E-mail Campaign Manager Security & Risk Analysis
wordpress.org/plugins/e-mail-campaign-managerRequires at least: 3.0.1 Tested up to: 4.8 Donate link: https://www.paypal.me/r1mediapl Stable tag: 1.9 License: GPLv2 or later License URI: http://ww …
Is E-mail Campaign Manager Safe to Use in 2026?
Generally Safe
Score 100/100E-mail Campaign Manager has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The e-mail-campaign-manager plugin v1.9 demonstrates a mixed security posture. On the positive side, there are no known vulnerabilities (CVEs) associated with this plugin, and it employs nonce checks, indicating a general awareness of security best practices. The absence of dangerous functions, file operations, and external HTTP requests are also strengths. However, significant concerns arise from the static analysis. A substantial portion of SQL queries are not using prepared statements (40% unsanitized), presenting a risk of SQL injection. Furthermore, only 13% of output escaping is properly handled, which is a very low percentage and indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities. The taint analysis reveals flows with unsanitized paths, although no critical or high severity issues were flagged, this still warrants attention.
The plugin's vulnerability history is clean, which is positive. However, the static analysis findings, particularly the high percentage of unescaped output and raw SQL queries, suggest that the lack of past vulnerabilities might be due to luck or limited previous scrutiny rather than inherent robust security. The plugin's strengths lie in its lack of known historical exploits and the presence of some basic security measures like nonce checks. The primary weaknesses are the numerous potential injection and XSS vulnerabilities identified through static analysis.
Key Concerns
- High percentage of raw SQL queries
- Very low percentage of properly escaped output
- Taint flows with unsanitized paths
E-mail Campaign Manager Security Vulnerabilities
E-mail Campaign Manager Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
E-mail Campaign Manager Attack Surface
Shortcodes 4
WordPress Hooks 3
Maintenance & Trust
E-mail Campaign Manager Maintenance & Trust
Maintenance Signals
Community Trust
E-mail Campaign Manager Alternatives
YITH WooCommerce Waitlist
yith-woocommerce-waiting-list
This plugin enables registered users to request an email notification when an out-of-stock product comes back into stock.
Landing Page Builder – Free Landing Page Templates
ultimate-landing-page
Landing Page Builder lets you create Custom Pages using pre designed Free Landing Page templates with Ultimate Landing Page Builder.
Easy Notify Lite
easy-notify-lite
The best Popup Builder plugin to display image, video, notify or announcement with very ease and elegant.
Fyrebox Quizzes
fyrebox-shortcode
Create a quiz on the fyrebox.com website and display it easily in a post or on a tab.
List Builder
email-list-builder-by-social-intents
List Builder is the easiest way to double your email subscribers. A lightbox that integrates with MailChimp, Campaign Monitor, Constant Contact.
E-mail Campaign Manager Developer Profile
1 plugin · 10 total installs
How We Detect E-mail Campaign Manager
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/e-mail-campaign-manager/css/style.csse-mail-campaign-manager/css/style.css?ver=1HTML / DOM Fingerprints
r1-campaign-manageractivePlugin Name: E-mail Campaign ManagerPlugin URI: https://abckodera.pl/aktualnosci/e-mail-campaign-manager/Description: Managing Your e-mail subscriptions made easy.Version: 1.9+6 morename="ecm_name"name="ecm_email"name="ecm_captcha"name="ecm_securityHash"name="ecm_campaignID"<form method="post" action="<h2><input type="text" name="ecm_name" placeholder="Name" required="required" /><input type="email" name="ecm_email" placeholder="E-mail" required="required" />