Does Constant Contact Forms by MailMunch have any unpatched vulnerabilities?

No. All known vulnerabilities in Constant Contact Forms by MailMunch have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Constant Contact Forms by MailMunch compatible with WordPress 6.9.4?

According to WordPress.org data, Constant Contact Forms by MailMunch 2.1.6 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Constant Contact Forms by MailMunch updated?

Constant Contact Forms by MailMunch was last updated on Jan 23, 2026. Frequent updates are generally a positive security signal.

What is Constant Contact Forms by MailMunch's security score?

Constant Contact Forms by MailMunch has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Constant Contact Forms by MailMunch Security & Risk Analysis

wordpress.org/plugins/constant-contact-forms-by-mailmunch

The #1 Constant Contact plugin to get more email subscribers. Easily add Constant Contact sign-up forms as popup, embedded widget or sticky top bar.

3K active installs v2.1.6 PHP + WP 3.0.1+ Updated Jan 23, 2026

constant-contactemail-marketingnewslettersignup-formssubscribe

A · Safe

CVEs total3

Unpatched0

Last CVENov 12, 2024

Plugin page Download

Safety Verdict

Is Constant Contact Forms by MailMunch Safe to Use in 2026?

Generally Safe

Score 98/100

Constant Contact Forms by MailMunch has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Nov 12, 2024Updated 2mo ago

Risk Assessment

The 'constant-contact-forms-by-mailmunch' plugin version 2.1.6 presents a mixed security posture. While it demonstrates good practices by exclusively using prepared statements for SQL queries and includes a reasonable number of nonce and capability checks, significant concerns arise from its attack surface. A substantial portion of its AJAX handlers (5 out of 5) lack authentication checks, creating potential entry points for unauthorized actions. Furthermore, the presence of the `unserialize` function, a known risky function, without explicit context on its usage and sanitization, is a notable red flag. The plugin's vulnerability history, with 3 medium-severity CVEs historically, and common types including XSS and CSRF, suggests a past susceptibility to common web vulnerabilities. Although no currently unpatched CVEs are listed, the pattern of past vulnerabilities warrants caution. The taint analysis did not reveal critical or high-severity unsanitized paths, which is a positive sign, but the overall risk is elevated by the unprotected AJAX endpoints and the presence of `unserialize`.

Key Concerns

Large attack surface without auth checks on AJAX
Presence of dangerous function: unserialize
Low percentage of properly escaped output
History of medium severity CVEs (3 total)

Vulnerabilities

Constant Contact Forms by MailMunch Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

2 CVEs in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

3 total CVEs

CVE-2024-9614medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Constant Contact Forms by MailMunch <= 2.1.2 - Reflected Cross-Site Scripting

Nov 12, 2024 Patched in 2.1.3 (13d)

CVE-2024-22137medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Constant Contact Forms by MailMunch <= 2.0.11 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jan 10, 2024 Patched in 2.1.0 (321d)

CVE-2023-45647medium · 4.3Cross-Site Request Forgery (CSRF)

Constant Contact Forms by MailMunch <= 2.0.10 - Cross-Site Request Forgery

Oct 12, 2023 Patched in 2.0.11 (103d)

Code Analysis

Analyzed Mar 16, 2026

Constant Contact Forms by MailMunch Code Analysis

Dangerous Functions

Raw SQL Queries

6 prepared

Unescaped Output

24 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$value = unserialize($value);includes\class-mailmunch-api.php:236

SQL Query Safety

100% prepared6 total queries

Output Escaping

30% escaped81 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

8 flows2 with unsanitized paths

sign_up (admin\class-constantcontact-mailmunch-admin.php:126)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

5 unprotected

Constant Contact Forms by MailMunch Attack Surface

Entry Points6

Unprotected5

AJAX Handlers 5

authwp_ajax_sign_upincludes\class-constantcontact-mailmunch.php:218

authwp_ajax_sign_inincludes\class-constantcontact-mailmunch.php:219

authwp_ajax_delete_widgetincludes\class-constantcontact-mailmunch.php:220

authwp_ajax_delete_emailincludes\class-constantcontact-mailmunch.php:221

authwp_ajax_change_email_statusincludes\class-constantcontact-mailmunch.php:222

Shortcodes 1

[mailmunch-form] public\class-constantcontact-mailmunch-public.php:55

WordPress Hooks 25

actionplugins_loadedincludes\class-constantcontact-mailmunch.php:192

actionadmin_enqueue_scriptsincludes\class-constantcontact-mailmunch.php:207

actionadmin_enqueue_scriptsincludes\class-constantcontact-mailmunch.php:208

actionadmin_menuincludes\class-constantcontact-mailmunch.php:209

actionadmin_initincludes\class-constantcontact-mailmunch.php:210

actionadmin_initincludes\class-constantcontact-mailmunch.php:211

actionadmin_initincludes\class-constantcontact-mailmunch.php:214

actionadmin_noticesincludes\class-constantcontact-mailmunch.php:215

actionwp_dashboard_setupincludes\class-constantcontact-mailmunch.php:225

actionwp_enqueue_scriptsincludes\class-constantcontact-mailmunch.php:246

actionwp_enqueue_scriptsincludes\class-constantcontact-mailmunch.php:247

actionwp_headincludes\class-constantcontact-mailmunch.php:248

filterthe_contentincludes\class-constantcontact-mailmunch.php:252

actionwidgets_initincludes\class-constantcontact-mailmunch.php:256

actioninitincludes\class-constantcontact-mailmunch.php:268

filtertemplate_includeincludes\class-constantcontact-mailmunch.php:269

filterget_pagesincludes\class-constantcontact-mailmunch.php:270

actionadd_meta_boxesincludes\class-constantcontact-mailmunch.php:272

actionsave_postincludes\class-constantcontact-mailmunch.php:273

actioninitincludes\class-constantcontact-mailmunch.php:276

actionsave_postincludes\class-constantcontact-mailmunch.php:277

actionwp_insert_postincludes\class-constantcontact-mailmunch.php:278

actionpre_get_postsincludes\class-constantcontact-mailmunch.php:279

filterpost_type_linkincludes\class-constantcontact-mailmunch.php:280

filterwp_unique_post_slugincludes\class-constantcontact-mailmunch.php:281

Maintenance & Trust

Constant Contact Forms by MailMunch Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 23, 2026

PHP min version

Downloads119K

Community Trust

Rating84/100

Number of ratings49

Active installs3K

Alternatives

Constant Contact Forms by MailMunch Alternatives

Newsletter – Send awesome emails from WordPress

newsletter

An email marketing tool for your blog: subscription forms to create your lists with unlimited subscribers and newsletters.

200K 20 CVEs

FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution

fluent-crm

The easiest and fastest Email Marketing, Newsletter, Marketing Automation Plugin & CRM Solution for WordPress

70K 3 CVEs

Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress

email-subscribers

Add subscription forms on the website and send newsletters & automatically send post notification about new blog posts once it gets published.

60K 42 CVEs

Kit (formerly ConvertKit) – Email Newsletter, Email Marketing, Membership, Subscribers and Landing Pages

convertkit

Build your email subscriber lists, send email marketing newsletters, sell more products and build your membership site with Kit (formerly ConvertKit).

40K 4 CVEs

weMail: Email Marketing, Email Automation, Newsletters, Subscribers & eCommerce Email Optins

wemail

Send email newsletters, automate email marketing with email automation, manage subscribers, eCommerce emails, post notifications & optins with ease

10K 6 CVEs

Developer Profile

Constant Contact Forms by MailMunch Developer Profile

mailmunch

3 plugins · 19K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

79 days

View full developer profile

Detection Fingerprints

How We Detect Constant Contact Forms by MailMunch

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/constant-contact-forms-by-mailmunch/admin/css/constantcontact-mailmunch-admin.css/wp-content/plugins/constant-contact-forms-by-mailmunch/admin/js/constantcontact-mailmunch-admin.js

Script Paths

/wp-content/plugins/constant-contact-forms-by-mailmunch/admin/js/constantcontact-mailmunch-admin.js

Version Parameters

/wp-content/plugins/constant-contact-forms-by-mailmunch/admin/css/constantcontact-mailmunch-admin.css?ver=/wp-content/plugins/constant-contact-forms-by-mailmunch/admin/js/constantcontact-mailmunch-admin.js?ver=

HTML / DOM Fingerprints

JS Globals

mailmunch_nonces

FAQ