WP-Safety

Mailster WordPress Newsletter Plugin Security & Risk Analysis

wordpress.org/plugins/mailster

Send beautiful newsletters from WordPress. Collect subscribers with signup forms, automate your emails for WooCommerce, blog post notifications & …

9K active installs v2.0.2 PHP 7.4+ WP 6.0+ Updated Jun 28, 2024
email-marketingemail-newsletteremail-signupnewsletter-signupnewsletters
79
B · Generally Safe
CVEs total5
Unpatched0
Last CVEOct 27, 2025
Plugin page Download
Safety Verdict

Is Mailster WordPress Newsletter Plugin Safe to Use in 2026?

Mostly Safe

Score 79/100

Mailster WordPress Newsletter Plugin is generally safe to use though it hasn't been updated recently. 5 past CVEs were resolved. Keep it updated.

5 known CVEsLast CVE: Oct 27, 2025Updated 1yr ago
Risk Assessment

The Mailster plugin v2.0.2 exhibits a mixed security posture. On one hand, it demonstrates good practices by having no directly exposed REST API routes, shortcodes, or cron events, and its single AJAX handler includes a nonce check. Furthermore, all SQL queries are properly prepared, and there are no detected file operations or external HTTP requests, suggesting a well-controlled data handling approach. However, the static analysis also reveals a significant concern: 50% of output is not properly escaped. This leaves the plugin susceptible to Cross-Site Scripting (XSS) vulnerabilities, especially when user-supplied data is displayed without adequate sanitization.

Key Concerns

  • Half of output is not properly escaped
  • 5 critical CVEs in history, including critical & high
  • Vulnerability history includes XSS and RFI
Vulnerabilities
5

Mailster WordPress Newsletter Plugin Security Vulnerabilities

CVEs by Year

1 CVE in 2020
2020
3 CVEs in 2024
2024
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Critical
1
High
1
Medium
3

5 total CVEs

CVE-2025-64203medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Mailster < 4.1.14 - Reflected Cross-Site Scripting

Oct 27, 2025 Patched in 4.1.14 (54d)
CVE-2024-37433medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Mailster <= 4.0.9 - Reflected Cross-Site Scripting

Jun 28, 2024 Patched in 4.0.10 (5d)
CVE-2024-32523critical · 9.8Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Mailster <= 4.0.6 - Unauthenticated Local File Inclusion

Apr 15, 2024 Patched in 4.0.7 (11d)
CVE-2024-30503medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Mailster <= 1.0.3 - Reflected Cross-Site Scripting

Mar 28, 2024 Patched in 2.0.0 (7d)
WF-f3584b5b-ff93-4a47-b6e6-f95335ee88b6-mailsterhigh · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Mailster <= 2.4.5.1 - Stored Cross-Site Scripting

Oct 14, 2020 Patched in 2.4.9 (1196d)
Code Analysis
Analyzed Mar 16, 2026

Mailster WordPress Newsletter Plugin Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
2
2 escaped
Nonce Checks
1
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

50% escaped4 total outputs
Attack Surface

Mailster WordPress Newsletter Plugin Attack Surface

Entry Points1
Unprotected0

AJAX Handlers 1

authwp_ajax_mailster_testclasses\tester.class.php:15
WordPress Hooks 5
actionactivated_pluginclasses\activator.class.php:8
actionadmin_menuclasses\tester.class.php:14
filterupgrader_package_optionsclasses\tester.class.php:16
filterupgrader_post_installclasses\tester.class.php:116
actionwp_mail_failedclasses\tests.class.php:334
Maintenance & Trust

Mailster WordPress Newsletter Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8
Last updatedJun 28, 2024
PHP min version7.4
Downloads41K

Community Trust

Rating70/100
Number of ratings8
Active installs9K
Alternatives

Mailster WordPress Newsletter Plugin Alternatives

Drip for WordPress

Drip for WordPress

email-marketing

A
85

Do you sell online? If so you need our new Drip for WooCommerce Plugin instead of this one. It includes your entire product catalog, order history int &hellip;

2K No CVEs
Email Subscribers – Group Selector

Email Subscribers – Group Selector

email-subscribers-advanced-form

A
85

Add-on for Email Subscribers plugin using which you can provide option to your users to select interested groups in the Subscribe Form.

300 No CVEs
Email Marketing by SendX

Email Marketing by SendX

email-marketing-by-sendx

A
85

SendX is a lead-generation and marketing automation platform to grow your web business. In simple words it is marketing for non-marketers.

100 No CVEs
Formilla Edge Targeted Messaging Platform for Sales and Marketing

Formilla Edge Targeted Messaging Platform for Sales and Marketing

formilla-edge

A
100

Target customers with the right message at the right time using Formilla Edge email, live chat, and in-app messaging.

30 1 CVE
Plugin Name: FeedBlitz Member Mail

Plugin Name: FeedBlitz Member Mail

feedblitz-membermail

A
85

Build your FeedBlitz email newsletter subscription list faster with simple checkboxes on user registration and / or comment forms.

20 No CVEs
Developer Profile

Mailster WordPress Newsletter Plugin Developer Profile

EverPress

28 plugins · 121K total installs

73
trust score
Avg Security Score
91/100
Avg Patch Time
255 days
View full developer profile
Detection Fingerprints

How We Detect Mailster WordPress Newsletter Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/mailster/assets/style.css/wp-content/plugins/mailster/assets/script.js
Script Paths
/wp-content/plugins/mailster/assets/script.js
Version Parameters
mailster-tester

HTML / DOM Fingerprints

Data Attributes
data-plugin-id="12184"data-plan-id="22867"
JS Globals
mailster_tester
REST Endpoints
/wp-json/mailster
FAQ

Frequently Asked Questions about Mailster WordPress Newsletter Plugin