WP-Safety

MailerPress – Send Beautiful Email Campaigns Security & Risk Analysis

wordpress.org/plugins/mailerpress

Transform your WordPress site into a powerful email marketing platform with MailerPress - the most comprehensive and user-friendly email solution.

900 active installs v1.5.2 PHP 8.2+ WP 6.5+ Updated Mar 12, 2026
automationemail-marketingemailingmjmlnewsletter
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is MailerPress – Send Beautiful Email Campaigns Safe to Use in 2026?

Generally Safe

Score 100/100

MailerPress – Send Beautiful Email Campaigns has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 22d ago
Risk Assessment

MailerPress v1.5.3 exhibits a generally good security posture with several strengths. The absence of known CVEs and a history of no recorded vulnerabilities are positive indicators. The plugin also demonstrates strong practices in its use of prepared statements for SQL queries (86%) and output escaping (95%), along with a significant number of capability checks (39).

However, there are notable concerns arising from the static analysis. The presence of 12 instances of the `unserialize` function is a significant risk, as it can lead to remote code execution if untrusted data is unserialized. Furthermore, the taint analysis reveals 18 flows with unsanitized paths, and importantly, 10 of these are flagged as high severity. While no critical taint flows are identified, these high-severity unsanitized flows represent a substantial risk of unexpected behavior or potential exploits.

The plugin's attack surface is relatively small and appears to be protected, with no unprotected entry points identified. Despite the concerning taint analysis results, the plugin's vulnerability history is clean. This suggests that while static analysis has found potential weaknesses, they may not have been exploited in the wild or are perhaps mitigated by other factors not immediately apparent. Overall, the plugin has a good foundation but requires careful attention to the identified `unserialize` usage and high-severity unsanitized taint flows.

Key Concerns

  • Dangerous function: unserialize used
  • High severity taint flows identified
  • Unsanitized paths in taint flows
Vulnerabilities
None known

MailerPress – Send Beautiful Email Campaigns Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

MailerPress – Send Beautiful Email Campaigns Code Analysis

Dangerous Functions
12
Raw SQL Queries
183
1153 prepared
Unescaped Output
24
450 escaped
Nonce Checks
3
Capability Checks
39
File Operations
36
External Requests
15
Bundled Libraries
0

Dangerous Functions Found

unserialize$jobInstance = unserialize(json_decode($jobRow->job), ['allowed_classes' => [src\Actions\ActionScheduler\Processors\ContactEmailChunk.php:348
unserialize? unserialize($field['field_value'], ['allowed_classes' => false])src\Actions\Webhooks\TriggerOutgoingWebhooks.php:800
unserialize? unserialize($row->birthday_value, ['allowed_classes' => false])src\Actions\Workflows\MailerPress\Triggers\BirthdayCheckTrigger.php:182
unserialize? unserialize($def->options, ['allowed_classes' => false])src\Api\Contacts.php:686
unserialize? unserialize($field->field_value, ['allowed_classes' => false])src\Api\Contacts.php:700
unserialize? unserialize($query[0]->option_value, ['allowed_classes' => false])src\Core\Esp\Brevo\HttpClient.php:26
unserialize? unserialize($query[0]->option_value, ['allowed_classes' => false])src\Core\Esp\Mailchimp\HttpClient.php:26
unserialize$jobInstance = unserialize(json_decode($jobRow->job), ['allowed_classes' => [src\Core\QueueManager.php:193
unserialize? unserialize($value, ['allowed_classes' => false])src\Core\Workflows\Conditions\MailerPressConditionProvider.php:83
unserialize? unserialize($field->options, ['allowed_classes' => false])src\Models\CustomFields.php:58
unserialize? unserialize($field->options, ['allowed_classes' => false])src\Models\CustomFields.php:94
unserialize? unserialize($segment_row['conditions'], ['allowed_classes' => false])src\Services\SegmentContactFetcher.php:82

SQL Query Safety

86% prepared1336 total queries

Output Escaping

95% escaped474 total outputs
Data Flows
18 unsanitized

Data Flow Analysis

21 flows18 with unsanitized paths
customCorsHeaders (src\Actions\CorsMiddleware.php:44)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

MailerPress – Send Beautiful Email Campaigns Attack Surface

Entry Points3
Unprotected0

Shortcodes 3

[mailerpress_pages] src\Actions\Pages\Pages.php:34
[mailerpress_archive] src\Actions\Shortcodes\CampaignArchive.php:17
[mailerpress_optin] src\Actions\Shortcodes\OptinForm.php:17
WordPress Hooks 32
actioninitmailerpress.php:52
actioninitmailerpress.php:86
actionshutdownmailerpress.php:139
actionprocess_import_chunksrc\Actions\ActionScheduler\AsInit.php:104
actionprocess_delete_chunksrc\Actions\ActionScheduler\AsInit.php:123
filterrest_pre_serve_requestsrc\Actions\CorsMiddleware.php:23
filterwp_mailsrc\Actions\Setup\Init.php:45
actionshutdownsrc\Actions\Setup\Init.php:60
filterwp_mailsrc\Actions\Setup\Init.php:62
actioninitsrc\Actions\Setup\TableManager.php:44
actionadmin_noticessrc\Actions\Setup\TableManager.php:83
actioninitsrc\Actions\Setup\TableManager.php:95
actionwp_footersrc\Actions\Shortcodes\OptinForm.php:29
filterquerysrc\Actions\Workflows\FixLegacyTriggerTypeQueries.php:27
actionshutdownsrc\Actions\Workflows\FixLegacyTriggerTypeQueries.php:30
actioninitsrc\Actions\Workflows\FixLegacyTriggerTypeQueries.php:33
actionwp_loadedsrc\Actions\Workflows\FixLegacyTriggerTypeQueries.php:42
actionmailerpress_ab_test_send_winnersrc\Actions\Workflows\MailerPress\Actions\ABTestWinnerHandler.php:26
actionplugins_loadedsrc\Actions\Workflows\MailerPress\Triggers\CustomTrigger.php:106
actioninitsrc\Actions\Workflows\MailerPress\Triggers\CustomTrigger.php:110
actionmailerpress_workflow_updatedsrc\Actions\Workflows\MailerPress\Triggers\CustomTrigger.php:115
actionmailerpress_workflow_status_changedsrc\Actions\Workflows\MailerPress\Triggers\CustomTrigger.php:121
actionwoocommerce_cart_emptiedsrc\Actions\Workflows\WooCommerce\AbandonedCartTrigger.php:113
actionwoocommerce_before_cart_emptiedsrc\Actions\Workflows\WooCommerce\AbandonedCartTrigger.php:116
actionwoocommerce_checkout_order_processedsrc\Actions\Workflows\WooCommerce\AbandonedCartTrigger.php:119
actionmailerpress_register_step_handlerssrc\Actions\Workflows\WooCommerceWorkflowHandlers.php:32
actionrest_api_initsrc\Core\Attributes\Endpoint.php:34
actionplugins_loadedsrc\Core\Kernel.php:68
actionmailerpress_migration_completedsrc\Core\Migrations\migrations\2025_11_07_100611_campaigns_automation_sync.php:59
actionmailerpress_migration_completedsrc\Core\Migrations\migrations\2025_12_20_100000_campaigns_step_id.php:36
actionmailerpress_continue_workflowsrc\Core\Workflows\Services\ActionSchedulerManager.php:18
filterrest_pre_serve_requestsrc\Middleware\CorsMiddleware.php:23

Scheduled Events 3

mailerpress_cleanup
mailerpress_deferred_campaign_created
mailerpress_ab_test_send_winner
Maintenance & Trust

MailerPress – Send Beautiful Email Campaigns Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 12, 2026
PHP min version8.2
Downloads12K

Community Trust

Rating100/100
Number of ratings7
Active installs900
Alternatives

MailerPress – Send Beautiful Email Campaigns Alternatives

MailPoet – Newsletters, Email Marketing, and Automation

MailPoet – Newsletters, Email Marketing, and Automation

mailpoet

A
98

Send beautiful newsletters from WordPress. Collect subscribers with signup forms, automate your emails for WooCommerce, blog post notifications & more

500K 3 CVEs
Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress

Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress

email-subscribers

B
76

Add subscription forms on the website and send newsletters & automatically send post notification about new blog posts once it gets published.

60K 42 CVEs
Brevo for WooCommerce

Brevo for WooCommerce

woocommerce-sendinblue-newsletter-subscription

A
93

All-in-one WooCommerce email marketing, automation, SMS, and CRM by Brevo. Grow your store with powerful marketing tools.

30K 3 CVEs
FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce

FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce

wp-marketing-automations

B
82

Recover lost revenue with Cart Abandonment Recovery for WooCommerce. Increase retention with Post Purchase Follow-Up Emails.

20K 11 CVEs
weMail: Email Marketing, Email Automation, Newsletters, Subscribers & eCommerce Email Optins

weMail: Email Marketing, Email Automation, Newsletters, Subscribers & eCommerce Email Optins

wemail

A
95

Send email newsletters, automate email marketing with email automation, manage subscribers, eCommerce emails, post notifications & optins with ease

10K 6 CVEs
Developer Profile

MailerPress – Send Beautiful Email Campaigns Developer Profile

MailerPress Team

1 plugin · 900 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect MailerPress – Send Beautiful Email Campaigns

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/mailerpress/build/dist/js/mail-editor.js/wp-content/plugins/mailerpress/assets/css/tailwind.css
Version Parameters
mailerpress/build/dist/js/mail-editor.asset.php?ver=

HTML / DOM Fingerprints

Data Attributes
data-mailpress-editor
JS Globals
MailerPressData
REST Endpoints
/wp-json/mailerpress/v1/settings/wp-json/mailerpress/v1/settings/save/wp-json/mailerpress/v1/settings/sender
FAQ

Frequently Asked Questions about MailerPress – Send Beautiful Email Campaigns