Does Easy Subscribe have any unpatched vulnerabilities?

No. All known vulnerabilities in Easy Subscribe have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Easy Subscribe compatible with WordPress 6.9.4?

According to WordPress.org data, Easy Subscribe 1.5.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Easy Subscribe compatible with PHP 7.4+?

Easy Subscribe requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Easy Subscribe updated?

Easy Subscribe was last updated on Nov 14, 2025. Frequent updates are generally a positive security signal.

What is Easy Subscribe's security score?

Easy Subscribe has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Easy Subscribe Security & Risk Analysis

wordpress.org/plugins/easy-subscribe

Quickly integrate modern, customizable subscription forms into your website to simplify email marketing, increase subscribers, and boost engagement.

500 active installs v1.5.2 PHP 7.4+ WP 6.4+ Updated Nov 14, 2025

formnewslettersubscribesubscriberswoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Easy Subscribe Safe to Use in 2026?

Generally Safe

Score 100/100

Easy Subscribe has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago

Risk Assessment

The 'easy-subscribe' v1.5.2 plugin demonstrates a generally good security posture with several strong practices in place. The code shows a high adherence to using prepared statements for SQL queries (89%) and robust output escaping (98%), significantly mitigating common injection vulnerabilities. The absence of dangerous functions, file operations, and external HTTP requests is also a positive indicator. Furthermore, the plugin has no recorded vulnerabilities or CVEs, suggesting a history of responsible development or a very low profile of exploitation.

However, there are areas of concern. The presence of a REST API route without permission callbacks presents a significant risk. This endpoint could be accessible to unauthenticated users, potentially leading to unauthorized actions or information disclosure depending on its functionality. While the total attack surface is relatively small with only one unprotected entry point, this single vulnerability warrants attention. The plugin also utilizes bundled libraries, Select2 and Freemius v1.0; while the analysis doesn't explicitly state their versions or potential vulnerabilities, it's a general security consideration to keep bundled libraries updated.

In conclusion, 'easy-subscribe' v1.5.2 is largely well-coded with good security foundations. The primary weakness lies in the unprotected REST API route, which introduces a direct attack vector. The lack of historical vulnerabilities is a strength, but it should not breed complacency, especially with an identified unprotected entry point. Addressing the unprotected REST API should be the immediate priority to further harden the plugin's security.

Key Concerns

REST API route without permission callbacks
Bundled Freemius v1.0 library
Bundled Select2 library

Vulnerabilities

None known

Easy Subscribe Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Easy Subscribe Code Analysis

Dangerous Functions

Raw SQL Queries

39 prepared

Unescaped Output

175 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2Freemius1.0

SQL Query Safety

89% prepared44 total queries

Output Escaping

98% escaped178 total outputs

Attack Surface

1 unprotected

Easy Subscribe Attack Surface

Entry Points5

Unprotected1

AJAX Handlers 2

authwp_ajax_esub_repair_tablesadmin\admin.php:23

authwp_ajax_esub_get_list_countadmin\admin.php:28

REST API Routes 2

GET/wp-json/easy-subscribe/v1/dataadmin\admin.php:271

GET/wp-json/easy-subscribe/v1/subscribeadmin\admin.php:302

Shortcodes 1

[easy-subscribe] public\public.php:20

WordPress Hooks 13

actionadmin_enqueue_scriptsadmin\admin.php:19

actionadmin_enqueue_scriptsadmin\admin.php:20

actionadmin_menuadmin\admin.php:21

actionrest_api_initadmin\admin.php:24

filteradmin_footer_textadmin\admin.php:26

actiondevnet_esub_form_topadmin\settings.php:49

filteris_submenu_visibleeasy-subscribe.php:97

actionafter_uninstalleasy-subscribe.php:103

filterplugin_iconeasy-subscribe.php:104

actioninitincludes\i18n.php:16

actionwp_enqueue_scriptspublic\public.php:17

actionwp_enqueue_scriptspublic\public.php:18

actionwp_footerpublic\public.php:19

Maintenance & Trust

Easy Subscribe Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedNov 14, 2025

PHP min version7.4

Downloads4K

Community Trust

Rating100/100

Number of ratings1

Active installs500

Alternatives

Easy Subscribe Alternatives

Simple Newsletter Plugin – Noptin

newsletter-optin-box

A fast, GDPR-compliant newsletter plugin. Collect newsletter subscribers, let users subscribe to new post notifications, and send newsletters. ★★★★★

10K 4 CVEs

weMail: Email Marketing, Email Automation, Newsletters, Subscribers & eCommerce Email Optins

wemail

Send email newsletters, automate email marketing with email automation, manage subscribers, eCommerce emails, post notifications & optins with ease

10K 6 CVEs

Integration for listmonk mailing list and newsletter service

integration-for-listmonk-mailing-list-and-newsletter-manager

100

Integrates the open-source mailing list tool listmonk with WordPress/WooCommerce so users can subscribe to your mailing list.

100 No CVEs

Capture

capture

100

A WordPress plugin for capturing email subscriptions with EMS integration and local storage options.

0 No CVEs

Integration for MailPoet and CF7

integration-for-mailpoet-and-cf7

100

Map Contact Form 7 submissions to MailPoet subscribers with per-form field mapping, consent control, list selection, and error logging.

0 No CVEs

Developer Profile

Easy Subscribe Developer Profile

Marin Matosevic

1 plugin · 500 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Easy Subscribe

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/easy-subscribe/assets/build/admin.css/wp-content/plugins/easy-subscribe/assets/build/admin-subscribers.css/wp-content/plugins/easy-subscribe/assets/color-picker/wp-color-picker-alpha.min.js/wp-content/plugins/easy-subscribe/assets/build/admin.js/wp-content/plugins/easy-subscribe/assets/build/admin-subscribers.js

Script Paths

assets/build/admin.jsassets/build/admin-subscribers.js

Version Parameters

easy-subscribe/assets/build/admin.css?ver=easy-subscribe/assets/build/admin-subscribers.css?ver=easy-subscribe/assets/color-picker/wp-color-picker-alpha.min.js?ver=easy-subscribe/assets/build/admin.js?ver=easy-subscribe/assets/build/admin-subscribers.js?ver=

HTML / DOM Fingerprints

CSS Classes

esub-admin-pagedevnet-esub-wrapdevnet-esub-subscribers-page

Data Attributes

data-action="esub_repair_tables"data-action="esub_get_list_count"

JS Globals

devnet_esub_script

REST Endpoints

/wp-json/easy-subscribe/v1/settings/wp-json/easy-subscribe/v1/subscribers

FAQ