WP-Safety

MailCamp Security & Risk Analysis

wordpress.org/plugins/mailcamp

Quickly add a MailCamp signup form to your WordPress site to enhance your email marketing efforts.

100 active installs v1.6.5 PHP 5.6+ WP 4.9.1+ Updated Nov 3, 2025
emailemail-campaignemail-marketingmarketingnewsletter
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is MailCamp Safe to Use in 2026?

Generally Safe

Score 100/100

MailCamp has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago
Risk Assessment

The Mailcamp plugin v1.6.5 exhibits a mixed security posture. On one hand, the absence of known vulnerabilities and CVEs in its history is a positive indicator, suggesting a generally well-maintained codebase. The plugin also demonstrates good practices by using prepared statements for all SQL queries and having some capability checks in place. However, significant concerns arise from the static analysis. A considerable portion of its output (62%) is not properly escaped, posing a risk of cross-site scripting (XSS) vulnerabilities. Furthermore, the plugin exposes two AJAX handlers without any authentication or capability checks, creating a direct and unprotected attack surface that could be exploited by unauthenticated users. The presence of the `unserialize` function without explicit sanitization of its input is another notable risk, as it can lead to remote code execution if improperly handled.

Despite the lack of historical vulnerabilities, the identified code signals like unescaped output and unprotected AJAX endpoints present immediate and tangible risks. The `unserialize` function, in particular, is a critical concern that requires careful attention. While the plugin has strengths in its SQL handling and some capability checks, these are overshadowed by the identified weaknesses in output sanitization and authorization for its entry points. A proactive approach to addressing these issues is recommended to improve the overall security of the plugin.

Key Concerns

  • Unprotected AJAX handlers
  • Insufficient output escaping
  • Use of unserialize function
  • Missing nonce checks on AJAX
Vulnerabilities
None known

MailCamp Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

MailCamp Code Analysis

Dangerous Functions
5
Raw SQL Queries
0
0 prepared
Unescaped Output
68
42 escaped
Nonce Checks
0
Capability Checks
5
File Operations
0
External Requests
1
Bundled Libraries
0

Dangerous Functions Found

unserializeforeach ( unserialize( $field->fieldsettings )['Value'] as $fieldsetting ) {includes\core-functions.php:86
unserializeforeach ( unserialize( $field->fieldsettings )['Value'] as $fieldsetting ) {includes\core-functions.php:92
unserializeforeach ( unserialize( $field->fieldsettings )['Value'] as $fieldsetting ) {includes\core-functions.php:97
unserialize$html_form .= '<input name="CustomFields[' . $field->fieldid . ']" id="CustomFields_' . $field->fielincludes\core-functions.php:108
unserialize$html_form .= '<input name="CustomFields[' . $field->fieldid . ']" id="CustomFields_' . $field->fielincludes\core-functions.php:108

Output Escaping

38% escaped110 total outputs
Attack Surface
2 unprotected

MailCamp Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

noprivwp_ajax_add_subscriber_to_listpublic\class-mailcamp-public.php:107
authwp_ajax_add_subscriber_to_listpublic\class-mailcamp-public.php:108
WordPress Hooks 13
actionwidgets_initincludes\class-mailcamp-widget.php:138
actionplugins_loadedincludes\class-mailcamp.php:161
actionadmin_enqueue_scriptsincludes\class-mailcamp.php:175
actionadmin_enqueue_scriptsincludes\class-mailcamp.php:176
actionadmin_menuincludes\class-mailcamp.php:177
actionadmin_initincludes\class-mailcamp.php:209
actionadmin_initincludes\class-mailcamp.php:213
actionwp_enqueue_scriptsincludes\class-mailcamp.php:231
actionwp_enqueue_scriptsincludes\class-mailcamp.php:232
actionwoocommerce_initincludes\class-mailcamp.php:244
actionwoocommerce_before_thankyouincludes\class-mailcamp.php:246
actionwoocommerce_checkout_update_order_metaincludes\class-mailcamp.php:248
actionplugins_loadedmailcamp.php:84
Maintenance & Trust

MailCamp Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedNov 3, 2025
PHP min version5.6
Downloads13K

Community Trust

Rating100/100
Number of ratings3
Active installs100
Alternatives

MailCamp Alternatives

Drip for WordPress

Drip for WordPress

email-marketing

A
85

Do you sell online? If so you need our new Drip for WooCommerce Plugin instead of this one. It includes your entire product catalog, order history int &hellip;

2K No CVEs
Email Marketing by SendX

Email Marketing by SendX

email-marketing-by-sendx

A
85

SendX is a lead-generation and marketing automation platform to grow your web business. In simple words it is marketing for non-marketers.

100 No CVEs
Email Marketing for WordPress and WooCommerce – Retainful

Email Marketing for WordPress and WooCommerce – Retainful

retainful

A
100

Email marketing, newsletters for WordPress and WooCommerce. Send newsletters and campaigns, recover abandoned carts, signup forms, and more

60 No CVEs
PickPlugins Mail Picker — Email Marketing & Newsletters

PickPlugins Mail Picker — Email Marketing & Newsletters

mail-picker

A
96

Send newsletter and build email subscriber.

10 2 CVEs
Bens Email Marketing & Automation

Bens Email Marketing & Automation

bens-email-marketing-automation

A
100

Fast and simple Email Marketing, Newsletters, Automation & CRM for WordPress.

0 No CVEs
Developer Profile

MailCamp Developer Profile

mailcamp

1 plugin · 100 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect MailCamp

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/mailcamp/admin/css/mailcamp-admin.css/wp-content/plugins/mailcamp/admin/js/mailcamp-admin.js
Script Paths
/wp-content/plugins/mailcamp/admin/js/mailcamp-admin.js
Version Parameters
mailcamp-admin.css?ver=mailcamp-admin.js?ver=

HTML / DOM Fingerprints

HTML Comments
<!-- Currently pligin version. --><!-- Start at version 1.0.0 and use SemVer - https://semver.org --><!-- Rename this for your plugin and update it as you release new versions. --><!-- The code that runs during plugin activation. -->+25 more
Data Attributes
data-setting-id="mailcamp_api_path"data-setting-id="mailcamp_api_username"data-setting-id="mailcamp_api_token"
JS Globals
window.mailcamp_admin_object
FAQ

Frequently Asked Questions about MailCamp