Does Mailer Dragon – Email Marketing Plugin for WordPress have any unpatched vulnerabilities?

No. All known vulnerabilities in Mailer Dragon – Email Marketing Plugin for WordPress have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Mailer Dragon – Email Marketing Plugin for WordPress compatible with WordPress 6.9.4?

According to WordPress.org data, Mailer Dragon – Email Marketing Plugin for WordPress 1.1.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

What is Mailer Dragon – Email Marketing Plugin for WordPress's security score?

Mailer Dragon – Email Marketing Plugin for WordPress has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Mailer Dragon – Email Marketing Plugin for WordPress Security & Risk Analysis

wordpress.org/plugins/mailer-dragon

Email newsletter plugin with autoresponder for effective email marketing in WordPress. Free plugin with unlimited email newsletters & subscribers.

200 active installs v1.1.3 PHP + WP 3.5+ Updated Dec 3, 2025

autoresponderemailemail-marketingemail-newsletternewsletter

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Mailer Dragon – Email Marketing Plugin for WordPress Safe to Use in 2026?

Generally Safe

Score 100/100

Mailer Dragon – Email Marketing Plugin for WordPress has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago

Risk Assessment

The Mailer Dragon plugin version 1.1.3 exhibits a generally strong security posture, with no known vulnerabilities and a good adherence to several security best practices. The static analysis reveals a limited attack surface, with all identified entry points (AJAX handlers, shortcodes, cron events) protected by either nonce or capability checks. Furthermore, the absence of critical or high severity taint flows and dangerous functions is a positive indicator.

However, there are some areas for improvement. The plugin utilizes raw SQL queries without prepared statements for all its database interactions. This presents a significant risk, as it makes the plugin vulnerable to SQL injection attacks if user-supplied data is not meticulously sanitized before being included in these queries. The moderate percentage of improperly escaped outputs also suggests a potential for cross-site scripting (XSS) vulnerabilities, though the taint analysis did not reveal any critical or high severity XSS flows. The lack of historical vulnerabilities is encouraging, suggesting a proactive approach to security by the developers, but it does not negate the risks identified in the current code.

Key Concerns

SQL queries not using prepared statements
Improper output escaping in 59% of outputs

Vulnerabilities

None known

Mailer Dragon – Email Marketing Plugin for WordPress Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Mailer Dragon – Email Marketing Plugin for WordPress Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

20 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

jQuery

SQL Query Safety

0% prepared2 total queries

Output Escaping

41% escaped49 total outputs

Data Flows

All sanitized

Data Flow Analysis

3 flows

ic_mailer_receivers (includes\admin-ajax.php:25)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Mailer Dragon – Email Marketing Plugin for WordPress Attack Surface

Entry Points5

Unprotected0

AJAX Handlers 2

authwp_ajax_ic_mailer_receiversincludes\admin-ajax.php:17

authwp_ajax_ic_mailer_delayed_receiversincludes\admin-ajax.php:18

Shortcodes 3

[subscribe_form] functions\shortcodes.php:19

[subscribe_thank_you] functions\shortcodes.php:20

[subscriber_ip] functions\shortcodes.php:21

WordPress Hooks 28

actionic_mailer_dragon_installfunctions\activation.php:18

filterphpmailer_initfunctions\pluggable.php:172

actionic_mailer_before_formfunctions\shortcodes.php:22

actionic_mailer_before_formfunctions\shortcodes.php:23

actionic_mailer_dragon_before_buttonfunctions\shortcodes.php:24

actiontransition_post_statusincludes\email-sender.php:29

actiontrashed_postincludes\email-sender.php:30

actionic_hourly_scheduled_eventsincludes\email-sender.php:31

actionemail_edit_saveincludes\email-sender.php:32

actionic_mailer_groupsincludes\mailer-meta.php:19

actionic_mailer_groupsincludes\mailer-meta.php:20

actionic_mailer_groupsincludes\mailer-meta.php:21

actionic_mailer_groupsincludes\mailer-meta.php:22

actionic_mailer_groupsincludes\mailer-meta.php:23

actionadmin_menuincludes\mailer-settings.php:15

actionadmin_initincludes\mailer-settings.php:22

filteroption_page_capability_ic_mailer_settingsincludes\mailer-settings.php:28

actioninitincludes\register-mailer.php:17

actionpost_updatedincludes\register-mailer.php:18

filterpost_updated_messagesincludes\register-mailer.php:19

actionmanage_ic_mailer_posts_custom_columnincludes\register-mailer.php:20

filtermanage_edit-ic_mailer_columnsincludes\register-mailer.php:21

actionwidgets_initincludes\subscription-widget.php:18

actionafter_setup_thememailer-dragon.php:24

actionadmin_enqueue_scriptsmailer-dragon.php:25

actionwp_enqueue_scriptsmailer-dragon.php:26

actionadmin_initmailer-dragon.php:27

actioninitmailer-dragon.php:28

Scheduled Events 1

ic_hourly_scheduled_events

Maintenance & Trust

Mailer Dragon – Email Marketing Plugin for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 3, 2025

PHP min version

Downloads16K

Community Trust

Rating100/100

Number of ratings1

Active installs200

Alternatives

Mailer Dragon – Email Marketing Plugin for WordPress Alternatives

Drip for WordPress

email-marketing

Do you sell online? If so you need our new Drip for WooCommerce Plugin instead of this one. It includes your entire product catalog, order history int …

2K No CVEs

FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution

fluent-crm

The easiest and fastest Email Marketing, Newsletter, Marketing Automation Plugin & CRM Solution for WordPress

70K 3 CVEs

Kit (formerly ConvertKit) – Email Newsletter, Email Marketing, Membership, Subscribers and Landing Pages

convertkit

Build your email subscriber lists, send email marketing newsletters, sell more products and build your membership site with Kit (formerly ConvertKit).

40K 4 CVEs

weMail: Email Marketing, Email Automation, Newsletters, Subscribers & eCommerce Email Optins

wemail

Send email newsletters, automate email marketing with email automation, manage subscribers, eCommerce emails, post notifications & optins with ease

10K 6 CVEs

Mailster WordPress Newsletter Plugin

mailster

Send beautiful newsletters from WordPress. Collect subscribers with signup forms, automate your emails for WooCommerce, blog post notifications & …

9K 5 CVEs

Developer Profile

Mailer Dragon – Email Marketing Plugin for WordPress Developer Profile

impleCode

7 plugins · 11K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

312 days

View full developer profile

Detection Fingerprints

How We Detect Mailer Dragon – Email Marketing Plugin for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/mailer-dragon/css/mailer-dragon.min.css/wp-content/plugins/mailer-dragon/js/mailer-dragon-admin.min.js/wp-content/plugins/mailer-dragon/css/mailer-dragon-admin.min.css/wp-content/plugins/mailer-dragon/ext/chosen/chosen.min.css/wp-content/plugins/mailer-dragon/ext/chosen/chosen.jquery.min.js

Script Paths

/wp-content/plugins/mailer-dragon/js/mailer-dragon-admin.min.js

Version Parameters

mailer-dragon/css/mailer-dragon.min.css?ver=mailer-dragon/js/mailer-dragon-admin.min.js?ver=mailer-dragon/css/mailer-dragon-admin.min.css?ver=mailer-dragon/ext/chosen/chosen.min.css?ver=mailer-dragon/ext/chosen/chosen.jquery.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

chosen-containerchosen-dropchosen-results

HTML Comments

+4 more

Data Attributes

data-placeholder_option_multipledata-placeholder_valuedata-no_results_textdata-search_contains

JS Globals

ic_mailer_ajax

Shortcode Output

<p>Your subscr<p>We have received your subscription request, please check your email to confirm.</p><div class="implecode_warning">The URL provided is not correct!</div>

FAQ