WP-Safety

Hostinger Reach – AI-Powered Email Marketing for WordPress Security & Risk Analysis

wordpress.org/plugins/hostinger-reach

Launch and grow your email marketing effortlessly with Hostinger Reach. Collect contacts, sync subscribers, and send emails – all in one, AI powered.

1.0M active installs v1.4.6 PHP 8.1+ WP 6.0+ Updated Apr 8, 2026
email-marketinglead-generationmarketingnewslettersubscription
99
A · Safe
CVEs total1
Unpatched0
Last CVEMay 12, 2026
Plugin page Download
Safety Verdict

Is Hostinger Reach – AI-Powered Email Marketing for WordPress Safe to Use in 2026?

Generally Safe

Score 99/100

Hostinger Reach – AI-Powered Email Marketing for WordPress has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: May 12, 2026Updated 1mo ago
Risk Assessment

The Hostinger Reach plugin v1.4.0 exhibits a generally good security posture with several positive indicators. Notably, all identified output operations are properly escaped, and a high percentage of SQL queries utilize prepared statements, significantly reducing the risk of common injection vulnerabilities. The absence of known CVEs and a clean vulnerability history further suggest a mature and well-maintained codebase. However, a critical area of concern lies in the plugin's attack surface. One REST API route is identified as unprotected, lacking permission callbacks. This creates a potential entry point for unauthorized access or manipulation of plugin functionality if not properly secured by other means.

The static analysis did not reveal any dangerous functions or unsanitized taint flows, which is a strong positive. The presence of file operations and external HTTP requests, while not inherently risky, do warrant attention to ensure these operations are handled securely and do not introduce vulnerabilities. Overall, the plugin demonstrates good development practices in critical areas like output sanitization and SQL query handling. The primary weakness identified is the unprotected REST API endpoint, which requires careful consideration and potential mitigation to ensure robust security.

Key Concerns

  • Unprotected REST API route
Vulnerabilities
1 published

Hostinger Reach – AI-Powered Email Marketing for WordPress Security Vulnerabilities

CVEs by Year

1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2026-2515medium · 5.3Missing Authorization

Hostinger Reach <= 1.3.8 - Missing Authorization to Authenticated (Subscriber+) Integration API Key Update

May 12, 2026 Patched in 1.3.9 (1d)
Version History

Hostinger Reach – AI-Powered Email Marketing for WordPress Release Timeline

v1.4.6Current
v1.4.5
v1.4.4
v1.4.3
v1.4.2
v1.4.0
v1.3.9
v1.3.81 CVE
CVE-2026-2515
v1.3.71 CVE
CVE-2026-2515
v1.3.61 CVE
CVE-2026-2515
v1.3.51 CVE
CVE-2026-2515
v1.3.41 CVE
CVE-2026-2515
v1.3.31 CVE
CVE-2026-2515
v1.3.21 CVE
CVE-2026-2515
v1.3.11 CVE
CVE-2026-2515
v1.3.01 CVE
CVE-2026-2515
v1.2.41 CVE
CVE-2026-2515
v1.2.31 CVE
CVE-2026-2515
v1.2.21 CVE
CVE-2026-2515
v1.2.11 CVE
CVE-2026-2515
Code Analysis
Analyzed Mar 16, 2026

Hostinger Reach – AI-Powered Email Marketing for WordPress Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
19 prepared
Unescaped Output
0
68 escaped
Nonce Checks
6
Capability Checks
5
File Operations
1
External Requests
2
Bundled Libraries
0

SQL Query Safety

90% prepared21 total queries

Output Escaping

100% escaped68 total outputs
Attack Surface
1 unprotected

Hostinger Reach – AI-Powered Email Marketing for WordPress Attack Surface

Entry Points2
Unprotected1

AJAX Handlers 1

noprivwp_ajax_abandoned-cartssrc\Tracking\AbandonedCarts.php:37

REST API Routes 1

POST/wp-json/hostinger-reach/v1/optinmonstersrc\Integrations\OptInMonster\OptInMonsterIntegration.php:214
WordPress Hooks 78
actionadmin_noticeshostinger-reach.php:46
actionplugins_loadedhostinger-reach.php:91
actionplugins_loadedhostinger-reach.php:102
actionadmin_menusrc\Admin\Menus.php:14
filterhostinger_menu_subpagessrc\Admin\Menus.php:15
filterhostinger_admin_menu_bar_itemssrc\Admin\Menus.php:16
actionadmin_noticessrc\Admin\Notices\AddFormNotice.php:26
actionadmin_enqueue_scriptssrc\Admin\Notices\AddFormNotice.php:27
actionadmin_noticessrc\Admin\Notices\ConnectionNotice.php:27
actionadmin_enqueue_scriptssrc\Admin\Notices\ConnectionNotice.php:28
actioninitsrc\Admin\Redirects.php:23
filterhostinger_add_surveyssrc\Admin\Surveys\Survey.php:22
actioninitsrc\Api\Handlers\IntegrationsApiHandler.php:37
filterallowed_http_originssrc\Api\Handlers\ReachApiHandler.php:38
filterrest_exposed_cors_headerssrc\Api\Handlers\ReachApiHandler.php:47
filterrest_allowed_cors_headerssrc\Api\Handlers\ReachApiHandler.php:58
actionhostinger_reach_submitsrc\Api\Handlers\ReachApiHandler.php:100
actionrest_api_initsrc\Api\Routes\FormsRoutes.php:24
actionrest_api_initsrc\Api\Routes\FormsRoutes.php:25
actionrest_api_initsrc\Api\Routes\Routes.php:22
actionwoocommerce_order_status_processingsrc\Api\Webhooks\Handlers\OrderPurchased.php:47
actioninitsrc\Api\Webhooks\Handlers\WebhookHandler.php:19
actionwp_enqueue_scriptssrc\Blocks\Block.php:20
actionbravepop_user_submitted_formsrc\Integrations\Brave\BraveIntegration.php:45
actionwpcf7_mail_sentsrc\Integrations\ContactForm7\ContactForm7Integration.php:22
actionwpcf7_mail_sentsrc\Integrations\ContactForm7Integration.php:30
filterhostinger_reach_formssrc\Integrations\ContactForm7Integration.php:31
filterhostinger_reach_after_form_state_is_setsrc\Integrations\ContactForm7Integration.php:32
actionhostinger_reach_integration_activatedsrc\Integrations\Elementor\ElementorIntegration.php:33
actionwp_insert_postsrc\Integrations\Elementor\ElementorIntegration.php:34
actionelementor/editor/before_enqueue_scriptssrc\Integrations\Elementor\ElementorIntegration.php:35
actionelementor/widgets/registersrc\Integrations\Elementor\ElementorIntegration.php:39
actiontransition_post_statussrc\Integrations\Elementor\ElementorIntegration.php:40
filterhostinger_reach_get_groupsrc\Integrations\Elementor\ElementorIntegration.php:41
actionelementor_pro/forms/new_recordsrc\Integrations\Elementor\ElementorIntegration.php:42
actionforminator_form_after_save_entrysrc\Integrations\Forminator\ForminatorIntegration.php:42
filterhostinger_reach_integrationssrc\Integrations\Integration.php:113
filterhostinger_reach_plugin_datasrc\Integrations\Integration.php:114
filterhostinger_reach_after_form_state_is_setsrc\Integrations\Integration.php:115
filterhostinger_reach_import_enabledsrc\Integrations\Integration.php:118
actionhostinger_reach_integrations_loadedsrc\Integrations\Integration.php:119
actionhostinger_reach_contact_submittedsrc\Integrations\Integration.php:120
filterhostinger_reach_formssrc\Integrations\Integration.php:139
filterninja_forms_admin_noticessrc\Integrations\NinjaForms\NinjaFormsIntegration.php:22
actionninja_forms_after_submissionsrc\Integrations\NinjaForms\NinjaFormsIntegration.php:57
actionrest_api_initsrc\Integrations\OptInMonster\OptInMonsterIntegration.php:211
actiontransition_post_statussrc\Integrations\Reach\ReachFormIntegration.php:36
actionhostinger_reach_contact_submittedsrc\Integrations\Reach\ReachFormIntegration.php:37
actiontransition_post_statussrc\Integrations\ReachFormIntegration.php:30
actionhostinger_reach_contact_submittedsrc\Integrations\ReachFormIntegration.php:31
actionhostinger_reach_integration_activatedsrc\Integrations\SureForms\SureFormsIntegration.php:44
actionsrfm_form_submitsrc\Integrations\SureForms\SureFormsIntegration.php:56
actionhostinger_reach_integration_activatedsrc\Integrations\WooCommerce\WooCommerceIntegration.php:30
actionwoocommerce_thankyousrc\Integrations\WooCommerce\WooCommerceIntegration.php:39
actionwoocommerce_checkout_order_processedsrc\Integrations\WooCommerce\WooCommerceIntegration.php:40
actionhostinger_reach_contact_submittedsrc\Integrations\WooCommerce\WooCommerceIntegration.php:41
actionwoocommerce_blocks_loadedsrc\Integrations\WooCommerce\WooCommerceIntegration.php:49
actionwoocommerce_store_api_checkout_update_order_from_requestsrc\Integrations\WooCommerce\WooCommerceIntegration.php:52
actionwoocommerce_checkout_after_terms_and_conditionssrc\Integrations\WooCommerce\WooCommerceIntegration.php:61
actionwpforms_process_completesrc\Integrations\WPFormsLite\WpFormsLiteIntegration.php:43
actionwpforms_process_completesrc\Integrations\WpFormsLiteIntegration.php:27
filterhostinger_reach_formssrc\Integrations\WpFormsLiteIntegration.php:28
filterhostinger_reach_after_form_state_is_setsrc\Integrations\WpFormsLiteIntegration.php:29
actioninitsrc\Providers\JobsProvider.php:59
actionplugins_loadedsrc\Setup\Activator.php:14
actionadmin_enqueue_scriptssrc\Setup\Assets.php:23
actioninitsrc\Setup\Blocks.php:23
actionenqueue_block_editor_assetssrc\Setup\Blocks.php:24
actionwoocommerce_store_api_cart_update_order_from_requestsrc\Tracking\AbandonedCarts.php:27
actionwoocommerce_cart_item_set_quantitysrc\Tracking\AbandonedCarts.php:28
actionwoocommerce_add_to_cartsrc\Tracking\AbandonedCarts.php:29
actionwoocommerce_after_calculate_totalssrc\Tracking\AbandonedCarts.php:30
actionwoocommerce_cart_item_removedsrc\Tracking\AbandonedCarts.php:31
actionwoocommerce_cart_item_restoredsrc\Tracking\AbandonedCarts.php:32
actionwoocommerce_thankyousrc\Tracking\AbandonedCarts.php:33
actionwoocommerce_checkout_order_processedsrc\Tracking\AbandonedCarts.php:34
actionwoocommerce_checkout_update_order_reviewsrc\Tracking\AbandonedCarts.php:35
actionwp_enqueue_scriptssrc\Tracking\AbandonedCarts.php:36
Maintenance & Trust

Hostinger Reach – AI-Powered Email Marketing for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 8, 2026
PHP min version8.1
Downloads295K

Community Trust

Rating100/100
Number of ratings5
Active installs1.0M
Alternatives

Hostinger Reach – AI-Powered Email Marketing for WordPress Alternatives

Newsletter – Send awesome emails from WordPress

Newsletter – Send awesome emails from WordPress

newsletter

A
89

An email marketing tool for your blog: subscription forms to create your lists with unlimited subscribers and newsletters.

200K 20 CVEs
Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress

Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress

email-subscribers

B
76

Add subscription forms on the website and send newsletters & automatically send post notification about new blog posts once it gets published.

60K 42 CVEs
Newsletter Subscription Form – User Subscriptions Form, Capture Email

Newsletter Subscription Form – User Subscriptions Form, Capture Email

newsletter-subscription-form

A
100

Newsletter Subscription Form for WordPress is the ultimate lead generation, customer acquisition and email marketing plugin to grow and engage your ma &hellip;

1K No CVEs
SendPulse Email Marketing Newsletter

SendPulse Email Marketing Newsletter

sendpulse-email-marketing-newsletter

A
96

Add a customizable email subscription form to your site, send newsletters, and automate email campaigns with autoresponders using SendPulse.

1K 3 CVEs
Elastic Email Subscribe Form

Elastic Email Subscribe Form

elastic-email-subscribe-form

C
63

Elastic Email Subscribe Form allows you to create and manage a beautiful widget for your WordPress blog or website. This easy to use, beautiful and po &hellip;

100 1 unpatched
Developer Profile

Hostinger Reach – AI-Powered Email Marketing for WordPress Developer Profile

Hostinger

2 plugins · 4.0M total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
104 days
View full developer profile
Detection Fingerprints

How We Detect Hostinger Reach – AI-Powered Email Marketing for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/hostinger-reach/build/css/admin.css/wp-content/plugins/hostinger-reach/build/js/admin.js/wp-content/plugins/hostinger-reach/build/images/notices/notice-bg.png/wp-content/plugins/hostinger-reach/build/images/notices/add-form-notice.png
Script Paths
/wp-content/plugins/hostinger-reach/build/js/admin.js
Version Parameters
hostinger-reach/build/css/admin.css?ver=hostinger-reach/build/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
hostinger-reach-noticehostinger-reach-action-buttonhostinger-reach-notice-closehostinger-reach-notice-wraphostinger-reach-notice-mainhostinger-reach-notice-contenthostinger-reach-notice-actionshostinger-reach-button+2 more
Data Attributes
data-action="dismiss"data-action="success"
JS Globals
window.hostinger_reach_vars
REST Endpoints
/wp-json/hostinger-reach/v1
FAQ

Frequently Asked Questions about Hostinger Reach – AI-Powered Email Marketing for WordPress