WP-Safety

Subscribe Mailchimp for EDD Security & Risk Analysis

wordpress.org/plugins/edd-mailchimp-subscribe

Subscribe Mailchimp for EDD WordPress plugin displays a newsletter signup checkbox on checkout for Easy Digital Downloads integrated with MailChimp

50 active installs v1.4 PHP + WP 3.5+ Updated Sep 23, 2025
easy-digital-downloadsedd-mailchimpmailchimpmailchimp-integration
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Subscribe Mailchimp for EDD Safe to Use in 2026?

Generally Safe

Score 100/100

Subscribe Mailchimp for EDD has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6mo ago
Risk Assessment

The overall security posture of the edd-mailchimp-subscribe plugin v1.4 appears to be a mixed bag. On the positive side, the plugin has no known CVEs, a clean vulnerability history, and all SQL queries utilize prepared statements, indicating good practices in database interaction. The lack of file operations and external HTTP requests also reduces potential attack vectors. However, significant concerns arise from the code analysis. The presence of the `unserialize` function without any apparent sanitization or checks presents a high risk of remote code execution if it processes untrusted input. Furthermore, the fact that 100% of outputs are not properly escaped is a serious security flaw that could lead to cross-site scripting (XSS) vulnerabilities. The absence of any nonce or capability checks across all entry points means that any user, regardless of their permissions, could potentially trigger actions within the plugin.

Key Concerns

  • Dangerous function 'unserialize' used without context
  • 100% of outputs are not properly escaped (XSS risk)
  • No nonce checks across all entry points
  • No capability checks across all entry points
Vulnerabilities
None known

Subscribe Mailchimp for EDD Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Subscribe Mailchimp for EDD Code Analysis

Dangerous Functions
2
Raw SQL Queries
0
0 prepared
Unescaped Output
1
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$mailchimp_lists = unserialize( get_transient( 'eddms_mailchimp_mailinglist' ) );edd_mailchimp_subscribe.php:145
unserialize$mailchimp_list_stats = unserialize( get_transient( 'eddms_mailchimp_stats' ) );edd_mailchimp_subscribe.php:192

Output Escaping

0% escaped1 total outputs
Attack Surface

Subscribe Mailchimp for EDD Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 5
actionwp_dashboard_setupedd_mailchimp_subscribe.php:26
actionadmin_enqueue_scriptsedd_mailchimp_subscribe.php:34
filteredd_settings_extensionsedd_mailchimp_subscribe.php:36
actionedd_purchase_form_before_submitedd_mailchimp_subscribe.php:37
actionedd_checkout_before_gatewayedd_mailchimp_subscribe.php:38
Maintenance & Trust

Subscribe Mailchimp for EDD Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedSep 23, 2025
PHP min version
Downloads5K

Community Trust

Rating100/100
Number of ratings4
Active installs50
Alternatives

Subscribe Mailchimp for EDD Alternatives

Connect Contact Form 7 and Mailchimp

Connect Contact Form 7 and Mailchimp

contact-form-7-mailchimp-extension

A
96

Connect Contact Form 7 to Mailchimp. Automatically sync form submissions to your Mailchimp audiences with merge field mapping, double opt-in, and opt- …

50K 3 CVEs
Integration for WooCommerce and MailChimp

Integration for WooCommerce and MailChimp

woo-mailchimp-crm-perks

A
100

WooCommerce MailChimp Plugin allows you to quickly integrate WooCommerce with MailChimp lists and eCommerce features.

200 No CVEs
ChimpBridge – Create and Send Mailchimp Campaigns in WordPress

ChimpBridge – Create and Send Mailchimp Campaigns in WordPress

chimpbridge

A
100

Create and send Mailchimp Campaigns right inside of the WordPress admin.

40 No CVEs
Flirty Leads

Flirty Leads

flirty-leads

A
85

Flirty Leads lets your site visitors respond your site images. Generate client lists, gain leads using your post/pages images.

10 No CVEs
Subscriber Discounts for Easy Digital Downloads

Subscriber Discounts for Easy Digital Downloads

subscriber-discounts-for-easy-digital-downloads

A
85

Easily send mailing list subscribers a discount code for joining your list.

10 No CVEs
Developer Profile

Subscribe Mailchimp for EDD Developer Profile

Aman

11 plugins · 8K total installs

76
trust score
Avg Security Score
95/100
Avg Patch Time
138 days
View full developer profile
Detection Fingerprints

How We Detect Subscribe Mailchimp for EDD

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/edd-mailchimp-subscribe/style.css

HTML / DOM Fingerprints

CSS Classes
edd-mailchimp-subscribeeddms_labeledds-gedds-ustat-blocksecondary-stat-blockrounded
HTML Comments
Inject fields into Easy Digital Downloads Extension Tab Display Newsletter Checkbox on Checkout Subscribe User to MailChimp Get List from MailChimp+1 more
Data Attributes
id="eddms_susbscribe"name="eddms_susbscribe"
REST Endpoints
/wp-json/edd-mailchimp-subscribe
Shortcode Output
<div class="form-row edd-mailchimp-subscribe"> <input type="checkbox" class="input-checkbox" name="eddms_susbscribe" id="eddms_susbscribe" value="1" checked="checked"> <span class="eddms_label">
FAQ

Frequently Asked Questions about Subscribe Mailchimp for EDD