Does Mailchimp for WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in Mailchimp for WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Mailchimp for WooCommerce compatible with WordPress 6.9.4?

According to WordPress.org data, Mailchimp for WooCommerce 6.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Mailchimp for WooCommerce compatible with PHP 7.4+?

Mailchimp for WooCommerce requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Mailchimp for WooCommerce updated?

Mailchimp for WooCommerce was last updated on Mar 10, 2026. Frequent updates are generally a positive security signal.

What is Mailchimp for WooCommerce's security score?

Mailchimp for WooCommerce has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Mailchimp for WooCommerce Security & Risk Analysis

wordpress.org/plugins/mailchimp-for-woocommerce

Connect your store to your Mailchimp audience to track sales, create targeted emails, send abandoned cart emails, and more.

300K active installs v6.0 PHP 7.4+ WP 6.2+ Updated Mar 10, 2026

ecommerceemailmailchimpworkflows

A · Safe

CVEs total2

Unpatched0

Last CVEAug 3, 2022

Plugin page Download

Safety Verdict

Is Mailchimp for WooCommerce Safe to Use in 2026?

Generally Safe

Score 99/100

Mailchimp for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Aug 3, 2022Updated 24d ago

Risk Assessment

The 'mailchimp-for-woocommerce' v6.0 plugin presents a mixed security posture. On the positive side, it has a good record of patching known vulnerabilities, with no currently unpatched CVEs. The plugin also demonstrates some good coding practices, such as the high percentage of SQL queries using prepared statements and a significant number of output escaping routines. However, significant concerns arise from the static analysis, particularly the large attack surface. A disproportionately high number of AJAX handlers (21 out of 22) lack authentication checks, creating a substantial entry point for unauthorized actions. Furthermore, the presence of dangerous functions like `unserialize` and `shell_exec`, coupled with taint analysis revealing flows with unsanitized paths, indicates potential for serious security breaches if not properly mitigated within the AJAX endpoints. The plugin's vulnerability history shows a pattern of medium-severity issues, primarily SSRF, which, when combined with the open AJAX endpoints, could be exploited. While the lack of critical or high-severity vulnerabilities and the generally good patching record are strengths, the extensive unprotected attack surface and the presence of dangerous functions are critical weaknesses that demand immediate attention.

Key Concerns

Large number of AJAX handlers without authentication
Presence of dangerous functions (unserialize, shell_exec)
Taint analysis shows flows with unsanitized paths
Moderate percentage of improperly escaped output
Moderate number of external HTTP requests

Vulnerabilities

Mailchimp for WooCommerce Security Vulnerabilities

CVEs by Year

2 CVEs in 2022

2022

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2022-2556medium · 4.9Server-Side Request Forgery (SSRF)

Mailchimp for WooCommerce <= 2.7.1 - Authenticated (Admin+) Server-Side Request Forgery

Aug 3, 2022 Patched in 2.7.2 (538d)

CVE-2022-2267medium · 4.3Server-Side Request Forgery (SSRF)

Mailchimp for WooCommerce <= 2.7 - Authenticated (Subscriber+) Server-Side Request Forgery

Aug 3, 2022 Patched in 2.7.1 (814d)

Code Analysis

Analyzed Mar 16, 2026

Mailchimp for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

51 prepared

Unescaped Output

210

319 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$result = is_array($data) ? $data : unserialize($data);includes\api\class-mailchimp-api.php:964

shell_exec'value' => $this->is_shell_enabled() ? shell_exec('wp cli version') !== null : 'N/A',includes\api\class-mailchimp-woocommerce-tower.php:657

shell_exec$returnVal = shell_exec( 'pwd' );includes\api\class-mailchimp-woocommerce-tower.php:952

unserialize$job = unserialize($queue_job->job);includes\class-mailchimp-woocommerce-activator.php:106

unserializeif (empty($cached) || !($cached = is_string($cached) ? unserialize($cached) : [])) {includes\class-mailchimp-woocommerce-options.php:191

unserialize$cart_data = unserialize($cart->cart);includes\class-mailchimp-woocommerce-service.php:893

unserialize$this->setWooSession('cart', unserialize($cart->cart));includes\class-mailchimp-woocommerce-service.php:897

unserialize$job = unserialize($job_row->job);includes\class-mailchimp-woocommerce-service.php:1369

SQL Query Safety

82% prepared62 total queries

Output Escaping

60% escaped529 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

9 flows4 with unsanitized paths

mailchimp_woocommerce_ajax_create_account_check_username (admin\class-mailchimp-woocommerce-admin.php:1079)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

21 unprotected

Mailchimp for WooCommerce Attack Surface

Entry Points22

Unprotected21

AJAX Handlers 22

authwp_ajax_mailchimp_woocommerce_oauth_startincludes\class-mailchimp-woocommerce.php:270

authwp_ajax_mailchimp_woocommerce_activate_account_eventincludes\class-mailchimp-woocommerce.php:271

authwp_ajax_mailchimp_woocommerce_oauth_statusincludes\class-mailchimp-woocommerce.php:272

authwp_ajax_mailchimp_woocommerce_oauth_finishincludes\class-mailchimp-woocommerce.php:273

authwp_ajax_mailchimp_woocommerce_create_account_check_usernameincludes\class-mailchimp-woocommerce.php:276

authwp_ajax_mailchimp_woocommerce_create_account_signupincludes\class-mailchimp-woocommerce.php:277

authwp_ajax_mailchimp_woocommerce_switch_accountincludes\class-mailchimp-woocommerce.php:278

authwp_ajax_mailchimp_woocommerce_check_login_sessionincludes\class-mailchimp-woocommerce.php:279

authwp_ajax_mailchimp_woocommerce_support_formincludes\class-mailchimp-woocommerce.php:280

authwp_ajax_mailchimp_woocommerce_communication_statusincludes\class-mailchimp-woocommerce.php:286

authwp_ajax_mailchimp_woocommerce_tower_statusincludes\class-mailchimp-woocommerce.php:289

authwp_ajax_mailchimp_woocommerce_load_log_fileincludes\class-mailchimp-woocommerce.php:292

authwp_ajax_mailchimp_woocommerce_delete_log_fileincludes\class-mailchimp-woocommerce.php:295

authwp_ajax_mailchimp_woocommerce_toggle_chimpstatic_scriptincludes\class-mailchimp-woocommerce.php:298

authwp_ajax_mailchimp_woocommerce_send_eventincludes\class-mailchimp-woocommerce.php:301

authwp_ajax_mailchimp_get_user_by_hashincludes\class-mailchimp-woocommerce.php:475

noprivwp_ajax_mailchimp_get_user_by_hashincludes\class-mailchimp-woocommerce.php:476

authwp_ajax_mailchimp_set_user_by_emailincludes\class-mailchimp-woocommerce.php:479

noprivwp_ajax_mailchimp_set_user_by_emailincludes\class-mailchimp-woocommerce.php:480

noprivwp_ajax_mailchimp_create_additional_runnersincludes\function-include-action-scheduler.php:45

authwp_ajax_mailchimp_set_user_by_emailincludes\tracking\class-mailchimp-woocommerce-pixel-tracking.php:122

noprivwp_ajax_mailchimp_set_user_by_emailincludes\tracking\class-mailchimp-woocommerce-pixel-tracking.php:123

WordPress Hooks 108

actionwoocommerce_blocks_loadedblocks\newsletter.php:5

actionwoocommerce_store_api_checkout_update_order_from_requestblocks\newsletter.php:15

actionwoocommerce_store_api_checkout_order_processedblocks\newsletter.php:16

actionwoocommerce_store_api_checkout_update_order_from_requestblocks\newsletter.php:19

actionwoocommerce_store_api_checkout_order_processedblocks\newsletter.php:20

actionwoocommerce_blocks_checkout_block_registrationblocks\newsletter.php:28

filter__experimental_woocommerce_blocks_add_data_attributes_to_blockblocks\woocommerce-blocks-integration.php:32

actionwoocommerce_before_order_object_saveblocks\woocommerce-blocks-integration.php:33

filter__experimental_woocommerce_blocks_add_data_attributes_to_blockblocks\woocommerce-sms-blocks-integration.php:33

actionwoocommerce_before_order_object_saveblocks\woocommerce-sms-blocks-integration.php:34

actionadmin_print_scriptsincludes\class-mailchimp-woocommerce-deactivation-survey.php:58

actionadmin_print_scriptsincludes\class-mailchimp-woocommerce-deactivation-survey.php:59

actionadmin_footerincludes\class-mailchimp-woocommerce-deactivation-survey.php:60

actionrest_api_initincludes\class-mailchimp-woocommerce.php:189

actioninitincludes\class-mailchimp-woocommerce.php:204

actionadmin_initincludes\class-mailchimp-woocommerce.php:214

filterwp_privacy_personal_data_exportersincludes\class-mailchimp-woocommerce.php:215

filterwp_privacy_personal_data_erasersincludes\class-mailchimp-woocommerce.php:216

actionadmin_enqueue_scriptsincludes\class-mailchimp-woocommerce.php:230

actionadmin_enqueue_scriptsincludes\class-mailchimp-woocommerce.php:231

actionadmin_menuincludes\class-mailchimp-woocommerce.php:234

actionadmin_menuincludes\class-mailchimp-woocommerce.php:235

actionadmin_initincludes\class-mailchimp-woocommerce.php:245

actionadmin_noticesincludes\class-mailchimp-woocommerce.php:246

actionadmin_noticesincludes\class-mailchimp-woocommerce.php:249

actionplugins_loadedincludes\class-mailchimp-woocommerce.php:254

actionupgrader_process_completeincludes\class-mailchimp-woocommerce.php:255

actioninitincludes\class-mailchimp-woocommerce.php:256

actionadmin_initincludes\class-mailchimp-woocommerce.php:257

actionadmin_footerincludes\class-mailchimp-woocommerce.php:258

actionwoocommerce_settings_save_generalincludes\class-mailchimp-woocommerce.php:261

actionupdate_option_blognameincludes\class-mailchimp-woocommerce.php:262

actionvillatheme_support_woo-multi-currencyincludes\class-mailchimp-woocommerce.php:266

actionoption_page_capability_mailchimp-woocommerceincludes\class-mailchimp-woocommerce.php:283

actionwp_enqueue_scriptsincludes\class-mailchimp-woocommerce.php:316

actionwp_footerincludes\class-mailchimp-woocommerce.php:317

actionwp_enqueue_scriptsincludes\class-mailchimp-woocommerce.php:322

actionwp_enqueue_scriptsincludes\class-mailchimp-woocommerce.php:323

actionwp_footerincludes\class-mailchimp-woocommerce.php:324

actionwoocommerce_after_checkout_formincludes\class-mailchimp-woocommerce.php:327

actionwoocommerce_register_formincludes\class-mailchimp-woocommerce.php:328

actionwoocommerce_edit_account_formincludes\class-mailchimp-woocommerce.php:331

actionwoocommerce_save_account_detailsincludes\class-mailchimp-woocommerce.php:332

actionwoocommerce_ppe_checkout_order_reviewincludes\class-mailchimp-woocommerce.php:360

actionwoocommerce_register_formincludes\class-mailchimp-woocommerce.php:361

actionwoocommerce_checkout_order_processedincludes\class-mailchimp-woocommerce.php:363

actionwoocommerce_ppe_do_payactionincludes\class-mailchimp-woocommerce.php:364

actionwoocommerce_register_postincludes\class-mailchimp-woocommerce.php:365

actionwoocommerce_checkout_order_processedincludes\class-mailchimp-woocommerce.php:383

actionwoocommerce_ppe_do_payactionincludes\class-mailchimp-woocommerce.php:384

actionadmin_initincludes\class-mailchimp-woocommerce.php:401

actionwoocommerce_initincludes\class-mailchimp-woocommerce.php:402

filterhttp_request_argsincludes\class-mailchimp-woocommerce.php:405

actioninitincludes\class-mailchimp-woocommerce.php:408

actionwoocommerce_order_status_changedincludes\class-mailchimp-woocommerce.php:411

actionwoocommerce_order_partially_refundedincludes\class-mailchimp-woocommerce.php:414

actionshow_user_profileincludes\class-mailchimp-woocommerce.php:417

actionedit_user_profileincludes\class-mailchimp-woocommerce.php:418

actionpersonal_options_updateincludes\class-mailchimp-woocommerce.php:419

actionedit_user_profile_updateincludes\class-mailchimp-woocommerce.php:420

filterwoocommerce_update_cart_action_cart_updatedincludes\class-mailchimp-woocommerce.php:422

actionwoocommerce_cart_item_set_quantityincludes\class-mailchimp-woocommerce.php:423

actionwoocommerce_add_to_cartincludes\class-mailchimp-woocommerce.php:424

actionwoocommerce_cart_item_removedincludes\class-mailchimp-woocommerce.php:425

actionwoocommerce_new_orderincludes\class-mailchimp-woocommerce.php:428

actionwoocommerce_update_orderincludes\class-mailchimp-woocommerce.php:429

actionsave_post_productincludes\class-mailchimp-woocommerce.php:430

actionwoocommerce_before_delete_product_variationincludes\class-mailchimp-woocommerce.php:431

actionpost_updatedincludes\class-mailchimp-woocommerce.php:434

actionwoocommerce_product_object_updated_propsincludes\class-mailchimp-woocommerce.php:437

actionupdated_post_metaincludes\class-mailchimp-woocommerce.php:440

actionadded_post_metaincludes\class-mailchimp-woocommerce.php:441

actiondeleted_post_metaincludes\class-mailchimp-woocommerce.php:442

actionadded_user_metaincludes\class-mailchimp-woocommerce.php:445

actionupdated_user_metaincludes\class-mailchimp-woocommerce.php:446

actionwp_trash_postincludes\class-mailchimp-woocommerce.php:448

actionuntrashed_postincludes\class-mailchimp-woocommerce.php:449

actionwoocommerce_new_couponincludes\class-mailchimp-woocommerce.php:452

actionwoocommerce_coupon_options_saveincludes\class-mailchimp-woocommerce.php:453

actionwoocommerce_api_create_couponincludes\class-mailchimp-woocommerce.php:454

actioncreated_product_catincludes\class-mailchimp-woocommerce.php:457

actionedited_product_catincludes\class-mailchimp-woocommerce.php:458

actionset_object_termsincludes\class-mailchimp-woocommerce.php:459

actionwoocommerce_delete_couponincludes\class-mailchimp-woocommerce.php:461

actionwoocommerce_trash_couponincludes\class-mailchimp-woocommerce.php:462

actionwoocommerce_update_product_variationincludes\class-mailchimp-woocommerce.php:464

actionwoocommerce_rest_delete_shop_coupon_objectincludes\class-mailchimp-woocommerce.php:466

actionwoocommerce_rest_insert_shop_coupon_objectincludes\class-mailchimp-woocommerce.php:467

actionuser_registerincludes\class-mailchimp-woocommerce.php:470

actionprofile_updateincludes\class-mailchimp-woocommerce.php:472

actionMailChimp_WooCommerce_Process_Full_Sync_Managerincludes\class-mailchimp-woocommerce.php:506

filterhttps_local_ssl_verifyincludes\function-include-action-scheduler.php:8

actionaction_scheduler_run_queueincludes\function-include-action-scheduler.php:33

actionwoocommerce_after_single_productincludes\tracking\class-mailchimp-woocommerce-pixel-tracking.php:81

actionwoocommerce_add_to_cartincludes\tracking\class-mailchimp-woocommerce-pixel-tracking.php:84

actionwoocommerce_cart_item_removedincludes\tracking\class-mailchimp-woocommerce-pixel-tracking.php:87

actionwoocommerce_after_cart_item_quantity_updateincludes\tracking\class-mailchimp-woocommerce-pixel-tracking.php:90

filterwoocommerce_loop_add_to_cart_linkincludes\tracking\class-mailchimp-woocommerce-pixel-tracking.php:93

actionwpincludes\tracking\class-mailchimp-woocommerce-pixel-tracking.php:96

actionwoocommerce_before_checkout_formincludes\tracking\class-mailchimp-woocommerce-pixel-tracking.php:99

actionwpincludes\tracking\class-mailchimp-woocommerce-pixel-tracking.php:102

actionwoocommerce_thankyouincludes\tracking\class-mailchimp-woocommerce-pixel-tracking.php:105

actionwpincludes\tracking\class-mailchimp-woocommerce-pixel-tracking.php:108

actionwpincludes\tracking\class-mailchimp-woocommerce-pixel-tracking.php:112

actionpre_get_postsincludes\tracking\class-mailchimp-woocommerce-pixel-tracking.php:116

actionwpincludes\tracking\class-mailchimp-woocommerce-pixel-tracking.php:119

actionplugins_loadedmailchimp-woocommerce.php:46

actionbefore_woocommerce_initmailchimp-woocommerce.php:51

Maintenance & Trust

Mailchimp for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 10, 2026

PHP min version7.4

Downloads23.1M

Community Trust

Rating80/100

Number of ratings725

Active installs300K

Alternatives

Mailchimp for WooCommerce Alternatives

WP WooCommerce Mailchimp

woocommerce-mailchimp

100

Simple and flexible Mailchimp integration for WooCommerce.

6K No CVEs

Everlytic for WooCommerce

everlytic

100

Connect your store to Everlytic for E-Commerce

30 No CVEs

GiantCampaign for WooCommerce

giantcampaign

Sync to your Audience in GiantCampaign.

0 No CVEs

MC4WP: Mailchimp for WordPress

mailchimp-for-wp

The #1 Mailchimp plugin for WordPress. Allows you to add a multitude of newsletter sign-up methods to your site.

1.0M 11 CVEs

Mailchimp List Subscribe Form

mailchimp

Add a Mailchimp signup form block, widget, or shortcode to your WordPress site.

60K 1 CVE

Developer Profile

Mailchimp for WooCommerce Developer Profile

Mailchimp

2 plugins · 360K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

451 days

View full developer profile

Detection Fingerprints

How We Detect Mailchimp for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/mailchimp-for-woocommerce/css/mailchimp-woocommerce-admin.css/wp-content/plugins/mailchimp-for-woocommerce/css/mailchimp-woocommerce-admin-settings-5.2.css/wp-content/plugins/mailchimp-for-woocommerce/css/mailchimp-woocommerce-admin-settings.css/wp-content/plugins/mailchimp-for-woocommerce/v2/assets/css/styles.css/wp-content/plugins/mailchimp-for-woocommerce/js/mailchimp-woocommerce-create-account.js/wp-content/plugins/mailchimp-for-woocommerce/js/mailchimp-woocommerce-admin.js/wp-content/plugins/mailchimp-for-woocommerce/v2/assets/js/scripts.js

Script Paths

/wp-content/plugins/mailchimp-for-woocommerce/js/mailchimp-woocommerce-create-account.js/wp-content/plugins/mailchimp-for-woocommerce/js/mailchimp-woocommerce-admin.js/wp-content/plugins/mailchimp-for-woocommerce/v2/assets/js/scripts.js

Version Parameters

mailchimp-woocommerce-admin.css?ver=mailchimp-woocommerce-admin-settings-5.2.css?ver=mailchimp-woocommerce-admin-settings.css?ver=styles.css?ver=mailchimp-woocommerce-create-account.js?ver=mailchimp-woocommerce-admin.js?ver=scripts.js?ver=

HTML / DOM Fingerprints

CSS Classes

mailchimp-woocommerce-admin-settings-v2mc4wp-checkbox

HTML Comments

Mailchimp for WooCommerce MailChimp for WooCommerce mailchimp-woocommerce

Data Attributes

data-mc4wp-form-iddata-mc4wp-instance

JS Globals

phpVarsmailchimp_woocommerce_adminMailChimpWooCommerce

REST Endpoints

/wp-json/mailchimp-woocommerce/v1/review-banner

Shortcode Output

[mailchimp_form

FAQ