WP-Safety

Embed Sendy Security & Risk Analysis

wordpress.org/plugins/embed-sendy

Embed Sendy subscription form, through a widget, shortcode, or as a Gutenberg block.

100 active installs v1.3.3 PHP 5.6+ WP 4.9+ Updated Feb 14, 2021
embedgutenbergsendysubscription-formwidget
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Embed Sendy Safe to Use in 2026?

Generally Safe

Score 85/100

Embed Sendy has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago
Risk Assessment

The embed-sendy plugin v1.3.3 demonstrates some good security practices, such as using prepared statements for all SQL queries and the absence of known vulnerabilities. However, there are notable areas of concern. The static analysis reveals that 57% of output is properly escaped, which indicates a potential for cross-site scripting (XSS) vulnerabilities in the remaining 43% of outputs. Furthermore, the taint analysis identified two flows with unsanitized paths, classified as high severity. While these may not be directly exploitable due to a lack of explicit authentication checks on entry points, they represent potential avenues for attack if other security mechanisms were bypassed or misconfigured.

The plugin's vulnerability history is clean, with no recorded CVEs. This suggests a relatively stable and well-maintained codebase in terms of historical exploits. However, the absence of past vulnerabilities should not lead to complacency, especially given the findings in the static and taint analyses. The strengths lie in its SQL handling and lack of historical exploits. The weaknesses lie in the potential for unescaped output and identified high-severity taint flows that warrant further investigation to confirm their exploitability.

Key Concerns

  • High severity unsanitized taint flows found
  • Significant portion of output not properly escaped
Vulnerabilities
None known

Embed Sendy Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Embed Sendy Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
6 prepared
Unescaped Output
31
41 escaped
Nonce Checks
1
Capability Checks
0
File Operations
0
External Requests
2
Bundled Libraries
0

SQL Query Safety

100% prepared6 total queries

Output Escaping

57% escaped72 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
process_sendy (embed-sendy.php:500)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Embed Sendy Attack Surface

Entry Points3
Unprotected0

AJAX Handlers 2

authwp_ajax_process_sendyembed-sendy.php:92
noprivwp_ajax_process_sendyembed-sendy.php:93

Shortcodes 1

[embed_sendy] embed-sendy.php:81
WordPress Hooks 13
actionadmin_noticesembed-sendy.php:60
actionwp_enqueue_scriptsembed-sendy.php:82
actionembed_sendy_form_startembed-sendy.php:84
actionembed_sendy_form_endembed-sendy.php:85
filterthe_contentembed-sendy.php:87
actionplugins_loadedembed-sendy.php:90
actionwidgets_initincludes\class-embed-sendy-widget.php:116
actionadmin_enqueue_scriptsincludes\class-wp-osa.php:51
actionadmin_initincludes\class-wp-osa.php:54
actionadmin_menuincludes\class-wp-osa.php:57
actionenqueue_block_assetssrc\init.php:34
actionenqueue_block_editor_assetssrc\init.php:77
actioninitsrc\init.php:116
Maintenance & Trust

Embed Sendy Maintenance & Trust

Maintenance Signals

WordPress version tested5.6.17
Last updatedFeb 14, 2021
PHP min version5.6
Downloads5K

Community Trust

Rating84/100
Number of ratings6
Active installs100
Alternatives

Embed Sendy Alternatives

Classic Widgets

Classic Widgets

classic-widgets

A
100

Enables the previous "classic" widgets settings screens in Appearance - Widgets and the Customizer. Disables the block editor from managing widgets.

2.0M No CVEs
Widget Logic

Widget Logic

widget-logic

A
95

Widget Logic lets you control on which pages widgets appear using WP's conditional tags.

100K 2 CVEs
Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets

Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets

widget-options

C
52

0ddcemmihs4a843ekhaoofzosrunf4bl Widget Options gives you super powers to control your site’s sidebar widgets and all Gutenberg blocks on pages, posts …

100K 1 unpatched
Advanced Import: One-Click Demo Import for WordPress

Advanced Import: One-Click Demo Import for WordPress

advanced-import

A
91

Advanced Import simplifies importing demo data for WordPress sites, enabling users to import posts, pages, media, widgets, customizer settings, and Gu …

90K 1 CVE
Spotlight Social Feeds – Block, Shortcode, and Widget

Spotlight Social Feeds – Block, Shortcode, and Widget

spotlight-social-photo-feeds

A
98

Instagram feeds made easy. Responsive, customizable, accessible, and SEO-friendly out of the box. Includes Instagram blocks & oEmbed support.

60K 3 CVEs
Developer Profile

Embed Sendy Developer Profile

Ram Ratan Maurya

3 plugins · 3K total installs

63
trust score
Avg Security Score
77/100
Avg Patch Time
217 days
View full developer profile
Detection Fingerprints

How We Detect Embed Sendy

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/embed-sendy/assets/embed-sendy.css/wp-content/plugins/embed-sendy/assets/embed-sendy.js
Script Paths
https://www.google.com/recaptcha/api.js
Version Parameters
embed-sendy/assets/embed-sendy.css?ver=embed-sendy/assets/embed-sendy.js?ver=

HTML / DOM Fingerprints

CSS Classes
esd-form__rowesd-form__headeresd-form__footeresd-form__button
Data Attributes
data-listdata-recaptcha
JS Globals
esdSettings
REST Endpoints
/wp-json/embed-sendy/v1/process
Shortcode Output
[embed_sendy][embed_sendy list="" recaptcha=""]
FAQ

Frequently Asked Questions about Embed Sendy