WP-Safety

WP-Admin Distribution List Security & Risk Analysis

wordpress.org/plugins/distributionlist

Send emails to members in your Connections plugin

10 active installs v0.3 PHP + WP 4.3.1+ Updated Feb 7, 2016
connections-business-directory-emaildistribution-listmailing-listsend-bulk-mailwp-admin-distribution-list
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WP-Admin Distribution List Safe to Use in 2026?

Generally Safe

Score 85/100

WP-Admin Distribution List has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago
Risk Assessment

The distributionlist plugin v0.3 exhibits a mixed security posture. While it demonstrates good practices by avoiding dangerous functions, file operations, external HTTP requests, and correctly using prepared statements for its SQL queries, significant concerns arise from its attack surface and output handling. The plugin has one AJAX handler that lacks any authentication checks, presenting a direct entry point for potential exploitation. Furthermore, a critical flaw is identified in the taint analysis, with a flow involving unsanitized paths, which could lead to various injection vulnerabilities if not properly handled. The absence of any output escaping for all identified output points is a serious weakness, making it susceptible to Cross-Site Scripting (XSS) attacks. The plugin's vulnerability history is clean, with no recorded CVEs, which is positive. However, this lack of history, coupled with the identified code weaknesses, might indicate a lack of thorough security testing or a limited track record rather than inherent robustness. The plugin's strengths lie in its careful handling of database queries and its avoidance of certain risky coding patterns. However, the unprotected AJAX endpoint and pervasive lack of output escaping represent substantial risks that require immediate attention. The unsanitized path flow in the taint analysis is also a significant concern that needs to be addressed to prevent potential injection attacks.

Key Concerns

  • AJAX handler without auth checks
  • Flow with unsanitized paths
  • 100% of outputs unescaped
  • No nonce checks
  • No capability checks
Vulnerabilities
None known

WP-Admin Distribution List Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

WP-Admin Distribution List Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
8
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared2 total queries

Output Escaping

0% escaped8 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths
<Distributionlist> (admin\Distributionlist.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

WP-Admin Distribution List Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_sendMail_ajax_requestDistributionlist.php:53
WordPress Hooks 1
actionadmin_menuDistributionlist.php:18
Maintenance & Trust

WP-Admin Distribution List Maintenance & Trust

Maintenance Signals

WordPress version tested4.4.34
Last updatedFeb 7, 2016
PHP min version
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

WP-Admin Distribution List Alternatives

Participants Database

Participants Database

participants-database

A
87

Build and maintain a fully customizable database of participants, members or anything with signup forms, admin backend, custom lists, and CSV support.

7K 9 CVEs
Newsletters

Newsletters

newsletters-lite

B
76

Newsletter plugin for WordPress to capture subscribers and send beautiful, bulk newsletter emails.

2K 26 CVEs
Benchmark Email Lite

Benchmark Email Lite

benchmark-email-lite

A
99

Your Wordpress Site and Email Marketing all in one place!

1K 1 CVE
Contact Form 7 GetResponse Extension

Contact Form 7 GetResponse Extension

contact-form-7-getresponse-extension

C
63

A very easy plugin to integrate GetResponse campaigns with Contact Form 7.

1K 1 unpatched
Email Marketing Plugin – WP Email Capture

Email Marketing Plugin – WP Email Capture

wp-email-capture

A
95

Double opt-in form for building your email list. Define landing pages to distribute your ebooks & software.

1K 5 CVEs
Developer Profile

WP-Admin Distribution List Developer Profile

luckychingi

3 plugins · 520 total installs

72
trust score
Avg Security Score
90/100
Avg Patch Time
196 days
View full developer profile
Detection Fingerprints

How We Detect WP-Admin Distribution List

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/distributionlist/asset/css/bootstrap.min.css/wp-content/plugins/distributionlist/asset/js/bootstrap.min.js

HTML / DOM Fingerprints

CSS Classes
alertalert-dangerpagedbtn-grouppaginatebtnbtn-primaryform-control+1 more
Data Attributes
data-id
JS Globals
ajaxurltinyMCE
REST Endpoints
/wp-json/wpadmin/v1/sendMail_ajax_request
Shortcode Output
<div class='alert alert-danger'><b>This plugin requires the 'Connections Business Directory' plugin.</b><p>Please install <a href='#' class='connections'>'Connections Business Directory'</a> plugin to continue.</div><div class='btn-group' role='group' aria-label='Basic example'><div id=memberlist class='col-xs-12 col-sm-4'><div id=membermessage class='col-xs-12 col-sm-8'>
FAQ

Frequently Asked Questions about WP-Admin Distribution List