Does MailPoet – Newsletters, Email Marketing, and Automation have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is MailPoet – Newsletters, Email Marketing, and Automation compatible with WordPress 6.9.4?

According to WordPress.org data, MailPoet – Newsletters, Email Marketing, and Automation 5.23.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is MailPoet – Newsletters, Email Marketing, and Automation compatible with PHP 7.4+?

MailPoet – Newsletters, Email Marketing, and Automation requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

MailPoet – Newsletters, Email Marketing, and Automation Security & Risk Analysis

wordpress.org/plugins/mailpoet

Send beautiful newsletters from WordPress. Collect subscribers with signup forms, automate your emails for WooCommerce, blog post notifications & more

500K active installs v5.23.2 PHP 7.4+ WP 6.8+ Updated Apr 15, 2026

email-automationemail-marketingnewsletterpost-notificationwoocommerce-emails

A · Safe

CVEs total3

Unpatched0

Last CVEMar 6, 2025

Plugin page Download

Safety Verdict

Is MailPoet – Newsletters, Email Marketing, and Automation Safe to Use in 2026?

Generally Safe

Score 98/100

MailPoet – Newsletters, Email Marketing, and Automation has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

3 known CVEsLast CVE: Mar 6, 2025Updated 1mo ago

Risk Assessment

Assessment pending

Vulnerabilities

3 published

MailPoet – Newsletters, Email Marketing, and Automation Security Vulnerabilities

CVEs by Year

1 CVE in 2019

2019

1 CVE in 2024

2024

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

3 total CVEs

CVE-2024-12743medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

MailPoet <= 5.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

Mar 6, 2025 Patched in 5.5.2 (65d)

CVE-2024-10103medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

MailPoet <= 5.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

Oct 29, 2024 Patched in 5.3.2 (18d)

CVE-2019-11843medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

MailPoet – emails and newsletters in WordPress <= 3.23.1 - Reflected Cross-Site Scripting via URL parameter

Apr 16, 2019 Patched in 3.23.2 (1743d)

Version History

MailPoet – Newsletters, Email Marketing, and Automation Release Timeline

v5.23.2Current

v5.23.1

v5.23.0

v5.22.430 files changed

v5.22.3

v5.22.247 files changed

v5.22.1

v5.22.0

v5.21.3

v5.21.2

v5.21.111 files changed

v5.21.0

v5.20.0

v5.19.0

v5.18.015 files changed

v5.17.66 files changed

v5.17.5

v5.17.443 files changed

v5.17.314 files changed

v5.17.213 files changed

Maintenance & Trust

MailPoet – Newsletters, Email Marketing, and Automation Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedApr 15, 2026

PHP min version7.4

Downloads64.7M

Community Trust

Rating88/100

Number of ratings1,414

Active installs500K

Alternatives

MailPoet – Newsletters, Email Marketing, and Automation Alternatives

weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerce

wemail

Send email newsletters, automate email marketing with email automation, manage subscribers, post notifications, optins & emails for WooCommerce.

10K 6 CVEs

Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails

mail-mint

Use Mail Mint, the easiest email marketing automation plugin in WordPress to generate leads, send email campaigns, and run email automation workflows.

5K 8 CVEs

MailerPress – Email Marketing, Newsletter, Email Automation & WooCommerce Emails

mailerpress

Email marketing and newsletter plugin for WordPress. Create email campaigns, grow subscribers, automate emails, and customize WooCommerce emails.

900 1 CVE

Chirp – Instant Post Notifications

chirp-instant-post-notifications

100

Chirp – Instant Post Notifications is a lightweight notification plugin that automatically notifies subscribers whenever a new post is published.

0 No CVEs

Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress

email-subscribers

Add subscription forms on the website and send newsletters & automatically send post notification about new blog posts once it gets published.

60K 42 CVEs

Developer Profile

MailPoet – Newsletters, Email Marketing, and Automation Developer Profile

MailPoet

1 plugin · 500K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

609 days

View full developer profile

FAQ