Email Marketing Integration Adv Security & Risk Analysis

wordpress.org/plugins/email-marketing-integration-adv

Integrate 4Dem.it with wordpress and woocommerce. Subscribe/Synchonize users with your 4Dem list using Single opt-in/Double opt-in email.

0 active installs v1.1.0 PHP + WP 5.0.0+ Updated May 17, 2021
contactemailformmailing-listtracking
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Email Marketing Integration Adv Safe to Use in 2026?

Generally Safe

Score 85/100

Email Marketing Integration Adv has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago
Risk Assessment

This plugin, 'email-marketing-integration-adv' v1.1.0, presents a significant security risk due to a large attack surface with no authentication or permission checks on any of its entry points. With 20 AJAX handlers and 3 REST API routes all lacking authorization, any unauthenticated user could potentially trigger these functions. While the code generally uses prepared statements for SQL queries and escapes output well, the complete absence of security checks on entry points is a critical flaw. The taint analysis, despite a low number of flows, highlights 3 high-severity issues with unsanitized paths, which could lead to vulnerabilities if these flows are exploitable.

The plugin has no recorded vulnerability history (CVEs), which might suggest a lack of historical issues or simply that it hasn't been thoroughly analyzed for vulnerabilities. However, this positive historical record should not overshadow the immediate and severe risks identified in the static and taint analysis. The lack of any nonce or capability checks is a major concern, as it opens the door to various attacks. In conclusion, while the plugin demonstrates some good coding practices in its database and output handling, the complete lack of authentication and authorization on its extensive entry points makes it highly vulnerable and requires immediate attention.

Key Concerns

  • AJAX handlers without auth checks
  • REST API routes without permission callbacks
  • High severity taint flows with unsanitized paths
  • No nonce checks
  • No capability checks
Vulnerabilities
None known

Email Marketing Integration Adv Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Email Marketing Integration Adv Release Timeline

No version history available.
Code Analysis
Analyzed Apr 16, 2026

Email Marketing Integration Adv Code Analysis

Dangerous Functions
0
Raw SQL Queries
3
34 prepared
Unescaped Output
38
610 escaped
Nonce Checks
0
Capability Checks
0
File Operations
5
External Requests
1
Bundled Libraries
0

SQL Query Safety

92% prepared37 total queries

Output Escaping

94% escaped648 total outputs
Data Flows · Security
8 unsanitized

Data Flow Analysis

8 flows8 with unsanitized paths
ajax_dump_configuration (admin/class-adv_dem-admin.php:1188)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
23 unprotected

Email Marketing Integration Adv Attack Surface

Entry Points23
Unprotected23

AJAX Handlers 20

authwp_ajax_check_apikeyincludes/class-adv_dem.php:202
noprivwp_ajax_check_apikeyincludes/class-adv_dem.php:203
authwp_ajax_dump_configurationincludes/class-adv_dem.php:206
noprivwp_ajax_dump_configurationincludes/class-adv_dem.php:207
authwp_ajax_syncro_usersincludes/class-adv_dem.php:210
noprivwp_ajax_syncro_usersincludes/class-adv_dem.php:211
authwp_ajax_syncro_users_batchincludes/class-adv_dem.php:212
noprivwp_ajax_syncro_users_batchincludes/class-adv_dem.php:213
authwp_ajax_verify_active_batchincludes/class-adv_dem.php:216
noprivwp_ajax_verify_active_batchincludes/class-adv_dem.php:217
authwp_ajax_delete_batchincludes/class-adv_dem.php:218
noprivwp_ajax_delete_batchincludes/class-adv_dem.php:219
authwp_ajax_init_shopincludes/class-adv_dem.php:222
noprivwp_ajax_init_shopincludes/class-adv_dem.php:223
authwp_ajax_init_pluginincludes/class-adv_dem.php:225
noprivwp_ajax_init_pluginincludes/class-adv_dem.php:226
authwp_ajax_verify_apikeyincludes/class-adv_dem.php:228
noprivwp_ajax_verify_apikeyincludes/class-adv_dem.php:229
authwp_ajax_adv_dem_widget_subscribeincludes/class-adv_dem.php:280
noprivwp_ajax_adv_dem_widget_subscribeincludes/class-adv_dem.php:281

REST API Routes 3

GET/wp-json/adv_dem_callback/batchadmin/class-adv_dem-admin.php:890
GET/wp-json/adv_dem_callback/dumpadmin/class-adv_dem-admin.php:895
GET/wp-json/adv_dem_callback/exportCatadmin/class-adv_dem-admin.php:900
WordPress Hooks 18
actionplugins_loadedincludes/class-adv_dem.php:165
actionadmin_enqueue_scriptsincludes/class-adv_dem.php:188
actionadmin_enqueue_scriptsincludes/class-adv_dem.php:189
actionadmin_menuincludes/class-adv_dem.php:192
actionadmin_initincludes/class-adv_dem.php:199
actionrest_api_initincludes/class-adv_dem.php:238
actionadd_meta_boxesincludes/class-adv_dem.php:243
actionmanage_edit-product_columnsincludes/class-adv_dem.php:245
actionmanage_product_posts_custom_columnincludes/class-adv_dem.php:246
actionsave_postincludes/class-adv_dem.php:248
actionwoocommerce_save_product_variationincludes/class-adv_dem.php:249
actionadd_to_cart_fragmentsincludes/class-adv_dem.php:254
actionwp_enqueue_scriptsincludes/class-adv_dem.php:274
actionwp_enqueue_scriptsincludes/class-adv_dem.php:275
actionwidgets_initincludes/class-adv_dem.php:277
actionwoocommerce_customer_save_addressincludes/class-adv_dem.php:287
actionwoocommerce_checkout_order_processedincludes/class-adv_dem.php:289
actionwoocommerce_checkout_update_order_metaincludes/class-adv_dem.php:296
Maintenance & Trust

Email Marketing Integration Adv Maintenance & Trust

Maintenance Signals

WordPress version tested5.7.15
Last updatedMay 17, 2021
PHP min version
Downloads903

Community Trust

Rating0/100
Number of ratings0
Active installs0
Developer Profile

Email Marketing Integration Adv Developer Profile

4marketing.it

3 plugins · 70 total installs

88
trust score
Avg Security Score
92/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Email Marketing Integration Adv

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/email-marketing-integration-adv/admin/css/adv_dem-admin.css/wp-content/plugins/email-marketing-integration-adv/admin/css/toggles-full.css/wp-content/plugins/email-marketing-integration-adv/admin/js/adv_dem-admin.js/wp-content/plugins/email-marketing-integration-adv/admin/js/jquery-toggles-master/toggles.js
Version Parameters
email-marketing-integration-adv/admin/css/adv_dem-admin.css?ver=email-marketing-integration-adv/admin/css/toggles-full.css?ver=email-marketing-integration-adv/admin/js/adv_dem-admin.js?ver=email-marketing-integration-adv/admin/js/jquery-toggles-master/toggles.js?ver=

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about Email Marketing Integration Adv