Does DSubscribers have any unpatched vulnerabilities?

No. All known vulnerabilities in DSubscribers have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is DSubscribers compatible with WordPress 4.9.29?

According to WordPress.org data, DSubscribers 1.2.1 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

How often is DSubscribers updated?

DSubscribers was last updated on May 3, 2018. Frequent updates are generally a positive security signal.

What is DSubscribers's security score?

DSubscribers has a WP-Safety security score of 84/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

DSubscribers Security & Risk Analysis

wordpress.org/plugins/dsubscribers

Manage subscribers from your site with ease

20 active installs v1.2.1 PHP + WP 3.9+ Updated May 3, 2018

ajaxformshortcodesubscribersubscribers

B · Generally Safe

CVEs total1

Unpatched0

Last CVEJul 6, 2017

Plugin page Download

Safety Verdict

Is DSubscribers Safe to Use in 2026?

Mostly Safe

Score 84/100

DSubscribers is generally safe to use though it hasn't been updated recently. 1 past CVE were resolved. Keep it updated.

1 known CVELast CVE: Jul 6, 2017Updated 7yr ago

Risk Assessment

The "dsubscribers" v1.2.1 plugin exhibits a mixed security posture. While it has a relatively small attack surface and demonstrates some good coding practices like a high percentage of properly escaped outputs and prepared SQL statements, significant concerns are raised by the static analysis. The presence of the `create_function` function is a red flag, as it can be a vector for code injection if not handled with extreme care. More critically, the taint analysis reveals four high-severity flows with unsanitized paths, indicating potential vulnerabilities for attackers to exploit. The plugin's vulnerability history shows one previously disclosed high-severity CVE related to SQL injection, reinforcing the concern around data sanitization.

Despite the absence of currently unpatched vulnerabilities and a commendable zero direct unauthenticated entry points, the identified taint flows and the legacy `create_function` usage suggest that this plugin may not be as secure as its attack surface might initially imply. The historical SQL injection vulnerability, coupled with the taint analysis results, points to a recurring theme of potential issues with input validation and sanitization. While the plugin has strengths in output escaping and prepared statements, the high-severity taint flows and the use of `create_function` necessitate careful review and remediation to prevent exploitation.

Key Concerns

High severity taint flows with unsanitized paths
Presence of dangerous function: create_function
One previously disclosed high severity CVE
SQL queries with non-prepared statements (33%)
Output escaping not properly implemented (30%)

Vulnerabilities

DSubscribers Security Vulnerabilities

CVEs by Year

1 CVE in 2017

2017

Patched Has unpatched

Severity Breakdown

High

1 total CVE

WF-0e604d56-572f-4d60-b5ad-14c02ba9cc94-dsubscribershigh · 7.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DSubscribers < 1.2.1 - Authenticated (Admin+) SQL Injection

Jul 6, 2017 Patched in 1.2.1 (2392d)

Code Analysis

Analyzed Mar 16, 2026

DSubscribers Code Analysis

Dangerous Functions

Raw SQL Queries

6 prepared

Unescaped Output

49 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_functionadd_filter('wp_mail_content_type', create_function('', 'return "text/html";'));includes\class-dsubscribers.php:51

SQL Query Safety

67% prepared9 total queries

Output Escaping

70% escaped70 total outputs

Data Flows

5 unsanitized

Data Flow Analysis

5 flows5 with unsanitized paths

display_rows (includes\class-dsubscribers-list-table.php:121)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

DSubscribers Attack Surface

Entry Points3

Unprotected0

AJAX Handlers 2

authwp_ajax_dsubscribers_ajaxincludes\class-dsubscribers.php:48

noprivwp_ajax_dsubscribers_ajaxincludes\class-dsubscribers.php:49

Shortcodes 1

[dsubscribers] includes\class-dsubscribers.php:46

WordPress Hooks 20

actionadmin_initincludes\class-dsubscribers-settings.php:20

actionadmin_initincludes\class-dsubscribers-settings.php:21

actionadmin_menuincludes\class-dsubscribers-settings.php:22

actionadmin_menuincludes\class-dsubscribers-table.php:14

actioninitincludes\class-dsubscribers-table.php:16

actioninitincludes\class-dsubscribers-table.php:17

actioninitincludes\class-dsubscribers-table.php:19

actionwp_enqueue_scriptsincludes\class-dsubscribers.php:32

actionwp_enqueue_scriptsincludes\class-dsubscribers.php:33

actioninitincludes\class-dsubscribers.php:36

actionwp_headincludes\class-dsubscribers.php:44

filterwp_mail_content_typeincludes\class-dsubscribers.php:51

actionwidgets_initincludes\class-dsubscribers.php:53

actioninitincludes\class-dsubscribers.php:56

filterpre_update_option_dsubscribers_send_checkboxincludes\class-dsubscribers.php:66

filterpre_update_option_dsubscribers_message_blockincludes\class-dsubscribers.php:67

filterpre_update_option_dsubscribers_subscribed_msgincludes\class-dsubscribers.php:68

filterpre_update_option_dsubscribers_exists_msgincludes\class-dsubscribers.php:69

filterpre_update_option_dsubscribers_unsubscribed_msgincludes\class-dsubscribers.php:70

filterpre_update_option_dsubscribers_dont_exists_msgincludes\class-dsubscribers.php:71

Maintenance & Trust

DSubscribers Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedMay 3, 2018

PHP min version

Downloads3K

Community Trust

Rating100/100

Number of ratings1

Active installs20

Alternatives

DSubscribers Alternatives

Easy Subscribe

easy-subscribe

100

Quickly integrate modern, customizable subscription forms into your website to simplify email marketing, increase subscribers, and boost engagement.

500 No CVEs

Gragrid: Gravity Forms + SendGrid

gragrid

Integrates Gravity Forms with SendGrid, allowing form submissions to be automatically sent to your SendGrid contact lists.

100 No CVEs

AJAX File Upload

ajax-file-upload

Fast and easy front-end WordPress file uploader with shortcodes fully extensible

50 No CVEs

List YouTube Channel Videos

list-youtube-channel-videos

Provide shortcode to show youtube videos of channel into website and play youtube videos directly from website. Use Shortcode [youtube-list-channel-vi …

10 No CVEs

Moptin – Email Subscription Optin form

moptin-email-subscription-optin-form

Moptin is an Email Subscription Optin Form WordPress Plugin.

10 No CVEs

Developer Profile

DSubscribers Developer Profile

dinamiko

3 plugins · 70 total installs

trust score

Avg Security Score

92/100

Avg Patch Time

1246 days

View full developer profile

Detection Fingerprints

How We Detect DSubscribers

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/dsubscribers/assets/css/frontend.css/wp-content/plugins/dsubscribers/assets/js/frontend.js/wp-content/plugins/dsubscribers/assets/js/jquery.validate.min.js

Script Paths

/wp-content/plugins/dsubscribers/assets/js/jquery.validate.min.js/wp-content/plugins/dsubscribers/assets/js/frontend.js

Version Parameters

dsubscribers/assets/css/frontend.css?ver=dsubscribers/assets/js/jquery.validate.min.js?ver=dsubscribers/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

JS Globals

ajaxurl

Shortcode Output

[dsubscribers]

FAQ