Does Emercury for WP have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Emercury for WP compatible with WordPress 6.9.4?

According to WordPress.org data, Emercury for WP 1.0.7 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Emercury for WP compatible with PHP 7.4+?

Emercury for WP requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Emercury for WP updated?

Emercury for WP was last updated on Jan 20, 2026. Frequent updates are generally a positive security signal.

What is Emercury for WP's security score?

Emercury for WP has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Emercury for WP Security & Risk Analysis

wordpress.org/plugins/emercury-for-wp

Allow your visitors to subscribe to your forms seamlessly with this plugin.

0 active installs v1.0.7 PHP 7.4+ WP 5.8+ Updated Jan 20, 2026

emailemercuryformsmarketingnewsletter

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Emercury for WP Safe to Use in 2026?

Generally Safe

Score 100/100

Emercury for WP has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago

Risk Assessment

The "emercury-for-wp" plugin, version 1.0.7, presents a mixed security posture. While it shows positive signs like no recorded CVEs and a low number of external HTTP requests, significant concerns arise from its static analysis. The plugin exposes a substantial attack surface with six AJAX handlers, all of which lack authentication checks. This is a critical oversight that could allow unauthenticated users to trigger potentially harmful actions. Furthermore, only 34% of output is properly escaped, increasing the risk of cross-site scripting (XSS) vulnerabilities, especially when combined with unsanitized data flows identified in the taint analysis. The absence of nonce checks on AJAX handlers and a single capability check for all entry points are further indicators of weak access control. The vulnerability history is clean, which is a positive sign, suggesting diligent development or a lack of past exploitation. However, the current code analysis reveals inherent weaknesses that, if exploited, could lead to severe security incidents. The plugin needs substantial improvements in its authentication and sanitization mechanisms to mitigate these risks.

Key Concerns

Unprotected AJAX handlers
Low output escaping percentage
No nonce checks on AJAX
Limited capability checks
Unsanitized paths in taint flows

Vulnerabilities

None known

Emercury for WP Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Emercury for WP Release Timeline

v1.0.7Current

v1.0.6

Code Analysis

Analyzed Apr 16, 2026

Emercury for WP Code Analysis

Dangerous Functions

Raw SQL Queries

6 prepared

Unescaped Output

11 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

75% prepared8 total queries

Output Escaping

34% escaped32 total outputs

Data Flows · Security

3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths

emercury_form_get_update_callback (includes/functions.php:5)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

6 unprotected

Emercury for WP Attack Surface

Entry Points7

Unprotected6

AJAX Handlers 6

authwp_ajax_emercury_form_get_updateincludes/functions.php:3

noprivwp_ajax_emercury_form_get_updateincludes/functions.php:4

authwp_ajax_emercury_form_update_singleincludes/functions.php:40

noprivwp_ajax_emercury_form_update_singleincludes/functions.php:41

authwp_ajax_emercury_forms_advanced_optionsincludes/functions.php:70

noprivwp_ajax_emercury_forms_advanced_optionsincludes/functions.php:71

Shortcodes 1

[emercury_forms] emercury-forms.php:86

WordPress Hooks 11

actionplugins_loadedemercury-forms.php:79

actionadmin_initemercury-forms.php:83

actionadmin_menuemercury-forms.php:84

filterplugin_action_linksemercury-forms.php:85

filterhttp_request_timeoutemercury-forms.php:87

actionwidgets_initemercury-forms.php:88

actionin_admin_headeremercury-forms.php:90

actioncomment_postemercury-forms.php:210

actioncomment_unapproved_to_approvedemercury-forms.php:211

actionuser_registeremercury-forms.php:216

actionhook_emercury_form_and_shortcodesincludes/functions.php:123

Maintenance & Trust

Emercury for WP Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 20, 2026

PHP min version7.4

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Emercury for WP Alternatives

Newsletter – Send awesome emails from WordPress

newsletter

An email marketing tool for your blog: subscription forms to create your lists with unlimited subscribers and newsletters.

200K 20 CVEs

Brevo – Email, SMS, Web Push, Chat, and more.

mailin

Turn your WordPress site into a marketing powerhouse. Grow your audience, boost engagement, and drive more sales with Brevo.

100K 9 CVEs

Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce

sender-net-automated-emails

Sender is an all-in-one email & SMS marketing platform designed keeping the challenges of ecommerce and small businesses in mind.

5K 2 CVEs

Constant Contact Forms by MailMunch

constant-contact-forms-by-mailmunch

The #1 Constant Contact plugin to get more email subscribers. Easily add Constant Contact sign-up forms as popup, embedded widget or sticky top bar.

3K 3 CVEs

Retainful – WooCommerce Abandoned Cart, Newsletters, Email Marketing, Signup Forms and Automation

retainful-next-order-coupon-for-woocommerce

100

WooCommerce abandoned cart recovery, Newsletters, Email campaigns, Subscription forms, Popups and Email Marketing Automation plugin

2K No CVEs

Developer Profile

Emercury for WP Developer Profile

Emercury

6 plugins · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Emercury for WP

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/emercury-for-wp/images/icon.png

Script Paths

/wp-content/plugins/emercury-for-wp/assets/js/emercury-form.js

Version Parameters

emercury-form-js?ver=

HTML / DOM Fingerprints

Shortcode Output

[emercury_forms

FAQ