
DSubscribers Security & Risk Analysis
wordpress.org/plugins/dsubscribersManage subscribers from your site with ease
Is DSubscribers Safe to Use in 2026?
Mostly Safe
Score 84/100DSubscribers is generally safe to use though it hasn't been updated recently. 1 past CVE were resolved.
The "dsubscribers" v1.2.1 plugin exhibits a mixed security posture. While it has a relatively small attack surface and demonstrates some good coding practices like a high percentage of properly escaped outputs and prepared SQL statements, significant concerns are raised by the static analysis. The presence of the `create_function` function is a red flag, as it can be a vector for code injection if not handled with extreme care. More critically, the taint analysis reveals four high-severity flows with unsanitized paths, indicating potential vulnerabilities for attackers to exploit. The plugin's vulnerability history shows one previously disclosed high-severity CVE related to SQL injection, reinforcing the concern around data sanitization.
Despite the absence of currently unpatched vulnerabilities and a commendable zero direct unauthenticated entry points, the identified taint flows and the legacy `create_function` usage suggest that this plugin may not be as secure as its attack surface might initially imply. The historical SQL injection vulnerability, coupled with the taint analysis results, points to a recurring theme of potential issues with input validation and sanitization. While the plugin has strengths in output escaping and prepared statements, the high-severity taint flows and the use of `create_function` necessitate careful review and remediation to prevent exploitation.
Key Concerns
- High severity taint flows with unsanitized paths
- Presence of dangerous function: create_function
- One previously disclosed high severity CVE
- SQL queries with non-prepared statements (33%)
- Output escaping not properly implemented (30%)
DSubscribers Security Vulnerabilities
CVEs by Year
Severity Breakdown
1 total CVE
DSubscribers < 1.2.1 - Authenticated (Admin+) SQL Injection
DSubscribers Release Timeline
DSubscribers Code Analysis
Dangerous Functions Found
SQL Query Safety
Output Escaping
Data Flow Analysis
DSubscribers Attack Surface
AJAX Handlers 2
Shortcodes 1
WordPress Hooks 20
Maintenance & Trust
DSubscribers Maintenance & Trust
Maintenance Signals
Community Trust
DSubscribers Alternatives
Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress
email-subscribers
Add subscription forms on the website and send newsletters & automatically send post notification about new blog posts once it gets published.
Easy Subscribe
easy-subscribe
Quickly integrate modern, customizable subscription forms into your website to simplify email marketing, increase subscribers, and boost engagement.
Gragrid: Gravity Forms + SendGrid
gragrid
Integrates Gravity Forms with SendGrid, allowing form submissions to be automatically sent to your SendGrid contact lists.
AJAX File Upload
ajax-file-upload
Fast and easy front-end WordPress file uploader with shortcodes fully extensible
Integration for MailPoet and CF7
integration-for-mailpoet-and-cf7
Map Contact Form 7 submissions to MailPoet subscribers with per-form field mapping, consent control, list selection, and error logging.
DSubscribers Developer Profile
4 plugins · 100 total installs
How We Detect DSubscribers
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/dsubscribers/assets/css/frontend.css/wp-content/plugins/dsubscribers/assets/js/frontend.js/wp-content/plugins/dsubscribers/assets/js/jquery.validate.min.js/wp-content/plugins/dsubscribers/assets/js/jquery.validate.min.js/wp-content/plugins/dsubscribers/assets/js/frontend.jsdsubscribers/assets/css/frontend.css?ver=dsubscribers/assets/js/jquery.validate.min.js?ver=dsubscribers/assets/js/frontend.js?ver=HTML / DOM Fingerprints
ajaxurl[dsubscribers]