WP-Safety

MailerPress – Email Marketing, Newsletter, Email Automation & WooCommerce Emails Security & Risk Analysis

wordpress.org/plugins/mailerpress

Email marketing and newsletter plugin for WordPress. Create email campaigns, grow subscribers, automate emails, and customize WooCommerce emails.

900 active installs v1.5.5 PHP 8.2+ WP 6.5+ Updated Apr 15, 2026
email-automationemail-marketingnewslettersubscriberswoocommerce-emails
99
A · Safe
CVEs total1
Unpatched0
Last CVEFeb 13, 2026
Plugin page Download
Safety Verdict

Is MailerPress – Email Marketing, Newsletter, Email Automation & WooCommerce Emails Safe to Use in 2026?

Generally Safe

Score 99/100

MailerPress – Email Marketing, Newsletter, Email Automation & WooCommerce Emails has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Feb 13, 2026Updated 1mo ago
Risk Assessment

MailerPress v1.5.3 exhibits a generally good security posture with several strengths. The absence of known CVEs and a history of no recorded vulnerabilities are positive indicators. The plugin also demonstrates strong practices in its use of prepared statements for SQL queries (86%) and output escaping (95%), along with a significant number of capability checks (39).

However, there are notable concerns arising from the static analysis. The presence of 12 instances of the `unserialize` function is a significant risk, as it can lead to remote code execution if untrusted data is unserialized. Furthermore, the taint analysis reveals 18 flows with unsanitized paths, and importantly, 10 of these are flagged as high severity. While no critical taint flows are identified, these high-severity unsanitized flows represent a substantial risk of unexpected behavior or potential exploits.

The plugin's attack surface is relatively small and appears to be protected, with no unprotected entry points identified. Despite the concerning taint analysis results, the plugin's vulnerability history is clean. This suggests that while static analysis has found potential weaknesses, they may not have been exploited in the wild or are perhaps mitigated by other factors not immediately apparent. Overall, the plugin has a good foundation but requires careful attention to the identified `unserialize` usage and high-severity unsanitized taint flows.

Key Concerns

  • Dangerous function: unserialize used
  • High severity taint flows identified
  • Unsanitized paths in taint flows
Vulnerabilities
1 published

MailerPress – Email Marketing, Newsletter, Email Automation & WooCommerce Emails Security Vulnerabilities

CVEs by Year

1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2026-32353medium · 6.4Server-Side Request Forgery (SSRF)

MailerPress <= 1.4.2 - Authenticated (Contributor+) Server-Side Request Forgery

Feb 13, 2026 Patched in 1.5.0 (82d)
Version History

MailerPress – Email Marketing, Newsletter, Email Automation & WooCommerce Emails Release Timeline

v1.5.5Current
v1.5.4
v1.5.3
v1.5.2
v1.5.1
v1.5
v1.4.21 CVE
CVE-2026-32353
v1.4.11 CVE
CVE-2026-32353
v1.41 CVE
CVE-2026-32353
v1.3.11 CVE
CVE-2026-32353
v1.31 CVE
CVE-2026-32353
v1.2.11 CVE
CVE-2026-32353
v1.21 CVE
CVE-2026-32353
v1.1.41 CVE
CVE-2026-32353
v1.1.31 CVE
CVE-2026-32353
v1.1.21 CVE
CVE-2026-32353
v1.1.11 CVE
CVE-2026-32353
v1.11 CVE
CVE-2026-32353
v1.0.11 CVE
CVE-2026-32353
v1.01 CVE
CVE-2026-32353
Code Analysis
Analyzed Mar 16, 2026

MailerPress – Email Marketing, Newsletter, Email Automation & WooCommerce Emails Code Analysis

Dangerous Functions
12
Raw SQL Queries
183
1153 prepared
Unescaped Output
24
450 escaped
Nonce Checks
3
Capability Checks
39
File Operations
36
External Requests
15
Bundled Libraries
0

Dangerous Functions Found

unserialize$jobInstance = unserialize(json_decode($jobRow->job), ['allowed_classes' => [src\Actions\ActionScheduler\Processors\ContactEmailChunk.php:348
unserialize? unserialize($field['field_value'], ['allowed_classes' => false])src\Actions\Webhooks\TriggerOutgoingWebhooks.php:800
unserialize? unserialize($row->birthday_value, ['allowed_classes' => false])src\Actions\Workflows\MailerPress\Triggers\BirthdayCheckTrigger.php:182
unserialize? unserialize($def->options, ['allowed_classes' => false])src\Api\Contacts.php:686
unserialize? unserialize($field->field_value, ['allowed_classes' => false])src\Api\Contacts.php:700
unserialize? unserialize($query[0]->option_value, ['allowed_classes' => false])src\Core\Esp\Brevo\HttpClient.php:26
unserialize? unserialize($query[0]->option_value, ['allowed_classes' => false])src\Core\Esp\Mailchimp\HttpClient.php:26
unserialize$jobInstance = unserialize(json_decode($jobRow->job), ['allowed_classes' => [src\Core\QueueManager.php:193
unserialize? unserialize($value, ['allowed_classes' => false])src\Core\Workflows\Conditions\MailerPressConditionProvider.php:83
unserialize? unserialize($field->options, ['allowed_classes' => false])src\Models\CustomFields.php:58
unserialize? unserialize($field->options, ['allowed_classes' => false])src\Models\CustomFields.php:94
unserialize? unserialize($segment_row['conditions'], ['allowed_classes' => false])src\Services\SegmentContactFetcher.php:82

SQL Query Safety

86% prepared1336 total queries

Output Escaping

95% escaped474 total outputs
Data Flows · Security
18 unsanitized

Data Flow Analysis

21 flows18 with unsanitized paths
customCorsHeaders (src\Actions\CorsMiddleware.php:44)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

MailerPress – Email Marketing, Newsletter, Email Automation & WooCommerce Emails Attack Surface

Entry Points3
Unprotected0

Shortcodes 3

[mailerpress_pages] src\Actions\Pages\Pages.php:34
[mailerpress_archive] src\Actions\Shortcodes\CampaignArchive.php:17
[mailerpress_optin] src\Actions\Shortcodes\OptinForm.php:17
WordPress Hooks 32
actioninitmailerpress.php:52
actioninitmailerpress.php:86
actionshutdownmailerpress.php:139
actionprocess_import_chunksrc\Actions\ActionScheduler\AsInit.php:104
actionprocess_delete_chunksrc\Actions\ActionScheduler\AsInit.php:123
filterrest_pre_serve_requestsrc\Actions\CorsMiddleware.php:23
filterwp_mailsrc\Actions\Setup\Init.php:45
actionshutdownsrc\Actions\Setup\Init.php:60
filterwp_mailsrc\Actions\Setup\Init.php:62
actioninitsrc\Actions\Setup\TableManager.php:44
actionadmin_noticessrc\Actions\Setup\TableManager.php:83
actioninitsrc\Actions\Setup\TableManager.php:95
actionwp_footersrc\Actions\Shortcodes\OptinForm.php:29
filterquerysrc\Actions\Workflows\FixLegacyTriggerTypeQueries.php:27
actionshutdownsrc\Actions\Workflows\FixLegacyTriggerTypeQueries.php:30
actioninitsrc\Actions\Workflows\FixLegacyTriggerTypeQueries.php:33
actionwp_loadedsrc\Actions\Workflows\FixLegacyTriggerTypeQueries.php:42
actionmailerpress_ab_test_send_winnersrc\Actions\Workflows\MailerPress\Actions\ABTestWinnerHandler.php:26
actionplugins_loadedsrc\Actions\Workflows\MailerPress\Triggers\CustomTrigger.php:106
actioninitsrc\Actions\Workflows\MailerPress\Triggers\CustomTrigger.php:110
actionmailerpress_workflow_updatedsrc\Actions\Workflows\MailerPress\Triggers\CustomTrigger.php:115
actionmailerpress_workflow_status_changedsrc\Actions\Workflows\MailerPress\Triggers\CustomTrigger.php:121
actionwoocommerce_cart_emptiedsrc\Actions\Workflows\WooCommerce\AbandonedCartTrigger.php:113
actionwoocommerce_before_cart_emptiedsrc\Actions\Workflows\WooCommerce\AbandonedCartTrigger.php:116
actionwoocommerce_checkout_order_processedsrc\Actions\Workflows\WooCommerce\AbandonedCartTrigger.php:119
actionmailerpress_register_step_handlerssrc\Actions\Workflows\WooCommerceWorkflowHandlers.php:32
actionrest_api_initsrc\Core\Attributes\Endpoint.php:34
actionplugins_loadedsrc\Core\Kernel.php:68
actionmailerpress_migration_completedsrc\Core\Migrations\migrations\2025_11_07_100611_campaigns_automation_sync.php:59
actionmailerpress_migration_completedsrc\Core\Migrations\migrations\2025_12_20_100000_campaigns_step_id.php:36
actionmailerpress_continue_workflowsrc\Core\Workflows\Services\ActionSchedulerManager.php:18
filterrest_pre_serve_requestsrc\Middleware\CorsMiddleware.php:23

Scheduled Events 3

mailerpress_cleanup
mailerpress_deferred_campaign_created
mailerpress_ab_test_send_winner
Maintenance & Trust

MailerPress – Email Marketing, Newsletter, Email Automation & WooCommerce Emails Maintenance & Trust

Maintenance Signals

WordPress version tested7.0
Last updatedApr 15, 2026
PHP min version8.2
Downloads15K

Community Trust

Rating100/100
Number of ratings7
Active installs900
Alternatives

MailerPress – Email Marketing, Newsletter, Email Automation & WooCommerce Emails Alternatives

weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerce

weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerce

wemail

A
95

Send email newsletters, automate email marketing with email automation, manage subscribers, post notifications, optins & emails for WooCommerce.

10K 6 CVEs
MailPoet – Newsletters, Email Marketing, and Automation

MailPoet – Newsletters, Email Marketing, and Automation

mailpoet

A
98

Send beautiful newsletters from WordPress. Collect subscribers with signup forms, automate your emails for WooCommerce, blog post notifications & more

500K 3 CVEs
Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress

Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress

email-subscribers

B
76

Add subscription forms on the website and send newsletters & automatically send post notification about new blog posts once it gets published.

60K 42 CVEs
Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails

Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails

mail-mint

A
92

Use Mail Mint, the easiest email marketing automation plugin in WordPress to generate leads, send email campaigns, and run email automation workflows.

5K 8 CVEs
FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution

FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution

fluent-crm

A
96

The easiest and fastest Email Marketing, Newsletter, Marketing Automation Plugin & CRM Solution for WordPress

70K 3 CVEs
Developer Profile

MailerPress – Email Marketing, Newsletter, Email Automation & WooCommerce Emails Developer Profile

MailerPress Team

1 plugin · 900 total installs

87
trust score
Avg Security Score
99/100
Avg Patch Time
82 days
View full developer profile
Detection Fingerprints

How We Detect MailerPress – Email Marketing, Newsletter, Email Automation & WooCommerce Emails

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/mailerpress/build/dist/js/mail-editor.js/wp-content/plugins/mailerpress/assets/css/tailwind.css
Version Parameters
mailerpress/build/dist/js/mail-editor.asset.php?ver=

HTML / DOM Fingerprints

Data Attributes
data-mailpress-editor
JS Globals
MailerPressData
REST Endpoints
/wp-json/mailerpress/v1/settings/wp-json/mailerpress/v1/settings/save/wp-json/mailerpress/v1/settings/sender
FAQ

Frequently Asked Questions about MailerPress – Email Marketing, Newsletter, Email Automation & WooCommerce Emails