WP-Safety

FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution Security & Risk Analysis

wordpress.org/plugins/fluent-crm

The easiest and fastest Email Marketing, Newsletter, Marketing Automation Plugin & CRM Solution for WordPress

70K active installs v2.9.87 PHP 7.3+ WP 5.0+ Updated Nov 24, 2025
crmemail-marketingemail-newsletternewslettersubscribers
96
A · Safe
CVEs total3
Unpatched0
Last CVENov 20, 2025
Plugin page Download
Safety Verdict

Is FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution Safe to Use in 2026?

Generally Safe

Score 96/100

FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Nov 20, 2025Updated 4mo ago
Risk Assessment

The 'fluent-crm' v2.9.87 plugin exhibits a mixed security posture. While it demonstrates good practices in output escaping and a low number of critical or high-severity vulnerabilities, significant concerns arise from its attack surface. The presence of four AJAX handlers without authentication checks presents a substantial risk, potentially allowing unauthorized users to trigger plugin functionality. The taint analysis, though not flagging critical or high-severity flows, did identify four flows with unsanitized paths, suggesting potential avenues for injection vulnerabilities if not handled carefully downstream. The vulnerability history indicates a pattern of medium-severity issues, including Cross-Site Scripting and weak hashing practices, although all historical CVEs are currently patched. The high percentage of SQL queries using prepared statements is a positive sign, mitigating risks related to SQL injection.

Key Concerns

  • AJAX handlers without authentication checks
  • Taint flows with unsanitized paths
  • Medium severity vulnerabilities in history (XSS, weak hashing)
  • Limited nonce checks
Vulnerabilities
3

FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
1 CVE in 2024
2024
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
3

3 total CVEs

CVE-2025-12935medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

FluentCRM - Marketing Automation For WordPress <= 2.9.84 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'fluentcrm_content' Shortcode

Nov 20, 2025 Patched in 2.9.85 (2d)
CVE-2024-30430medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Fluent CRM <= 2.8.44 - Authenticated (Administrator+) Stored Cross-Site Scripting

Mar 28, 2024 Patched in 2.8.45 (7d)
CVE-2023-1430medium · 6.5Use of a One-Way Hash without a Salt

FluentCRM - Marketing Automation For WordPress <= 2.8.01 - Insufficient Use of Hash as Authorization Control

Jun 1, 2023 Patched in 2.8.02 (236d)
Code Analysis
Analyzed Mar 16, 2026

FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution Code Analysis

Dangerous Functions
0
Raw SQL Queries
53
42 prepared
Unescaped Output
23
430 escaped
Nonce Checks
2
Capability Checks
15
File Operations
17
External Requests
28
Bundled Libraries
0

SQL Query Safety

44% prepared95 total queries

Output Escaping

95% escaped453 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

7 flows4 with unsanitized paths
fluentcrm_queue_on_background (app\Functions\helpers.php:1290)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution Attack Surface

Entry Points6
Unprotected4

AJAX Handlers 4

noprivwp_ajax_fluentcrm-post-campaigns-emails-processingapp\Hooks\actions.php:113
authwp_ajax_fluentcrm_renew_rest_nonceapp\Hooks\actions.php:191
noprivwp_ajax_fluentcrm-post-campaigns-send-nowapp\Hooks\Handlers\Scheduler.php:55
noprivwp_ajax_fluentcrm-post-multi-thread-send-nowapp\Hooks\Handlers\Scheduler.php:86

Shortcodes 2

[fluentcrm_pref] app\Hooks\actions.php:168
[fluentcrm_content] app\Hooks\actions.php:172
WordPress Hooks 112
filterfluentcrm_profile_sectionsapp\Api\Classes\Extender.php:24
filterfluent_crm/company_profile_sectionsapp\Api\Classes\Extender.php:55
filterfluent_crm/extended_smart_codesapp\Api\Classes\Extender.php:108
filterfluent_crm/subscriber_info_widgetsapp\Api\Classes\Extender.php:143
actionfluent_crm/debug_logapp\Hooks\actions.php:100
actionwp_loadedapp\Hooks\actions.php:125
actioninitapp\Hooks\actions.php:140
actionadmin_menuapp\Hooks\actions.php:149
actioncurrent_screenapp\Hooks\actions.php:155
actionadmin_noticesapp\Hooks\actions.php:182
filterfluent_crm/parse_campaign_email_textapp\Hooks\filters.php:27
filterfluentform/editor_shortcodesapp\Hooks\filters.php:48
filterfluentcrm_parse_campaign_email_textapp\Hooks\filters.php:58
filtercron_schedulesapp\Hooks\Handlers\ActivationHandler.php:29
actionfluent_crm/contact_createdapp\Hooks\Handlers\ActivityLogHandler.php:22
actionfluent_crm/contact_added_to_tagsapp\Hooks\Handlers\ActivityLogHandler.php:25
actionfluent_crm/contact_removed_from_tagsapp\Hooks\Handlers\ActivityLogHandler.php:26
actionfluent_crm/contact_added_to_listsapp\Hooks\Handlers\ActivityLogHandler.php:29
actionfluent_crm/contact_removed_from_listsapp\Hooks\Handlers\ActivityLogHandler.php:30
actionfluentcrm_before_subscribers_deletedapp\Hooks\Handlers\ActivityLogHandler.php:33
actionadmin_bar_menuapp\Hooks\Handlers\AdminBar.php:35
actionadmin_menuapp\Hooks\Handlers\AdminMenu.php:31
actionadmin_enqueue_scriptsapp\Hooks\Handlers\AdminMenu.php:40
filteradmin_footer_textapp\Hooks\Handlers\AdminMenu.php:270
filterupdate_footerapp\Hooks\Handlers\AdminMenu.php:296
filterlearn-press/admin-default-scriptsapp\Hooks\Handlers\AdminMenu.php:496
filtertiny_mce_pluginsapp\Hooks\Handlers\AdminMenu.php:559
filteruser_can_richeditapp\Hooks\Handlers\AdminMenu.php:827
actionadmin_print_stylesapp\Hooks\Handlers\AdminMenu.php:1155
filteradmin_body_classapp\Hooks\Handlers\AdminMenu.php:1343
actionin_admin_headerapp\Hooks\Handlers\AdminMenu.php:1347
actionadmin_footerapp\Hooks\Handlers\AdminMenu.php:1525
filterscript_loader_srcapp\Hooks\Handlers\AdminMenu.php:1669
actionwp_print_scriptsapp\Hooks\Handlers\AdminMenu.php:1685
actionupdated_user_metaapp\Hooks\Handlers\AutoSubscribeHandler.php:78
actionwp_loginapp\Hooks\Handlers\ContactActivityLogger.php:23
actionfluent_crm/track_activity_by_subscriberapp\Hooks\Handlers\ContactActivityLogger.php:26
filterfluentcrm_ajax_options_event_tracking_keysapp\Hooks\Handlers\EventTrackingHandler.php:13
actionfluentcrm_contacts_filter_event_trackingapp\Hooks\Handlers\EventTrackingHandler.php:14
actionfluent_crm/track_event_activityapp\Hooks\Handlers\EventTrackingHandler.php:15
filterfluent_crm/subscriber_info_widgetsapp\Hooks\Handlers\EventTrackingHandler.php:17
filterfluent_crm/subscriber_info_widget_event_trackingapp\Hooks\Handlers\EventTrackingHandler.php:18
filterfluentcrm_advanced_filter_optionsapp\Hooks\Handlers\EventTrackingHandler.php:20
filterfluent_crm/event_tracking_condition_groupsapp\Hooks\Handlers\EventTrackingHandler.php:22
filterfluentcrm_automation_condition_groupsapp\Hooks\Handlers\EventTrackingHandler.php:24
actionwp_loadedapp\Hooks\Handlers\ExternalPages.php:369
actionwp_loadedapp\Hooks\Handlers\ExternalPages.php:385
actionwp_loadedapp\Hooks\Handlers\ExternalPages.php:401
actionwp_loadedapp\Hooks\Handlers\ExternalPages.php:880
actionwp_loadedapp\Hooks\Handlers\ExternalPages.php:1101
actionedd_complete_purchaseapp\Hooks\Handlers\FunnelHandler.php:82
actionfluent_crm_process_automationapp\Hooks\Handlers\FunnelHandler.php:88
actionfluentcrm_scheduled_minute_tasksapp\Hooks\Handlers\Scheduler.php:29
actionfluentcrm_scheduled_every_minute_tasksapp\Hooks\Handlers\Scheduler.php:113
actionfluentcrm_scheduled_hourly_tasksapp\Hooks\Handlers\Scheduler.php:114
actionfluentcrm_scheduled_five_minute_tasksapp\Hooks\Handlers\Scheduler.php:115
actionfluentcrm_process_contact_jobsapp\Hooks\Handlers\Scheduler.php:116
actionfluentcrm_scheduled_weekly_tasksapp\Hooks\Handlers\Scheduler.php:117
actionfluent_crm_send_multi_thread_emailsapp\Hooks\Handlers\Scheduler.php:118
actionfluent_crm_cancel_multi_thread_mailingapp\Hooks\Handlers\Scheduler.php:120
actionfluent_crm_ascheduler_runs_dailyapp\Hooks\Handlers\Scheduler.php:130
filteruser_can_richeditapp\Hooks\Handlers\SetupWizard.php:54
actionshutdownapp\Hooks\Handlers\WpQueryLogger.php:110
actionwp_mail_failedapp\Http\Controllers\CampaignController.php:647
filterupload_mimesapp\Http\Controllers\CsvController.php:33
actionwp_mail_failedapp\Http\Controllers\SubscriberController.php:961
filterrender_blockapp\Services\BlockParser.php:16
filterbricks/conditions/groupsapp\Services\ExternalIntegrations\BricksBuilderIntegration.php:11
filterbricks/conditions/optionsapp\Services\ExternalIntegrations\BricksBuilderIntegration.php:12
filterbricks/conditions/resultapp\Services\ExternalIntegrations\BricksBuilderIntegration.php:13
filterfluent_crm/get_import_driver_fluent_cartapp\Services\ExternalIntegrations\FluentCart\FluentCart.php:67
filterfluent_crm/post_import_driver_fluent_cartapp\Services\ExternalIntegrations\FluentCart\FluentCart.php:68
filterfluentcrm_ajax_options_fluent_cart_productsapp\Services\ExternalIntegrations\FluentCart\FluentCart.php:70
filterfluentcrm_ajax_options_fluent_cart_product_categoriesapp\Services\ExternalIntegrations\FluentCart\FluentCart.php:71
filterfluentcrm_ajax_options_fluent_cart_subscription_productsapp\Services\ExternalIntegrations\FluentCart\FluentCart.php:72
filterfluent_crm/funnel_iconsapp\Services\ExternalIntegrations\FluentCart\FluentCart.php:74
filterfluent_crm/purchase_history_fluent_cartapp\Services\ExternalIntegrations\FluentCart\FluentCart.php:75
filterfluent_crm/smartcode_group_callback_cart_orderapp\Services\ExternalIntegrations\FluentCart\FluentCart.php:77
filterfluent_crm/smartcode_group_callback_cart_customerapp\Services\ExternalIntegrations\FluentCart\FluentCart.php:78
filterfluent_crm/smartcode_group_callback_cart_receiptapp\Services\ExternalIntegrations\FluentCart\FluentCart.php:80
filterfluentcrm_automation_condition_groupsapp\Services\ExternalIntegrations\FluentCart\FluentCart.php:83
filterfluentcrm_automation_conditions_assess_fluent_cartapp\Services\ExternalIntegrations\FluentCart\FluentCart.php:84
filterfluent_crm_funnel_context_smart_codesapp\Services\ExternalIntegrations\FluentCart\SmartCode\SmartCodeRegister.php:87
filterfluentform/notifying_async_fluentcrmapp\Services\ExternalIntegrations\FluentForm\Bootstrap.php:40
actionfluentform/subscription_payment_activeapp\Services\ExternalIntegrations\FluentForm\Bootstrap.php:586
actionfluentform/subscription_payment_canceledapp\Services\ExternalIntegrations\FluentForm\Bootstrap.php:589
actionfluentform/payment_refundedapp\Services\ExternalIntegrations\FluentForm\Bootstrap.php:593
filterfluentform/submissions_widgetsapp\Services\ExternalIntegrations\FluentForm\FluentFormInit.php:17
filterfluent_crm/subscriber_info_widgetsapp\Services\ExternalIntegrations\FluentForm\FluentFormInit.php:19
filterfluentcrm_funnel_blocksapp\Services\Funnel\BaseAction.php:19
filterfluentcrm_funnel_block_fieldsapp\Services\Funnel\BaseAction.php:20
filterfluentcrm_funnel_blocksapp\Services\Funnel\BaseBenchMark.php:20
filterfluentcrm_funnel_block_fieldsapp\Services\Funnel\BaseBenchMark.php:22
filterfluentcrm_funnel_triggersapp\Services\Funnel\BaseTrigger.php:21
filterfluentcrm_funnel_triggersapp\Services\Funnel\ProFunnelItems.php:9
filterfluentcrm_funnel_blocksapp\Services\Funnel\ProFunnelItems.php:14
actionwp_footerapp\Services\Html\FormElementBuilder.php:219
actionwp_footerapp\Services\Html\FormElementBuilder.php:339
actionwp_enqueue_scriptsapp\Services\Html\FormElementBuilder.php:345
actionwp_headapp\Services\Html\FormElementBuilder.php:429
filterwp_handle_upload_prefilterapp\Services\Libs\FileSystem.php:95
filterupload_dirapp\Services\Libs\FileSystem.php:96
filterwp_handle_uploadapp\Services\Libs\FileSystem.php:98
filterfluentmail_will_log_emailapp\Services\Libs\Mailer\BaseHandler.php:42
actionwp_mail_failedapp\Services\Libs\Mailer\BaseHandler.php:206
actionwp_insert_siteboot\app.php:15
actionplugins_loadedboot\app.php:27
filterfluent_crm/dashboard_noticesboot\app.php:32
actioninitboot\app.php:44
filtercron_schedulesboot\app.php:50
actionfluentcrm_loading_appboot\app.php:72
filterplugin_row_metafluent-crm.php:42
Maintenance & Trust

FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedNov 24, 2025
PHP min version7.3
Downloads1.4M

Community Trust

Rating96/100
Number of ratings227
Active installs70K
Alternatives

FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution Alternatives

Kit (formerly ConvertKit) – Email Newsletter, Email Marketing, Membership, Subscribers and Landing Pages

Kit (formerly ConvertKit) – Email Newsletter, Email Marketing, Membership, Subscribers and Landing Pages

convertkit

A
97

Build your email subscriber lists, send email marketing newsletters, sell more products and build your membership site with Kit (formerly ConvertKit).

40K 4 CVEs
weMail: Email Marketing, Email Automation, Newsletters, Subscribers & eCommerce Email Optins

weMail: Email Marketing, Email Automation, Newsletters, Subscribers & eCommerce Email Optins

wemail

A
95

Send email newsletters, automate email marketing with email automation, manage subscribers, eCommerce emails, post notifications & optins with ease

10K 6 CVEs
Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress

Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress

email-subscribers

B
76

Add subscription forms on the website and send newsletters & automatically send post notification about new blog posts once it gets published.

60K 42 CVEs
Mailster WordPress Newsletter Plugin

Mailster WordPress Newsletter Plugin

mailster

B
79

Send beautiful newsletters from WordPress. Collect subscribers with signup forms, automate your emails for WooCommerce, blog post notifications & &hellip;

9K 5 CVEs
Drip for WordPress

Drip for WordPress

email-marketing

A
85

Do you sell online? If so you need our new Drip for WooCommerce Plugin instead of this one. It includes your entire product catalog, order history int &hellip;

2K No CVEs
Developer Profile

FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution Developer Profile

Shahjahan Jewel

17 plugins · 1.3M total installs

73
trust score
Avg Security Score
92/100
Avg Patch Time
113 days
View full developer profile
Detection Fingerprints

How We Detect FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/fluent-crm/app/public/css/main.css/wp-content/plugins/fluent-crm/app/public/css/admin-ui.css/wp-content/plugins/fluent-crm/app/public/css/pro-features.css/wp-content/plugins/fluent-crm/app/public/js/framework.js/wp-content/plugins/fluent-crm/app/public/js/fluent-crm.js/wp-content/plugins/fluent-crm/app/public/js/global-search.js/wp-content/plugins/fluent-crm/app/public/js/app.js
Script Paths
/wp-content/plugins/fluent-crm/app/public/js/framework.js/wp-content/plugins/fluent-crm/app/public/js/fluent-crm.js/wp-content/plugins/fluent-crm/app/public/js/global-search.js/wp-content/plugins/fluent-crm/app/public/js/app.js
Version Parameters
fluent-crm/app/public/css/main.css?ver=fluent-crm/app/public/css/admin-ui.css?ver=fluent-crm/app/public/css/pro-features.css?ver=fluent-crm/app/public/js/framework.js?ver=fluent-crm/app/public/js/fluent-crm.js?ver=fluent-crm/app/public/js/global-search.js?ver=fluent-crm/app/public/js/app.js?ver=

HTML / DOM Fingerprints

CSS Classes
fluentcrm-app-dashboardfluentcrm-subscribers-listfc_global_search_wrapperfc_menu_iconsfc_app_sidebar
HTML Comments
FluentCRM AdminFluentCRM Global SearchFluentCRM Admin Menu
Data Attributes
data-fluentcrm-admin-pagedata-fc-routedata-fc-modal-titledata-fc-modal-iddata-fc-modal-save_button_text
JS Globals
fluentCrmMixfc_bar_varsFluentCrmFC
REST Endpoints
/wp-json/fluent_crm/v1/wp-json/fluent_crm/v1/subscribers/wp-json/fluent_crm/v1/campaigns
FAQ

Frequently Asked Questions about FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution