MailUp for WordPress – Email and Newsletter Subscription Form Security & Risk Analysis

The mailup-email-and-newsletter-subscription-form plugin version 1.2.7 exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and has no known vulnerabilities or CVEs recorded, suggesting a history of responsible development. However, the static analysis reveals significant security concerns. A notable issue is the presence of four AJAX handlers that lack authentication checks, presenting a substantial attack surface for unauthorized actions. Furthermore, the plugin has a very low rate of proper output escaping (11%), indicating a high risk of cross-site scripting (XSS) vulnerabilities, especially when combined with the unprotected AJAX endpoints.

The lack of taint analysis results is neutral, but the identified code signals are worrying. The absence of nonce checks on the AJAX handlers amplifies the risk of CSRF attacks. While there are no dangerous functions or file operations flagged, and external HTTP requests are limited, the combination of unprotected entry points and inadequate output sanitization creates a precarious security situation. The plugin's strengths lie in its SQL query handling and lack of historical vulnerabilities, but these are overshadowed by the immediate risks posed by unprotected AJAX endpoints and potential XSS flaws due to insufficient output escaping.