Does MailChimp Forms by MailMunch have any unpatched vulnerabilities?

No. All known vulnerabilities in MailChimp Forms by MailMunch have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is MailChimp Forms by MailMunch compatible with WordPress 6.9.4?

According to WordPress.org data, MailChimp Forms by MailMunch 3.2.7 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is MailChimp Forms by MailMunch updated?

MailChimp Forms by MailMunch was last updated on Jan 23, 2026. Frequent updates are generally a positive security signal.

What is MailChimp Forms by MailMunch's security score?

MailChimp Forms by MailMunch has a WP-Safety security score of 97/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

MailChimp Forms by MailMunch Security & Risk Analysis

wordpress.org/plugins/mailchimp-forms-by-mailmunch

MailChimp Forms to get more email subscribers. Subscribe your WordPress visitors to your MailChimp lists easily.

10K active installs v3.2.7 PHP + WP 4.0+ Updated Jan 23, 2026

mailchimpmailchimp-formsmailchimp-listsopt-in-formssign-up-form

A · Safe

CVEs total5

Unpatched0

Last CVENov 19, 2024

Plugin page Download

Safety Verdict

Is MailChimp Forms by MailMunch Safe to Use in 2026?

Generally Safe

Score 97/100

MailChimp Forms by MailMunch has a strong security track record. Known vulnerabilities have been patched promptly.

5 known CVEsLast CVE: Nov 19, 2024Updated 2mo ago

Risk Assessment

The "mailchimp-forms-by-mailmunch" v3.2.7 plugin presents a mixed security posture. While it demonstrates good practices such as using prepared statements for all SQL queries and performing nonce checks on all AJAX handlers, significant concerns arise from its attack surface and output escaping. The plugin exposes 5 unprotected AJAX handlers, creating a substantial entry point for potential attacks if not properly secured by other means. Furthermore, only 29% of output is properly escaped, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities, where malicious scripts could be injected and executed within the user's browser.

Key Concerns

High number of unprotected AJAX handlers
Low percentage of properly escaped output
Use of unserialize function
Medium severity vulnerabilities in history

Vulnerabilities

MailChimp Forms by MailMunch Security Vulnerabilities

CVEs by Year

2 CVEs in 2023

2023

3 CVEs in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

5 total CVEs

CVE-2024-8726medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

MailChimp Forms by MailMunch <= 3.2.3 - Reflected Cross-Site Scripting

Nov 19, 2024 Patched in 3.2.4 (1d)

CVE-2024-31378medium · 4.3Cross-Site Request Forgery (CSRF)

MailChimp Forms by MailMunch <= 3.2.1 - Cross-Site Request Forgery

Apr 10, 2024 Patched in 3.2.2 (7d)

CVE-2024-29793medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

MailChimp Forms by MailMunch <= 3.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Mar 25, 2024 Patched in 3.2.3 (8d)

CVE-2023-45748medium · 5.4Cross-Site Request Forgery (CSRF)

MailChimp Forms by MailMunch <= 3.1.7 - Cross-Site Request Forgery via Multiple AJAX actions

Oct 12, 2023 Patched in 3.1.8 (103d)

CVE-2023-40203medium · 5.4Missing Authorization

MailChimp Forms by MailMunch <= 3.1.4 - Missing Authorization via multiple AJAX actions

Aug 11, 2023 Patched in 3.1.5 (165d)

Code Analysis

Analyzed Mar 16, 2026

MailChimp Forms by MailMunch Code Analysis

Dangerous Functions

Raw SQL Queries

6 prepared

Unescaped Output

24 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$value = unserialize($value);includes\class-mailmunch-api.php:236

SQL Query Safety

100% prepared6 total queries

Output Escaping

29% escaped82 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

8 flows4 with unsanitized paths

sign_up (admin\class-mailchimp-mailmunch-admin.php:126)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

5 unprotected

MailChimp Forms by MailMunch Attack Surface

Entry Points6

Unprotected5

AJAX Handlers 5

authwp_ajax_sign_upincludes\class-mailchimp-mailmunch.php:218

authwp_ajax_sign_inincludes\class-mailchimp-mailmunch.php:219

authwp_ajax_delete_widgetincludes\class-mailchimp-mailmunch.php:220

authwp_ajax_delete_emailincludes\class-mailchimp-mailmunch.php:221

authwp_ajax_change_email_statusincludes\class-mailchimp-mailmunch.php:222

Shortcodes 1

[mailmunch-form] public\class-mailchimp-mailmunch-public.php:55

WordPress Hooks 25

actionplugins_loadedincludes\class-mailchimp-mailmunch.php:192

actionadmin_enqueue_scriptsincludes\class-mailchimp-mailmunch.php:207

actionadmin_enqueue_scriptsincludes\class-mailchimp-mailmunch.php:208

actionadmin_menuincludes\class-mailchimp-mailmunch.php:209

actionadmin_initincludes\class-mailchimp-mailmunch.php:210

actionadmin_initincludes\class-mailchimp-mailmunch.php:211

actionadmin_initincludes\class-mailchimp-mailmunch.php:214

actionadmin_noticesincludes\class-mailchimp-mailmunch.php:215

actionwp_dashboard_setupincludes\class-mailchimp-mailmunch.php:225

actionwp_enqueue_scriptsincludes\class-mailchimp-mailmunch.php:246

actionwp_enqueue_scriptsincludes\class-mailchimp-mailmunch.php:247

actionwp_headincludes\class-mailchimp-mailmunch.php:248

filterthe_contentincludes\class-mailchimp-mailmunch.php:252

actionwidgets_initincludes\class-mailchimp-mailmunch.php:256

actioninitincludes\class-mailchimp-mailmunch.php:268

filtertemplate_includeincludes\class-mailchimp-mailmunch.php:269

filterget_pagesincludes\class-mailchimp-mailmunch.php:270

actionadd_meta_boxesincludes\class-mailchimp-mailmunch.php:272

actionsave_postincludes\class-mailchimp-mailmunch.php:273

actioninitincludes\class-mailchimp-mailmunch.php:276

actionsave_postincludes\class-mailchimp-mailmunch.php:277

actionwp_insert_postincludes\class-mailchimp-mailmunch.php:278

actionpre_get_postsincludes\class-mailchimp-mailmunch.php:279

filterpost_type_linkincludes\class-mailchimp-mailmunch.php:280

filterwp_unique_post_slugincludes\class-mailchimp-mailmunch.php:281

Maintenance & Trust

MailChimp Forms by MailMunch Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 23, 2026

PHP min version

Downloads1.1M

Community Trust

Rating92/100

Number of ratings372

Active installs10K

Alternatives

MailChimp Forms by MailMunch Alternatives

Contact Form user to Mailchimp Audience

contact-form-user-to-mailchimp-audience

Plugin sends Contact Form 7 (first name, last name, email, phone) to Mailchimp Audience.

0 No CVEs

MC4WP: Mailchimp for WordPress

mailchimp-for-wp

The #1 Mailchimp plugin for WordPress. Allows you to add a multitude of newsletter sign-up methods to your site.

1.0M 11 CVEs

Mailchimp for WooCommerce

mailchimp-for-woocommerce

Connect your store to your Mailchimp audience to track sales, create targeted emails, send abandoned cart emails, and more.

300K 2 CVEs

Redirection for Contact Form 7

wpcf7-redirect

Redirect to any page or URL, execute scripts after submission, save data to the database, and unlock additional submission actions for Contact Form 7.

200K 14 CVEs

Mailchimp List Subscribe Form

mailchimp

Add a Mailchimp signup form block, widget, or shortcode to your WordPress site.

60K 1 CVE

Developer Profile

MailChimp Forms by MailMunch Developer Profile

mailmunch

3 plugins · 19K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

79 days

View full developer profile

Detection Fingerprints

How We Detect MailChimp Forms by MailMunch

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/mailchimp-forms-by-mailmunch/admin/css/mailchimp-mailmunch-admin.css/wp-content/plugins/mailchimp-forms-by-mailmunch/admin/js/mailchimp-mailmunch-admin.js

Script Paths

/wp-content/plugins/mailchimp-forms-by-mailmunch/admin/js/mailchimp-mailmunch-admin.js

Version Parameters

mailchimp-mailmunch-admin.css?ver=mailchimp-mailmunch-admin.js?ver=

HTML / DOM Fingerprints

Data Attributes

data-mailmunch-action

JS Globals

mailmunch_nonces

FAQ