WP-Safety

Hostinger Reach – AI-Powered Email Marketing for WordPress Security & Risk Analysis

wordpress.org/plugins/hostinger-reach

Launch and grow your email marketing effortlessly with Hostinger Reach. Collect contacts, sync subscribers, and send emails – all in one, AI powered.

1.0M active installs v1.4.0 PHP 8.1+ WP 6.0+ Updated Mar 10, 2026
email-marketinglead-generationmarketingnewslettersubscription
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Hostinger Reach – AI-Powered Email Marketing for WordPress Safe to Use in 2026?

Generally Safe

Score 100/100

Hostinger Reach – AI-Powered Email Marketing for WordPress has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 24d ago
Risk Assessment

The Hostinger Reach plugin v1.4.0 exhibits a generally good security posture with several positive indicators. Notably, all identified output operations are properly escaped, and a high percentage of SQL queries utilize prepared statements, significantly reducing the risk of common injection vulnerabilities. The absence of known CVEs and a clean vulnerability history further suggest a mature and well-maintained codebase. However, a critical area of concern lies in the plugin's attack surface. One REST API route is identified as unprotected, lacking permission callbacks. This creates a potential entry point for unauthorized access or manipulation of plugin functionality if not properly secured by other means.

The static analysis did not reveal any dangerous functions or unsanitized taint flows, which is a strong positive. The presence of file operations and external HTTP requests, while not inherently risky, do warrant attention to ensure these operations are handled securely and do not introduce vulnerabilities. Overall, the plugin demonstrates good development practices in critical areas like output sanitization and SQL query handling. The primary weakness identified is the unprotected REST API endpoint, which requires careful consideration and potential mitigation to ensure robust security.

Key Concerns

  • Unprotected REST API route
Vulnerabilities
None known

Hostinger Reach – AI-Powered Email Marketing for WordPress Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Hostinger Reach – AI-Powered Email Marketing for WordPress Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
19 prepared
Unescaped Output
0
68 escaped
Nonce Checks
6
Capability Checks
5
File Operations
1
External Requests
2
Bundled Libraries
0

SQL Query Safety

90% prepared21 total queries

Output Escaping

100% escaped68 total outputs
Attack Surface
1 unprotected

Hostinger Reach – AI-Powered Email Marketing for WordPress Attack Surface

Entry Points2
Unprotected1

AJAX Handlers 1

noprivwp_ajax_abandoned-cartssrc\Tracking\AbandonedCarts.php:37

REST API Routes 1

POST/wp-json/hostinger-reach/v1/optinmonstersrc\Integrations\OptInMonster\OptInMonsterIntegration.php:214
WordPress Hooks 78
actionadmin_noticeshostinger-reach.php:46
actionplugins_loadedhostinger-reach.php:91
actionplugins_loadedhostinger-reach.php:102
actionadmin_menusrc\Admin\Menus.php:14
filterhostinger_menu_subpagessrc\Admin\Menus.php:15
filterhostinger_admin_menu_bar_itemssrc\Admin\Menus.php:16
actionadmin_noticessrc\Admin\Notices\AddFormNotice.php:26
actionadmin_enqueue_scriptssrc\Admin\Notices\AddFormNotice.php:27
actionadmin_noticessrc\Admin\Notices\ConnectionNotice.php:27
actionadmin_enqueue_scriptssrc\Admin\Notices\ConnectionNotice.php:28
actioninitsrc\Admin\Redirects.php:23
filterhostinger_add_surveyssrc\Admin\Surveys\Survey.php:22
actioninitsrc\Api\Handlers\IntegrationsApiHandler.php:37
filterallowed_http_originssrc\Api\Handlers\ReachApiHandler.php:38
filterrest_exposed_cors_headerssrc\Api\Handlers\ReachApiHandler.php:47
filterrest_allowed_cors_headerssrc\Api\Handlers\ReachApiHandler.php:58
actionhostinger_reach_submitsrc\Api\Handlers\ReachApiHandler.php:100
actionrest_api_initsrc\Api\Routes\FormsRoutes.php:24
actionrest_api_initsrc\Api\Routes\FormsRoutes.php:25
actionrest_api_initsrc\Api\Routes\Routes.php:22
actionwoocommerce_order_status_processingsrc\Api\Webhooks\Handlers\OrderPurchased.php:47
actioninitsrc\Api\Webhooks\Handlers\WebhookHandler.php:19
actionwp_enqueue_scriptssrc\Blocks\Block.php:20
actionbravepop_user_submitted_formsrc\Integrations\Brave\BraveIntegration.php:45
actionwpcf7_mail_sentsrc\Integrations\ContactForm7\ContactForm7Integration.php:22
actionwpcf7_mail_sentsrc\Integrations\ContactForm7Integration.php:30
filterhostinger_reach_formssrc\Integrations\ContactForm7Integration.php:31
filterhostinger_reach_after_form_state_is_setsrc\Integrations\ContactForm7Integration.php:32
actionhostinger_reach_integration_activatedsrc\Integrations\Elementor\ElementorIntegration.php:33
actionwp_insert_postsrc\Integrations\Elementor\ElementorIntegration.php:34
actionelementor/editor/before_enqueue_scriptssrc\Integrations\Elementor\ElementorIntegration.php:35
actionelementor/widgets/registersrc\Integrations\Elementor\ElementorIntegration.php:39
actiontransition_post_statussrc\Integrations\Elementor\ElementorIntegration.php:40
filterhostinger_reach_get_groupsrc\Integrations\Elementor\ElementorIntegration.php:41
actionelementor_pro/forms/new_recordsrc\Integrations\Elementor\ElementorIntegration.php:42
actionforminator_form_after_save_entrysrc\Integrations\Forminator\ForminatorIntegration.php:42
filterhostinger_reach_integrationssrc\Integrations\Integration.php:113
filterhostinger_reach_plugin_datasrc\Integrations\Integration.php:114
filterhostinger_reach_after_form_state_is_setsrc\Integrations\Integration.php:115
filterhostinger_reach_import_enabledsrc\Integrations\Integration.php:118
actionhostinger_reach_integrations_loadedsrc\Integrations\Integration.php:119
actionhostinger_reach_contact_submittedsrc\Integrations\Integration.php:120
filterhostinger_reach_formssrc\Integrations\Integration.php:139
filterninja_forms_admin_noticessrc\Integrations\NinjaForms\NinjaFormsIntegration.php:22
actionninja_forms_after_submissionsrc\Integrations\NinjaForms\NinjaFormsIntegration.php:57
actionrest_api_initsrc\Integrations\OptInMonster\OptInMonsterIntegration.php:211
actiontransition_post_statussrc\Integrations\Reach\ReachFormIntegration.php:36
actionhostinger_reach_contact_submittedsrc\Integrations\Reach\ReachFormIntegration.php:37
actiontransition_post_statussrc\Integrations\ReachFormIntegration.php:30
actionhostinger_reach_contact_submittedsrc\Integrations\ReachFormIntegration.php:31
actionhostinger_reach_integration_activatedsrc\Integrations\SureForms\SureFormsIntegration.php:44
actionsrfm_form_submitsrc\Integrations\SureForms\SureFormsIntegration.php:56
actionhostinger_reach_integration_activatedsrc\Integrations\WooCommerce\WooCommerceIntegration.php:30
actionwoocommerce_thankyousrc\Integrations\WooCommerce\WooCommerceIntegration.php:39
actionwoocommerce_checkout_order_processedsrc\Integrations\WooCommerce\WooCommerceIntegration.php:40
actionhostinger_reach_contact_submittedsrc\Integrations\WooCommerce\WooCommerceIntegration.php:41
actionwoocommerce_blocks_loadedsrc\Integrations\WooCommerce\WooCommerceIntegration.php:49
actionwoocommerce_store_api_checkout_update_order_from_requestsrc\Integrations\WooCommerce\WooCommerceIntegration.php:52
actionwoocommerce_checkout_after_terms_and_conditionssrc\Integrations\WooCommerce\WooCommerceIntegration.php:61
actionwpforms_process_completesrc\Integrations\WPFormsLite\WpFormsLiteIntegration.php:43
actionwpforms_process_completesrc\Integrations\WpFormsLiteIntegration.php:27
filterhostinger_reach_formssrc\Integrations\WpFormsLiteIntegration.php:28
filterhostinger_reach_after_form_state_is_setsrc\Integrations\WpFormsLiteIntegration.php:29
actioninitsrc\Providers\JobsProvider.php:59
actionplugins_loadedsrc\Setup\Activator.php:14
actionadmin_enqueue_scriptssrc\Setup\Assets.php:23
actioninitsrc\Setup\Blocks.php:23
actionenqueue_block_editor_assetssrc\Setup\Blocks.php:24
actionwoocommerce_store_api_cart_update_order_from_requestsrc\Tracking\AbandonedCarts.php:27
actionwoocommerce_cart_item_set_quantitysrc\Tracking\AbandonedCarts.php:28
actionwoocommerce_add_to_cartsrc\Tracking\AbandonedCarts.php:29
actionwoocommerce_after_calculate_totalssrc\Tracking\AbandonedCarts.php:30
actionwoocommerce_cart_item_removedsrc\Tracking\AbandonedCarts.php:31
actionwoocommerce_cart_item_restoredsrc\Tracking\AbandonedCarts.php:32
actionwoocommerce_thankyousrc\Tracking\AbandonedCarts.php:33
actionwoocommerce_checkout_order_processedsrc\Tracking\AbandonedCarts.php:34
actionwoocommerce_checkout_update_order_reviewsrc\Tracking\AbandonedCarts.php:35
actionwp_enqueue_scriptssrc\Tracking\AbandonedCarts.php:36
Maintenance & Trust

Hostinger Reach – AI-Powered Email Marketing for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 10, 2026
PHP min version8.1
Downloads233K

Community Trust

Rating100/100
Number of ratings2
Active installs1.0M
Alternatives

Hostinger Reach – AI-Powered Email Marketing for WordPress Alternatives

Newsletter – Send awesome emails from WordPress

Newsletter – Send awesome emails from WordPress

newsletter

A
89

An email marketing tool for your blog: subscription forms to create your lists with unlimited subscribers and newsletters.

200K 20 CVEs
Newsletter Subscription Form – User Subscriptions Form, Capture Email

Newsletter Subscription Form – User Subscriptions Form, Capture Email

newsletter-subscription-form

A
100

Newsletter Subscription Form for WordPress is the ultimate lead generation, customer acquisition and email marketing plugin to grow and engage your ma …

1K No CVEs
SendPulse Email Marketing Newsletter

SendPulse Email Marketing Newsletter

sendpulse-email-marketing-newsletter

A
96

Add a customizable email subscription form to your site, send newsletters, and automate email campaigns with autoresponders using SendPulse.

1K 3 CVEs
Elastic Email Subscribe Form

Elastic Email Subscribe Form

elastic-email-subscribe-form

C
63

Elastic Email Subscribe Form allows you to create and manage a beautiful widget for your WordPress blog or website. This easy to use, beautiful and po …

100 1 unpatched
Email Blaster Newsletter Signup Form

Email Blaster Newsletter Signup Form

email-blaster-newsletter-signup-form

A
85

Email subscribe forms for your website. Send HTML email marketing (newsletters). GDPR compliant, UK based email marketing and email automation.

100 No CVEs
Developer Profile

Hostinger Reach – AI-Powered Email Marketing for WordPress Developer Profile

Hostinger

2 plugins · 4.0M total installs

79
trust score
Avg Security Score
100/100
Avg Patch Time
207 days
View full developer profile
Detection Fingerprints

How We Detect Hostinger Reach – AI-Powered Email Marketing for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/hostinger-reach/build/css/admin.css/wp-content/plugins/hostinger-reach/build/js/admin.js/wp-content/plugins/hostinger-reach/build/images/notices/notice-bg.png/wp-content/plugins/hostinger-reach/build/images/notices/add-form-notice.png
Script Paths
/wp-content/plugins/hostinger-reach/build/js/admin.js
Version Parameters
hostinger-reach/build/css/admin.css?ver=hostinger-reach/build/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
hostinger-reach-noticehostinger-reach-action-buttonhostinger-reach-notice-closehostinger-reach-notice-wraphostinger-reach-notice-mainhostinger-reach-notice-contenthostinger-reach-notice-actionshostinger-reach-button+2 more
Data Attributes
data-action="dismiss"data-action="success"
JS Globals
window.hostinger_reach_vars
REST Endpoints
/wp-json/hostinger-reach/v1
FAQ

Frequently Asked Questions about Hostinger Reach – AI-Powered Email Marketing for WordPress