WP-Safety

Forms for Mailchimp by Optin Cat – Grow Your MailChimp List Security & Risk Analysis

wordpress.org/plugins/mailchimp-wp

Forms for Mailchimp by Optin Cat helps you grow your MailChimp list. Create popups, inline forms, sidebar widgets & more.

2K active installs v2.6.1 PHP + WP 3.9.1+ Updated Dec 2, 2025
mailchimpmailchimp-blockmailchimp-formmailchimp-widgetmailchimp-wordpress
98
A · Safe
CVEs total3
Unpatched0
Last CVEOct 25, 2024
Plugin page Download
Safety Verdict

Is Forms for Mailchimp by Optin Cat – Grow Your MailChimp List Safe to Use in 2026?

Generally Safe

Score 98/100

Forms for Mailchimp by Optin Cat – Grow Your MailChimp List has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Oct 25, 2024Updated 4mo ago
Risk Assessment

The mailchimp-wp plugin v2.6.1 presents a mixed security posture. On the positive side, it demonstrates good practices in several areas, with a high percentage of SQL queries using prepared statements and a strong majority of output being properly escaped. The absence of critical or high-severity known CVEs and the fact that all previous vulnerabilities are patched are also encouraging signs. The plugin also utilizes nonces and capability checks for most of its AJAX handlers, which is a good security measure.

However, significant concerns are raised by the attack surface analysis. The presence of one AJAX handler without any authentication checks is a critical vulnerability that could be exploited by unauthenticated users. While the taint analysis did not reveal critical or high-severity issues, the existence of 5 flows with unsanitized paths, even if not leading to immediate critical exploits in this analysis, suggests potential for future vulnerabilities if not addressed. The plugin's history of medium-severity Cross-site Scripting (XSS) vulnerabilities, though patched, indicates a recurring weakness that attackers might target. The inclusion of an outdated bundled library, Select2 v3.5.0, also introduces a potential risk.

In conclusion, while the plugin has strengths in its implementation of prepared statements and output escaping, the exposed AJAX endpoint and the historical XSS issues are significant weaknesses. The outdated bundled library is another area for concern. These factors necessitate careful consideration and prompt remediation to improve the overall security of this plugin.

Key Concerns

  • AJAX handler without auth check
  • Flows with unsanitized paths
  • Bundled outdated library (Select2 v3.5.0)
  • History of medium severity XSS vulnerabilities
Vulnerabilities
3

Forms for Mailchimp by Optin Cat – Grow Your MailChimp List Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
2 CVEs in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
3

3 total CVEs

CVE-2024-8870medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Forms for Mailchimp by Optin Cat – Grow Your MailChimp List <= 2.5.7 - Reflected Cross-Site Scripting

Oct 25, 2024 Patched in 2.5.8 (38d)
CVE-2024-7489medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Forms for Mailchimp by Optin Cat <= 2.5.7 - Authenticated (Editor+) Stored Cross-Site Scripting via Form Color Parameters

Oct 11, 2024 Patched in 2.5.8 (53d)
CVE-2023-47545medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Forms for Mailchimp by Optin Cat <= 2.5.4 - Authenticated (Editor+) Stored Cross-Site Scripting

Nov 7, 2023 Patched in 2.5.5 (77d)
Code Analysis
Analyzed Mar 16, 2026

Forms for Mailchimp by Optin Cat – Grow Your MailChimp List Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
8 prepared
Unescaped Output
13
155 escaped
Nonce Checks
8
Capability Checks
7
File Operations
6
External Requests
10
Bundled Libraries
1

Bundled Libraries

Select23.5.0

SQL Query Safety

80% prepared10 total queries

Output Escaping

92% escaped168 total outputs
Data Flows
5 unsanitized

Data Flow Analysis

8 flows5 with unsanitized paths
<eoi-post-types> (includes\eoi-post-types.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Forms for Mailchimp by Optin Cat – Grow Your MailChimp List Attack Surface

Entry Points7
Unprotected1

AJAX Handlers 7

authwp_ajax_fca_eoi_activityincludes\eoi-activity.php:44
noprivwp_ajax_fca_eoi_activityincludes\eoi-activity.php:45
authwp_ajax_fca_eoi_subscribeincludes\eoi-post-types.php:53
noprivwp_ajax_fca_eoi_subscribeincludes\eoi-post-types.php:54
authwp_ajax_fca_eoi_dismissincludes\eoi-post-types.php:56
authwp_ajax_fca_eoi_uninstallincludes\eoi-uninstall.php:74
authwp_ajax_mailchimp_get_groupsproviders\mailchimp\functions.php:136
WordPress Hooks 55
filterpre_set_site_transient_update_pluginsincludes\classes\edd_sl\EDD_SL_Plugin_Updater.php:75
filterplugins_apiincludes\classes\edd_sl\EDD_SL_Plugin_Updater.php:76
actionafter_plugin_rowincludes\classes\edd_sl\EDD_SL_Plugin_Updater.php:77
actionadmin_initincludes\classes\edd_sl\EDD_SL_Plugin_Updater.php:78
actionin_admin_footerincludes\classes\k\k.php:563
actioninitincludes\eoi-block.php:48
actionenqueue_block_editor_assetsincludes\eoi-block.php:99
actionwp_dashboard_setupincludes\eoi-functions.php:18
filtertiny_mce_before_initincludes\eoi-functions.php:234
actioninitincludes\eoi-post-types.php:21
filtermanage_easy-opt-ins_posts_columnsincludes\eoi-post-types.php:22
actionmanage_easy-opt-ins_posts_custom_columnincludes\eoi-post-types.php:23
filterpost_row_actionsincludes\eoi-post-types.php:24
actionadmin_post_fca_eoi_reset_statsincludes\eoi-post-types.php:27
actionwp_dashboard_setupincludes\eoi-post-types.php:30
actionsave_postincludes\eoi-post-types.php:33
filterthe_contentincludes\eoi-post-types.php:36
actionadmin_enqueue_scriptsincludes\eoi-post-types.php:39
actionadmin_headincludes\eoi-post-types.php:41
actionadmin_noticesincludes\eoi-post-types.php:43
actionadmin_noticesincludes\eoi-post-types.php:46
filteradmin_body_classincludes\eoi-post-types.php:49
filterwp_insert_post_dataincludes\eoi-post-types.php:51
filterget_user_option_screen_layout_easy-opt-insincludes\eoi-post-types.php:58
filterget_user_option_meta-box-order_easy-opt-insincludes\eoi-post-types.php:60
filterpost_updated_messagesincludes\eoi-post-types.php:62
filterbulk_actions-edit-easy-opt-insincludes\eoi-post-types.php:64
filterpost_row_actionsincludes\eoi-post-types.php:66
actionadmin_noticesincludes\eoi-post-types.php:68
filterenter_title_hereincludes\eoi-post-types.php:70
filterinitincludes\eoi-post-types.php:72
filterthe_contentincludes\eoi-post-types.php:79
actionwp_headincludes\eoi-post-types.php:81
actionwp_footerincludes\eoi-post-types.php:82
filterwp_footerincludes\eoi-post-types.php:85
filterfca_eoi_alter_admin_noticesincludes\eoi-post-types.php:93
actionwpincludes\eoi-post-types.php:2164
actionadmin_menuincludes\eoi-powerups.php:22
actionadmin_initincludes\eoi-powerups.php:55
filterfca_eoi_setting_filterincludes\eoi-subscribers.php:27
actionfca_eoi_after_submissionincludes\eoi-subscribers.php:171
actionadmin_menuincludes\eoi-subscribers.php:172
actionplugins_loadedincludes\eoi-subscribers.php:173
filterwp_privacy_personal_data_exportersincludes\eoi-subscribers.php:174
filterwp_privacy_personal_data_erasersincludes\eoi-subscribers.php:175
actionadmin_enqueue_scriptsincludes\eoi-uninstall.php:40
actionadmin_menuincludes\eoi-upgrade.php:57
actionadmin_footerincludes\eoi-upgrade.php:58
filteradmin_footer_textincludes\eoi-upgrade.php:59
actionadmin_noticesincludes\eoi-upgrade.php:60
actionwidgets_initincludes\eoi-widget.php:12
filterfca_eoi_setting_filterpowerups\2_custom_css\powerup.php:11
actionfca_eoi_powerupspowerups\2_custom_css\powerup.php:22
actionadmin_enqueue_scriptspowerups\2_custom_css\powerup.php:23
filterfca_eoi_alter_formpowerups\2_custom_css\powerup.php:24
Maintenance & Trust

Forms for Mailchimp by Optin Cat – Grow Your MailChimp List Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 2, 2025
PHP min version
Downloads276K

Community Trust

Rating88/100
Number of ratings76
Active installs2K
Alternatives

Forms for Mailchimp by Optin Cat – Grow Your MailChimp List Alternatives

MailChimp Forms by MailMunch

MailChimp Forms by MailMunch

mailchimp-forms-by-mailmunch

A
97

MailChimp Forms to get more email subscribers. Subscribe your WordPress visitors to your MailChimp lists easily.

10K 5 CVEs
reCaptcha Add-On for FormCraft

reCaptcha Add-On for FormCraft

formcraft-recaptcha

A
85

Add reCaptcha to your FormCraft forms.

7K No CVEs
Another Mailchimp Widget

Another Mailchimp Widget

another-mailchimp-widget

A
92

Simple Mailchimp subscription form to your lists and groups.

5K No CVEs
Subscribe Forms – Beautiful Email Forms, Embedded Newsletter Forms & MailChimp Form

Subscribe Forms – Beautiful Email Forms, Embedded Newsletter Forms & MailChimp Form

wp-subscribe-form

A
100

Use Subscribe Forms to grow your email subscriber lists with Subscribe Forms built-in email forms templates and integrations 📧

2K No CVEs
MailChimp Add-On for FormCraft

MailChimp Add-On for FormCraft

mailchimp-for-formcraft

A
85

Create gorgeous optin forms for your site with FormCraft, and grow your MailChimp list.

800 No CVEs
Developer Profile

Forms for Mailchimp by Optin Cat – Grow Your MailChimp List Developer Profile

fatcatapps

13 plugins · 67K total installs

74
trust score
Avg Security Score
93/100
Avg Patch Time
242 days
View full developer profile
Detection Fingerprints

How We Detect Forms for Mailchimp by Optin Cat – Grow Your MailChimp List

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/mailchimp-wp/includes/css/eoi-layout.css/wp-content/plugins/mailchimp-wp/includes/css/eoi-powerups.css/wp-content/plugins/mailchimp-wp/includes/css/eoi-upgrade.css/wp-content/plugins/mailchimp-wp/includes/css/eoi-widget.css/wp-content/plugins/mailchimp-wp/includes/js/eoi-widget.js/wp-content/plugins/mailchimp-wp/includes/js/eoi-admin.js/wp-content/plugins/mailchimp-wp/includes/js/eoi-front.js/wp-content/plugins/mailchimp-wp/includes/js/k.js
Script Paths
/wp-content/plugins/mailchimp-wp/includes/js/eoi-widget.js/wp-content/plugins/mailchimp-wp/includes/js/eoi-admin.js/wp-content/plugins/mailchimp-wp/includes/js/eoi-front.js/wp-content/plugins/mailchimp-wp/includes/js/k.js
Version Parameters
mailchimp-wp/includes/css/eoi-layout.css?ver=mailchimp-wp/includes/css/eoi-powerups.css?ver=mailchimp-wp/includes/css/eoi-upgrade.css?ver=mailchimp-wp/includes/css/eoi-widget.css?ver=mailchimp-wp/includes/js/eoi-widget.js?ver=mailchimp-wp/includes/js/eoi-admin.js?ver=mailchimp-wp/includes/js/eoi-front.js?ver=mailchimp-wp/includes/js/k.js?ver=

HTML / DOM Fingerprints

CSS Classes
fca-eoi-optin-formfca-eoi-widget-formfca-eoi-signup-buttonfca-eoi-advanced-form-wrapper
HTML Comments
<!-- Optin Cat Form --><!-- EASY OPT IN WIDGET --><!-- EASY OPT IN SHORTCODE -->
Data Attributes
data-fca_eoi_list_iddata-fca_eoi_thank_you_modedata-fca_eoi_thank_you_messagedata-fca_eoi_button_text
JS Globals
FCA_EOI
Shortcode Output
[optin-cat][easy-opt-in][optincat][opt-in-cat]
FAQ

Frequently Asked Questions about Forms for Mailchimp by Optin Cat – Grow Your MailChimp List