Does Mailjet Email Marketing have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Mailjet Email Marketing compatible with WordPress 6.8.5?

According to WordPress.org data, Mailjet Email Marketing 6.1.7 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Mailjet Email Marketing compatible with PHP 7.4+?

Mailjet Email Marketing requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Mailjet Email Marketing updated?

Mailjet Email Marketing was last updated on Jan 6, 2026. Frequent updates are generally a positive security signal.

What is Mailjet Email Marketing's security score?

Mailjet Email Marketing has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Mailjet Email Marketing Security & Risk Analysis

wordpress.org/plugins/mailjet-for-wordpress

Includes WooCommerce automated and order emails. Design, send and track engaging marketing and transactional emails from your WordPress admin.

10K active installs v6.1.7 PHP 7.4+ WP 5.6+ Updated Jan 6, 2026

emailmarketingnewslettersignupwidget

A · Safe

CVEs total1

Unpatched0

Last CVEJan 3, 2023

Plugin page Download

Safety Verdict

Is Mailjet Email Marketing Safe to Use in 2026?

Generally Safe

Score 100/100

Mailjet Email Marketing has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Jan 3, 2023Updated 4mo ago

Risk Assessment

The mailjet-for-wordpress plugin exhibits a mixed security posture. While it demonstrates good practices such as exclusively using prepared statements for SQL queries and a high percentage of properly escaped output, several areas raise concerns. A significant portion of its attack surface, specifically 5 out of 6 entry points, lacks authentication checks. This is a critical weakness that could allow unauthorized users to trigger plugin functionality. The taint analysis reveals 2 high-severity flows, indicating potential for malicious data to be processed in an unsafe manner, though thankfully no critical flows were identified. The plugin's vulnerability history shows one medium-severity Cross-Site Scripting (XSS) vulnerability discovered in January 2023, which is now patched. This suggests a past tendency towards input validation issues. The presence of bundled libraries, while not inherently a risk, warrants scrutiny for potential outdated versions in future analyses. Overall, the lack of authentication on numerous entry points and the identified high-severity taint flows are the most pressing concerns, overshadowing the positive aspects of its SQL and output handling.

Key Concerns

5 unprotected AJAX handlers
2 high severity taint flows
1 medium severity CVE (patched)
Bundled library (Guzzle)

Vulnerabilities

1 published

Mailjet Email Marketing Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

WF-462372ab-8f83-4b75-b3dd-674199e1eeee-mailjet-for-wordpressmedium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Mailjet Email Marketing <= 5.3 - Authenticated (Admin+) Cross-Site Scripting

Jan 3, 2023 Patched in 5.3.1 (385d)

Version History

Mailjet Email Marketing Release Timeline

v6.1.7Current

v6.1.6

v6.1.5

v6.1.4

v6.1.3

v6.1.2

v6.1.1

v6.1

vv6.0.1

vv6.0

Code Analysis

Analyzed Mar 16, 2026

Mailjet Email Marketing Code Analysis

Dangerous Functions

Raw SQL Queries

35 prepared

Unescaped Output

305 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Guzzle

SQL Query Safety

100% prepared35 total queries

Output Escaping

79% escaped384 total outputs

Data Flows · Security

4 unsanitized

Data Flow Analysis

6 flows4 with unsanitized paths

integrations_post_handler (src\includes\SettingsPages\IntegrationsSettings.php:592)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

5 unprotected

Mailjet Email Marketing Attack Surface

Entry Points6

Unprotected5

AJAX Handlers 5

noprivwp_ajax_mj_ajax_subscribesrc\includes\MailjetSettings.php:150

authwp_ajax_mj_ajax_subscribesrc\includes\MailjetSettings.php:151

authwp_ajax_resync_mailjetsrc\includes\SettingsPages\SubscriptionOptionsSettings.php:30

authwp_ajax_get_contact_lists_menusrc\includes\SettingsPages\SubscriptionOptionsSettings.php:31

authwp_ajax_get_contact_listssrc\includes\SettingsPages\WooCommerceSettings.php:34

Shortcodes 1

[mailjet_form_builder] src\includes\Mailjet.php:79

WordPress Hooks 59

actionplugins_loadedsrc\includes\Mailjet.php:145

actionadmin_enqueue_scriptssrc\includes\Mailjet.php:158

actionadmin_enqueue_scriptssrc\includes\Mailjet.php:159

actionadmin_post_user_access_settings_custom_hooksrc\includes\Mailjet.php:160

actionadmin_post_integrationsSettings_custom_hooksrc\includes\Mailjet.php:161

actionwp_enqueue_scriptssrc\includes\Mailjet.php:177

actionwp_enqueue_scriptssrc\includes\Mailjet.php:178

actionadmin_menusrc\includes\Mailjet.php:187

actionadmin_initsrc\includes\Mailjet.php:196

actioninitsrc\includes\Mailjet.php:197

actionphpmailer_initsrc\includes\Mailjet.php:206

actionwp_mail_failedsrc\includes\Mailjet.php:207

actionwidgets_initsrc\includes\Mailjet.php:215

actionadmin_post_abandoned_cart_settings_custom_hooksrc\includes\Mailjet.php:280

actionwoocommerce_order_status_changedsrc\includes\Mailjet.php:282

actionwoocommerce_cheque_process_payment_order_statussrc\includes\Mailjet.php:283

actionadmin_initsrc\includes\MailjetActivator.php:14

actionadmin_noticessrc\includes\MailjetActivator.php:51

actionadmin_noticessrc\includes\MailjetMail.php:47

filterwp_mail_content_typesrc\includes\MailjetMail.php:71

actionwp_loginsrc\includes\MailjetSettings.php:108

actionedit_user_profilesrc\includes\MailjetSettings.php:110

actionshow_user_profilesrc\includes\MailjetSettings.php:112

actionwoocommerce_edit_account_formsrc\includes\MailjetSettings.php:115

actionregister_formsrc\includes\MailjetSettings.php:118

actionuser_new_formsrc\includes\MailjetSettings.php:120

actionprofile_updatesrc\includes\MailjetSettings.php:122

actionuser_registersrc\includes\MailjetSettings.php:124

actioncomment_formsrc\includes\MailjetSettings.php:132

actioncomment_form_after_fieldssrc\includes\MailjetSettings.php:134

actionwp_insert_commentsrc\includes\MailjetSettings.php:136

actionwoocommerce_after_checkout_billing_formsrc\includes\MailjetSettings.php:145

actionwoocommerce_register_formsrc\includes\MailjetSettings.php:146

actionwoocommerce_register_postsrc\includes\MailjetSettings.php:148

actionwoocommerce_checkout_create_ordersrc\includes\MailjetSettings.php:149

filterwoocommerce_thankyou_order_received_textsrc\includes\MailjetSettings.php:153

filterplugin_action_linkssrc\includes\MailjetSettings.php:162

actionadmin_noticessrc\includes\MailjetSettings.php:166

actionwpcf7_mail_sentsrc\includes\MailjetSettings.php:181

filterwp_mail_content_typesrc\includes\SettingsPages\CommentAuthorsSettings.php:112

filterwp_mail_fromsrc\includes\SettingsPages\ConnectAccountSettings.php:106

filterwp_mail_from_namesrc\includes\SettingsPages\ConnectAccountSettings.php:107

filterwp_mail_content_typesrc\includes\SettingsPages\ContactForm7Settings.php:92

filterwp_mail_fromsrc\includes\SettingsPages\EnableSendingSettings.php:257

filterwp_mail_from_namesrc\includes\SettingsPages\EnableSendingSettings.php:258

filterwp_mail_fromsrc\includes\SettingsPages\InitialSettings.php:122

filterwp_mail_from_namesrc\includes\SettingsPages\InitialSettings.php:123

actionadmin_enqueue_scriptssrc\includes\SettingsPages\SubscriptionOptionsSettings.php:29

actionwp_enqueue_scriptssrc\includes\SettingsPages\WooCommerceSettings.php:33

filtercron_schedulessrc\includes\SettingsPages\WooCommerceSettings.php:36

filtertemplate_includesrc\includes\SettingsPages\WooCommerceSettings.php:37

filterwp_mail_content_typesrc\includes\SettingsPages\WooCommerceSettings.php:251

actioninitsrc\widgetformbuilder\WP_Mailjet_FormBuilder_Widget.php:23

actionadmin_enqueue_scriptssrc\widgetformbuilder\WP_Mailjet_FormBuilder_Widget.php:35

actionsave_postsrc\widgetformbuilder\WP_Mailjet_FormBuilder_Widget.php:36

actiondeleted_postsrc\widgetformbuilder\WP_Mailjet_FormBuilder_Widget.php:37

actionswitch_themesrc\widgetformbuilder\WP_Mailjet_FormBuilder_Widget.php:38

actionwp_enqueue_scriptssrc\widgetformbuilder\WP_Mailjet_FormBuilder_Widget.php:39

actionwp_enqueue_scriptssrc\widgetformbuilder\WP_Mailjet_FormBuilder_Widget.php:40

Scheduled Events 1

abandoned_cart_cron_hook

Maintenance & Trust

Mailjet Email Marketing Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJan 6, 2026

PHP min version7.4

Downloads721K

Community Trust

Rating64/100

Number of ratings45

Active installs10K

Alternatives

Mailjet Email Marketing Alternatives

Newsletter Subscription Form – User Subscriptions Form, Capture Email

newsletter-subscription-form

100

Newsletter Subscription Form for WordPress is the ultimate lead generation, customer acquisition and email marketing plugin to grow and engage your ma …

1K No CVEs

Email Subscribers – Group Selector

email-subscribers-advanced-form

Add-on for Email Subscribers plugin using which you can provide option to your users to select interested groups in the Subscribe Form.

300 No CVEs

Makenewsmail widget

makenewsmail-widget

The Makenewsmail plugin is an extension of the Makenewsmail email marketing app. It adds a signup form for your Makenewsmail subscriberslists.

10 No CVEs

Newsletter – Send awesome emails from WordPress

newsletter

An email marketing tool for your blog: subscription forms to create your lists with unlimited subscribers and newsletters.

200K 20 CVEs

Mailchimp List Subscribe Form

mailchimp

Add a Mailchimp signup form block, widget, or shortcode to your WordPress site.

60K 1 CVE

Developer Profile

Mailjet Email Marketing Developer Profile

Mailjet

1 plugin · 10K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

385 days

View full developer profile

Detection Fingerprints

How We Detect Mailjet Email Marketing

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/mailjet-for-wordpress/css/widget.css/wp-content/plugins/mailjet-for-wordpress/js/front-widget.js/wp-content/plugins/mailjet-for-wordpress/css/front-widget.css

Script Paths

/wp-content/plugins/mailjet-for-wordpress/js/front-widget.js

Version Parameters

mailjet-for-wordpress/css/widget.css?ver=mailjet-for-wordpress/js/front-widget.js?ver=mailjet-for-wordpress/css/front-widget.css?ver=

HTML / DOM Fingerprints

CSS Classes

WP_Mailjet_FormBuilder_Widget

Data Attributes

data-w-typedata-w-token

JS Globals

myAjaxmjWidget

FAQ