Display MailChimp Security & Risk Analysis

wordpress.org/plugins/display-mailchimp-shortcode

Shortcode to display Mailchimp campaigns.

0 active installs v1.2.0 PHP 7.3+ WP 4.0+ Updated Dec 16, 2019
mailchimpshortcode
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Display MailChimp Safe to Use in 2026?

Generally Safe

Score 85/100

Display MailChimp has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago
Risk Assessment

The 'display-mailchimp-shortcode' plugin version 1.2.0 exhibits a generally strong security posture based on the provided static analysis and vulnerability history. The absence of dangerous functions, the exclusive use of prepared statements for SQL queries, and proper output escaping for all identified outputs are significant strengths. The plugin also avoids file operations and external HTTP requests, further reducing its attack surface. The lack of any known CVEs, past or present, indicates a history of responsible development or fortunate avoidance of discovered vulnerabilities.

However, there are areas that warrant caution. The plugin has one shortcode, which serves as an entry point into the application. While the static analysis reports zero unprotected entry points, the absence of explicit capability checks and nonce checks on this shortcode is a notable concern. If this shortcode handles user input or performs actions that should be restricted to authenticated users, the lack of these security measures could be exploited. The fact that there are no taint flows analyzed is neither inherently good nor bad, but it means this analysis method couldn't identify any input-related vulnerabilities, which may be due to the plugin's limited complexity or the scope of the analysis.

In conclusion, while the plugin has several positive security indicators and a clean vulnerability history, the absence of capability and nonce checks on its sole shortcode represents a potential weakness. This is a common area for vulnerabilities in WordPress plugins. The overall risk is currently low, but this specific area could be exploited if the shortcode performs sensitive operations.

Key Concerns

  • Missing nonce checks on shortcode
  • Missing capability checks on shortcode
Vulnerabilities
None known

Display MailChimp Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Display MailChimp Release Timeline

v1.2.0Current
Code Analysis
Analyzed Mar 17, 2026

Display MailChimp Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
11 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
1
Bundled Libraries
0

Output Escaping

100% escaped11 total outputs
Attack Surface

Display MailChimp Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[display-mailchimp] display-mailchimp-shortcode.php:44
WordPress Hooks 2
filterquery_varsdisplay-mailchimp-shortcode.php:47
actioninitdisplay-mailchimp-shortcode.php:50
Maintenance & Trust

Display MailChimp Maintenance & Trust

Maintenance Signals

WordPress version tested5.1.22
Last updatedDec 16, 2019
PHP min version7.3
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Developer Profile

Display MailChimp Developer Profile

Magda Sicknick

7 plugins · 80 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Display MailChimp

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Version Parameters
/display-mailchimp-shortcode/style.css?ver=/display-mailchimp-shortcode/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
display-mailchimppage-numberspaging-navigation
Shortcode Output
<ul class="display-mailchimp"><nav class="navigation paging-navigation" role="navigation"><div class="page-links"><a class="page-numbers"
FAQ

Frequently Asked Questions about Display MailChimp