WP-Safety

Email marketing for WordPress by GetResponse Official Security & Risk Analysis

wordpress.org/plugins/getresponse-official

Maximize visitor potential! Capture emails, automate marketing, track visits, and transfer ecommerce data to GetResponse for precision campaigns.

4K active installs v1.6.5 PHP 7.4+ WP 5.6+ Updated Feb 23, 2026
ecommerceemail-marketinggetresponsemarketingnewsletter
98
A · Safe
CVEs total2
Unpatched0
Last CVESep 25, 2025
Plugin page Download
Safety Verdict

Is Email marketing for WordPress by GetResponse Official Safe to Use in 2026?

Generally Safe

Score 98/100

Email marketing for WordPress by GetResponse Official has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Sep 25, 2025Updated 1mo ago
Risk Assessment

The 'getresponse-official' plugin version 1.6.5 presents a generally strong security posture based on the static analysis. All identified entry points (REST API routes) are protected by capability checks, and there are no indications of dangerous functions, raw SQL queries, or unsanitized data flows. The code also demonstrates good practices with 100% proper output escaping and secure handling of SQL queries via prepared statements.

However, the absence of nonce checks across all entry points is a notable concern. While capability checks are present, nonce verification is a crucial layer for preventing CSRF attacks, especially for REST API endpoints that might perform state-changing operations. The plugin's vulnerability history reveals past medium-severity issues related to Missing Authorization and Exposure of Sensitive Information, suggesting that while the current version has addressed these, historical patterns warrant continued vigilance.

In conclusion, version 1.6.5 of 'getresponse-official' shows significant improvements in secure coding practices compared to its past vulnerabilities. The strong emphasis on capability checks and prepared statements is commendable. The primary weakness lies in the lack of nonce checks, which is a standard security measure for web applications. The historical medium-severity vulnerabilities, though patched, indicate a past tendency towards authorization and information exposure flaws, which should be monitored in future versions.

Key Concerns

  • Missing nonce checks on REST API routes
  • Past medium severity vulnerabilities
Vulnerabilities
2

Email marketing for WordPress by GetResponse Official Security Vulnerabilities

CVEs by Year

2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-64273medium · 4.3Missing Authorization

Email marketing for WordPress by GetResponse Official <= 1.5.3 - Missing Authorization

Sep 25, 2025 Patched in 1.5.4 (87d)
CVE-2025-64272medium · 4.3Exposure of Sensitive Information to an Unauthorized Actor

Email marketing for WordPress by GetResponse Official <= 1.5.3 - Authenticated (Subscriber+) Information Exposure

Sep 25, 2025 Patched in 1.5.4 (87d)
Code Analysis
Analyzed Mar 16, 2026

Email marketing for WordPress by GetResponse Official Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
4 prepared
Unescaped Output
0
46 escaped
Nonce Checks
0
Capability Checks
7
File Operations
2
External Requests
2
Bundled Libraries
0

SQL Query Safety

100% prepared4 total queries

Output Escaping

100% escaped46 total outputs
Attack Surface

Email marketing for WordPress by GetResponse Official Attack Surface

Entry Points7
Unprotected0

REST API Routes 7

GET/wp-json/gr4wp/v1/configurationcontrollers\class-gr-api-controller.php:34
GET/wp-json/gr4wp/v1/configurationcontrollers\class-gr-api-controller.php:46
GET/wp-json/gr4wp/v1/configurationcontrollers\class-gr-api-controller.php:84
GET/wp-json/gr4wp/v1/sitescontrollers\class-gr-api-controller.php:96
GET/wp-json/gr4wp/v1/loggercontrollers\class-gr-api-controller.php:108
GET/wp-json/gr4wp/v1/logger/filescontrollers\class-gr-api-controller.php:120
GET/wp-json/gr4wp/v1/loggercontrollers\class-gr-api-controller.php:132
WordPress Hooks 34
filterrest_user_querycore\class-getresponse-for-wp.php:48
actionadmin_noticescore\class-getresponse-for-wp.php:134
actionrest_api_initcore\class-getresponse-for-wp.php:166
actionwpcf7_initintegrations\contact-form-7\class-contact-form-7-integration.php:33
actionwpcf7_mail_sentintegrations\contact-form-7\class-contact-form-7-integration.php:34
actionwp_enqueue_scriptsintegrations\web-connect\class-web-connect-integration.php:39
actionwp_enqueue_scriptsintegrations\web-connect\class-web-connect-integration.php:40
filterwoocommerce_after_single_productintegrations\web-connect\class-web-connect-integration.php:41
actionwp_enqueue_scriptsintegrations\web-connect\class-web-connect-integration.php:42
actiongr4wp_cart_upsertintegrations\web-connect\class-web-connect-integration.php:43
actiongr4wp_order_upsertintegrations\web-connect\class-web-connect-integration.php:44
actionwoocommerce_new_productintegrations\woocommerce\class-woocommerce-integration.php:43
actionwoocommerce_update_productintegrations\woocommerce\class-woocommerce-integration.php:44
actionwoocommerce_product_set_stockintegrations\woocommerce\class-woocommerce-integration.php:46
actionwoocommerce_variation_set_stockintegrations\woocommerce\class-woocommerce-integration.php:47
actionwoocommerce_new_orderintegrations\woocommerce\class-woocommerce-integration.php:49
actionwoocommerce_order_status_changedintegrations\woocommerce\class-woocommerce-integration.php:50
actionwoocommerce_add_to_cartintegrations\woocommerce\class-woocommerce-integration.php:52
actionwoocommerce_cart_item_removedintegrations\woocommerce\class-woocommerce-integration.php:53
actionwoocommerce_update_cart_action_cart_updatedintegrations\woocommerce\class-woocommerce-integration.php:54
actionwoocommerce_register_formintegrations\woocommerce\class-woocommerce-integration.php:56
actionwoocommerce_after_order_notesintegrations\woocommerce\class-woocommerce-integration.php:57
actionwoocommerce_update_customerintegrations\woocommerce\class-woocommerce-integration.php:59
actionprofile_updateintegrations\woocommerce\class-woocommerce-integration.php:61
actionwp_loadedintegrations\woocommerce\class-woocommerce-integration.php:63
filterwoocommerce_rest_customer_queryintegrations\woocommerce\class-woocommerce-integration.php:65
actionwoocommerce_initintegrations\woocommerce\class-woocommerce-integration.php:67
actionwoocommerce_store_api_checkout_update_customer_from_requestintegrations\woocommerce\class-woocommerce-integration.php:69
actionuser_registerintegrations\wp-registration-form\class-wp-registration-form-integration.php:30
actionregister_formintegrations\wp-registration-form\class-wp-registration-form-integration.php:31
actionedit_user_profileintegrations\wp-user-profile\class-wp-user-profile-integration.php:30
actionprofile_updateintegrations\wp-user-profile\class-wp-user-profile-integration.php:31
actionprofile_updateintegrations\wp-user-profile\class-wp-user-profile-integration.php:32
actionuser_registerintegrations\wp-user-profile\class-wp-user-profile-integration.php:33
Maintenance & Trust

Email marketing for WordPress by GetResponse Official Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 23, 2026
PHP min version7.4
Downloads59K

Community Trust

Rating100/100
Number of ratings3
Active installs4K
Alternatives

Email marketing for WordPress by GetResponse Official Alternatives

SureContact – Newsletters, Email Marketing, Automation, Revenue Tracking & CRM

SureContact – Newsletters, Email Marketing, Automation, Revenue Tracking & CRM

surecontact

A
100

Send newsletters, set up email automations, manage contacts and track ecommerce revenue in a CRM for WordPress.

500 No CVEs
SmartrMail – Email Marketing for WooCommerce

SmartrMail – Email Marketing for WooCommerce

smartrmail-personalized-email-marketing

A
92

SmartrMail lets you send personalized shopping emails, to get more sales

40 No CVEs
EmailWish

EmailWish

emailwish

A
85

EmailWish is an email marketing solution designed for ecommerce, offering powerful automation tools to drive the growth of businesses of every size.

0 No CVEs
Hostinger Reach – AI-Powered Email Marketing for WordPress

Hostinger Reach – AI-Powered Email Marketing for WordPress

hostinger-reach

A
100

Launch and grow your email marketing effortlessly with Hostinger Reach. Collect contacts, sync subscribers, and send emails – all in one, AI powered.

1.0M No CVEs
MailPoet – Newsletters, Email Marketing, and Automation

MailPoet – Newsletters, Email Marketing, and Automation

mailpoet

A
98

Send beautiful newsletters from WordPress. Collect subscribers with signup forms, automate your emails for WooCommerce, blog post notifications & more

500K 3 CVEs
Developer Profile

Email marketing for WordPress by GetResponse Official Developer Profile

GetResponse

1 plugin · 4K total installs

87
trust score
Avg Security Score
98/100
Avg Patch Time
87 days
View full developer profile
Detection Fingerprints

How We Detect Email marketing for WordPress by GetResponse Official

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/getresponse-official/integrations/web-connect/assets/css/admin.css/wp-content/plugins/getresponse-official/integrations/web-connect/assets/js/admin.js
Script Paths
https://app.getresponse.com/v3/inbox/index.jshttps://app.getresponse.com/v3/embed/index.jshttps://app.getresponse.com/v3/inbox/chat.js
Version Parameters
getresponse-official/integrations/web-connect/assets/css/admin.css?ver=getresponse-official/integrations/web-connect/assets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
gr-widget-container
Data Attributes
data-gr-form-iddata-gr-widget-iddata-gr-widget-typedata-gr-embed-id
JS Globals
GetResponseGrTracking__GetResponseAnalyticsObject
Shortcode Output
[gr_embed]
FAQ

Frequently Asked Questions about Email marketing for WordPress by GetResponse Official