Does EasyNewsletter have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is EasyNewsletter compatible with WordPress 6.8.5?

According to WordPress.org data, EasyNewsletter 4.0.3 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is EasyNewsletter compatible with PHP 8.0+?

EasyNewsletter requires PHP 8.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is EasyNewsletter updated?

EasyNewsletter was last updated on Apr 9, 2026. Frequent updates are generally a positive security signal.

What is EasyNewsletter's security score?

EasyNewsletter has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

EasyNewsletter Security — No Known CVEs

Safety Verdict

Is EasyNewsletter Safe to Use in 2026?

Generally Safe

Score 100/100

EasyNewsletter has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The easynewsletter plugin v4.0.3 exhibits a mixed security posture. On the positive side, it demonstrates strong adherence to secure coding practices in several key areas. All identified AJAX handlers and REST API routes are protected by authentication and capability checks, and all SQL queries utilize prepared statements, significantly mitigating risks of SQL injection. Furthermore, the plugin has no known historical CVEs, suggesting a history of secure development or diligent patching by maintainers. However, there are notable areas of concern. The presence of 22 instances of the `unserialize` function, coupled with 5 taint flows with unsanitized paths (two of which are rated high severity), indicates a significant risk of object injection or deserialization vulnerabilities. Although specific exploitability isn't detailed, these are critical areas to address. The relatively high percentage of improperly escaped output (28%) also presents a potential risk for cross-site scripting (XSS) vulnerabilities, especially if the unsanitized taint flows can lead to such outputs.

Key Concerns

High severity unsanitized taint flows
Unsanitized paths in taint flows
Significant amount of unserialize usage
Percentage of unescaped output

Vulnerabilities

None known

EasyNewsletter Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

EasyNewsletter Release Timeline

v4.0.3Current

v4.0.2

v4.0.1

v4.0.0

v3.5.1

v3.5.0

v3.4.1

v3.4.0

v3.3.4

v3.3.3

v3.3.2

v3.3.1

v3.3.0

v3.2.1

v3.2.0

v3.1.15

v3.1.14

v3.1.13

v3.1.12

v3.1.11

Code Analysis

Analyzed Apr 16, 2026

EasyNewsletter Code Analysis

Dangerous Functions

22

Raw SQL Queries

0

9 prepared

Unescaped Output

60

154 escaped

Nonce Checks

14

Capability Checks

1

File Operations

10

External Requests

0

Bundled Libraries

0

Dangerous Functions Found

unserialize$attachments = $this->generateAttachments(unserialize(get_post_meta($currentNewsletterID, "en_newslesrc/core/mailManager.php:260

unserialize$newsletterCustomInjection = unserialize(get_post_meta($newsletterID, "en_custom_html_injection", trsrc/core/mailManager.php:366

unserialize$array = unserialize(get_post_meta($post->ID, "en_newsletter_attachments", true));src/core/metaBoxes/addAttachmentBox.php:35

unserialize$metaField = unserialize(get_post_meta($post_id, "en_newsletter_attachments", true));src/core/metaBoxes/addAttachmentBox.php:61

unserialize$metaField = unserialize(get_post_meta($postID, "en_newsletter_attachments", true));src/core/metaBoxes/addAttachmentBox.php:79

unserialize$metaField = unserialize(get_post_meta($postID, "en_newsletter_attachments", true));src/core/metaBoxes/addAttachmentBox.php:100

unserialize$array = unserialize(get_post_meta($post->ID, "en_custom_html_injection", true));src/core/metaBoxes/htmlInjectionBox.php:36

unserialize$metaField = unserialize(get_post_meta($post_id, "en_custom_html_injection", true));src/core/metaBoxes/htmlInjectionBox.php:78

unserialize$metaField = unserialize(get_post_meta($postID, "en_custom_html_injection", true));src/core/metaBoxes/htmlInjectionBox.php:96

unserialize$metaField = unserialize(get_post_meta($postID, "en_custom_html_injection", true));src/core/metaBoxes/htmlInjectionBox.php:122

unserialize$attachments = mailManager::instance()->generateAttachments(unserialize(get_post_meta($postID, "en_nsrc/core/newsletterPostType.php:533

unserialize$availableSubscriberCategories = unserialize($availableSubscriberCategories);src/core/registration/registration.php:196

unserialize$signupFormFields = unserialize($signupFormFields);src/core/registration/registrationFormContent.php:18

unserialize$targetGroups = unserialize(databaseConnector::instance()->getSettingFromDB("subscriberCategory"));src/core/settingsPageContent.php:28

unserialize$targetGroups = unserialize(databaseConnector::instance()->getSettingFromDB("subscriberRole"));src/core/settingsPageContent.php:35

unserialize$targetGroups = unserialize(databaseConnector::instance()->getSettingFromDB("subscriberCategory"));src/core/settingsPageContent.php:56

unserialize$targetGroups = unserialize(databaseConnector::instance()->getSettingFromDB("subscriberRole"));src/core/settingsPageContent.php:64

unserialize$checkboxesActive = unserialize($signupFormFieldsValue);src/core/settingsPageContent.php:78

unserialize$targetGroupsCategory = unserialize(databaseConnector::instance()->getSettingFromDB("subscriberCategsrc/core/settingsPageContent.php:118

unserialize$targetGroupsRole = unserialize(databaseConnector::instance()->getSettingFromDB("subscriberRole"));src/core/settingsPageContent.php:137

unserializereturn unserialize( get_post_meta( $subscriberID, "en_allReceived", true ));src/core/subscriberMetaDataHandler.php:31

unserialize$allReceived = unserialize(get_post_meta($post->ID, $columnName, true));src/core/subscriberPostType.php:205

SQL Query Safety

100% prepared9 total queries

Output Escaping

72% escaped214 total outputs

Data Flows · Security

5 unsanitized

Data Flow Analysis

13 flows5 with unsanitized paths

easyNewsletterUnsubscribeForm (src/core/registration/registration.php:245)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

EasyNewsletter Attack Surface

Entry Points23

Unprotected0

AJAX Handlers 21

authwp_ajax_en_importsrc/core/menuPage.php:27

authwp_ajax_en_newsletterAttachmentBoxSavesrc/core/metaBoxes/addAttachmentBox.php:14

authwp_ajax_en_newsletterAttachmentBoxDeleteElementsrc/core/metaBoxes/addAttachmentBox.php:15

authwp_ajax_en_htmlInjectionBoxSavesrc/core/metaBoxes/htmlInjectionBox.php:15

authwp_ajax_en_htmlInjectionBoxDeleteElementsrc/core/metaBoxes/htmlInjectionBox.php:16

authwp_ajax_en_sendNewsletterTestMailsrc/core/newsletterPostType.php:41

noprivwp_ajax_en_sendNewsletterTestMailsrc/core/newsletterPostType.php:42

authwp_ajax_en_sendNewslettersrc/core/newsletterPostType.php:44

noprivwp_ajax_en_sendNewslettersrc/core/newsletterPostType.php:45

authwp_ajax_en_stopSendingNewslettersrc/core/newsletterPostType.php:47

noprivwp_ajax_en_stopSendingNewslettersrc/core/newsletterPostType.php:48

authwp_ajax_en_wantToSendNewslettersrc/core/newsletterPostType.php:50

noprivwp_ajax_en_wantToSendNewslettersrc/core/newsletterPostType.php:51

authwp_ajax_en_getReceiversDataByIdssrc/core/newsletterPostType.php:53

noprivwp_ajax_en_getReceiversDataByIdssrc/core/newsletterPostType.php:54

authwp_ajax_en_copyNewslettersrc/core/newsletterPostType.php:63

noprivwp_ajax_en_copyNewslettersrc/core/newsletterPostType.php:64

authwp_ajax_saveBackendSubscriberCustomContentsrc/core/subscriberPostType.php:45

noprivwp_ajax_saveBackendSubscriberCustomContentsrc/core/subscriberPostType.php:46

authwp_ajax_addBackendSubscribersrc/core/subscriberPostType.php:48

noprivwp_ajax_addBackendSubscribersrc/core/subscriberPostType.php:49

Shortcodes 2

[easyNewsletter] src/core/registration/registration.php:53

[easyNewsletterUnsubscribeForm] src/core/registration/registration.php:54

WordPress Hooks 34

actionenqueue_block_editor_assetseasynewsletter.php:64

actioniniteasynewsletter.php:66

actionplugin_loadedeasynewsletter.php:69

actioneasy_newsletter_apieasynewsletter.php:72

filtercron_schedulessrc/core/mailManager.php:40

actioneasyNewsletterHooksrc/core/mailManager.php:42

actionadmin_menusrc/core/menuPage.php:21

actionadmin_menusrc/core/menuPage.php:22

actionadmin_menusrc/core/menuPage.php:23

actionadmin_enqueue_scriptssrc/core/menuPage.php:25

actionadd_meta_boxessrc/core/metaBoxes/addAttachmentBox.php:11

actionsave_postsrc/core/metaBoxes/addAttachmentBox.php:12

actionadd_meta_boxessrc/core/metaBoxes/htmlInjectionBox.php:12

actionsave_postsrc/core/metaBoxes/htmlInjectionBox.php:13

actionadmin_enqueue_scriptssrc/core/metaBoxes/metaBoxes.php:12

actioninitsrc/core/newsletterPostType.php:32

filtermanage_en_newsletters_posts_columnssrc/core/newsletterPostType.php:33

actionmanage_posts_custom_columnsrc/core/newsletterPostType.php:34

actioninitsrc/core/newsletterPostType.php:36

actionadmin_menusrc/core/newsletterPostType.php:37

actionadmin_enqueue_scriptssrc/core/newsletterPostType.php:39

filtersingle_templatesrc/core/newsletterPostType.php:56

actionsave_post_en_newsletterssrc/core/newsletterPostType.php:58

actionenqueue_block_editor_assetssrc/core/newsletterPostType.php:60

actionadmin_enqueue_scriptssrc/core/newsletterPostType.php:62

actioninitsrc/core/subscriberPostType.php:36

filtermanage_en_subscribers_posts_columnssrc/core/subscriberPostType.php:38

actionmanage_posts_custom_columnsrc/core/subscriberPostType.php:39

actiontransition_post_statussrc/core/subscriberPostType.php:40

actionadmin_enqueue_scriptssrc/core/subscriberPostType.php:44

filterposts_clausessrc/core/subscriberPostType.php:51

actionfarn_log_cleanup_cronvendor-prefixed/farn/farn-core/src/Log.php:16

actionadmin_menuvendor-prefixed/farn/farn-core/src/LogViewer.php:8

actionadmin_enqueue_scriptsvendor-prefixed/farn/farn-core/src/PluginIcons.php:8

Scheduled Events 2

easyNewsletterHook

farn_log_cleanup_cron

Maintenance & Trust

EasyNewsletter Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedApr 9, 2026

PHP min version8.0

Downloads4K

Community Trust

Rating100/100

Number of ratings1

Active installs10

Alternatives

EasyNewsletter Alternatives

Newsletters

newsletters-lite

B

76

Newsletter plugin for WordPress to capture subscribers and send beautiful, bulk newsletter emails.

2K 26 CVEs

Benchmark Email Lite

benchmark-email-lite

A

100

Your Wordpress Site and Email Marketing all in one place!

1K 1 CVE

Mailster Gravity Forms

mailster-gravity-forms

A

92

Integrates Mailster Newsletter Plugin with Gravity Forms to subscribe users with a Gravity Form.

900 No CVEs

Get a Newsletter

getanewsletter

A

100

Turn visitors into subscribers. Eliminate manual entry of subscribers with signup forms that sync directly with your Get a Newsletter account.

400 No CVEs

Email Subscribers – Group Selector

email-subscribers-advanced-form

A

85

Add-on for Email Subscribers plugin using which you can provide option to your users to select interested groups in the Subscribe Form.

300 No CVEs

Developer Profile

EasyNewsletter Developer Profile

FARN Labs

4 plugins · 210 total installs

94

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect EasyNewsletter

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/easynewsletter/src/core/resources/jsx/sidebar_additions/build/index.js/wp-content/plugins/easynewsletter/resources/settingsPage.js/wp-content/plugins/easynewsletter/resources/overviewPage.css/wp-content/plugins/easynewsletter/resources/menuIcon.css/wp-content/plugins/easynewsletter/resources/admin.css

Script Paths