
Low percentage of properly escaped output
No capability checks on entry points

Vulnerabilities

None known

ChimpPress Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

ChimpPress Code Analysis

Dangerous Functions

1

Raw SQL Queries

0

0 prepared

Unescaped Output

155

16 escaped

Nonce Checks

1

Capability Checks

0

File Operations

2

External Requests

0

Bundled Libraries

0

Dangerous Functions Found

unserialize$serial = unserialize($response);includes\class-MCAPI.php:2464

Output Escaping

9% escaped171 total outputs

Data Flows

9 unsanitized

Data Flow Analysis

11 flows9 with unsanitized paths

get_campaign_html_callback (includes\class-ajax.php:18)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

ChimpPress Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_get_campaign_htmlincludes\class-ajax.php:13

WordPress Hooks 21

actionadmin_noticeschimppress.php:46

actionadmin_initchimppress.php:77

actionnew_to_publishincludes\class-auto-send.php:21

actiondraft_to_publishincludes\class-auto-send.php:22

actionauto-draft_to_publishincludes\class-auto-send.php:23

actionpending_to_publishincludes\class-auto-send.php:24

actionprivate_to_publishincludes\class-auto-send.php:25

actionfuture_to_publishincludes\class-auto-send.php:26

actiontemplate_redirectincludes\class-chimppress-display.php:13

actionadmin_initincludes\class-chimppress-meta-boxes.php:12

actionpost_updatedincludes\class-chimppress-meta-boxes.php:13

actioninitincludes\class-chimppress-setup.php:18

actionadmin_menuincludes\class-chimppress-setup.php:19

actionmanage_posts_custom_columnincludes\class-chimppress-setup.php:20

actionadmin_print_scriptsincludes\class-chimppress-setup.php:21

actionadmin_print_stylesincludes\class-chimppress-setup.php:22

filtermanage_edit-chimppress_columnsincludes\class-chimppress-setup.php:24

actioncp_templatesincludes\class-chimppress-templates.php:14

actioncp_widgetsincludes\class-chimppress-widgets.php:11

actioncp_widgetsincludes\class-chimppress-widgets.php:12

filterattachment_fields_to_editincludes\class-media-upload-edit.php:21

Maintenance & Trust

ChimpPress Maintenance & Trust

Maintenance Signals

WordPress version tested3.2.1

Last updatedDec 14, 2012

PHP min version

Downloads5K

Community Trust

Rating40/100

Number of ratings1

Active installs10

Alternatives

ChimpPress Alternatives

Techsarathy Sendy CF7 Integration

techsarathy-sendy-cf7-integration

A

85

Sendy integration for Contact Form 7.

40 No CVEs

ALIDANI Contact forms

alidani-contact-form

A

85

Contact form with visual form builder. Contact form that sends the data to email, to a database list and easy to update the content.

10 No CVEs

E-mail Campaign Manager

e-mail-campaign-manager

A

100

Requires at least: 3.0.1 Tested up to: 4.8 Donate link: https://www.paypal.me/r1mediapl Stable tag: 1.9 License: GPLv2 or later License URI: http://ww …

10 No CVEs

Pretty Opt In Lite – Content Locker for Lead Generation

pretty-opt-in-lite

A

100

Pretty Opt-In - Content Locker for Lead Generation

0 No CVEs

Site Mailer – SMTP Replacement, Email API Deliverability & Email Log

site-mailer

A

98

Effortlessly manage transactional emails with Site Mailer. High deliverability, logs and statistics, and no SMTP plugins needed.

200K 1 CVE

Developer Profile

ChimpPress Developer Profile

Andy Charrington

5 plugins · 900 total installs

84

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect ChimpPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/chimppress/js/edit-campaign.js/wp-content/plugins/chimppress/js/upload-media.js/wp-content/plugins/chimppress/js/campaign-stats.js/wp-content/plugins/chimppress/js/campaign-settings.js/wp-content/plugins/chimppress/js/campaign-feedback.js/wp-content/plugins/chimppress/js/campaign-editor.js/wp-content/plugins/chimppress/css/admin-style.css/wp-content/plugins/chimppress/css/edit-campaign.css+2 more

Script Paths

/wp-content/plugins/chimppress/js/edit-campaign.js/wp-content/plugins/chimppress/js/upload-media.js/wp-content/plugins/chimppress/js/campaign-stats.js/wp-content/plugins/chimppress/js/campaign-settings.js/wp-content/plugins/chimppress/js/campaign-feedback.js/wp-content/plugins/chimppress/js/campaign-editor.js

Version Parameters

chimppress/css/admin-style.css?ver=chimppress/css/edit-campaign.css?ver=chimppress/js/edit-campaign.js?ver=chimppress/js/upload-media.js?ver=chimppress/js/campaign-stats.js?ver=chimppress/js/campaign-settings.js?ver=chimppress/js/campaign-feedback.js?ver=chimppress/js/campaign-editor.js?ver=

HTML / DOM Fingerprints

CSS Classes

chimppress_typechimppress_statuschimppress_sendtimechimppress_emailssentchimppress_template_post_typechimppress_template_taxonomieschimppress-mailchimp-api-functionschimppress-setup+10 more

HTML Comments

Data Attributes

data-chimppress-campaign-iddata-chimppress-campaign-type

JS Globals

window.chimppress_edit_campaign_varswindow.chimppress_upload_media_varswindow.chimppress_stats_varswindow.chimppress_settings_varswindow.chimppress_feedback_varswindow.chimppress_editor_vars

FAQ

ChimpPress Security & Risk Analysis