WP-Safety

Simple Newsletter Plugin – Noptin Security & Risk Analysis

wordpress.org/plugins/newsletter-optin-box

A fast, GDPR-compliant newsletter plugin. Collect newsletter subscribers, let users subscribe to new post notifications, and send newsletters. ★★★★★

10K active installs v4.1.8 PHP 7.4+ WP 6.7+ Updated Mar 2, 2026
newsletternewsletter-subscribersnotifysubscribewoocommerce
95
A · Safe
CVEs total4
Unpatched0
Last CVEJun 12, 2025
Plugin page Download
Safety Verdict

Is Simple Newsletter Plugin – Noptin Safe to Use in 2026?

Generally Safe

Score 95/100

Simple Newsletter Plugin – Noptin has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: Jun 12, 2025Updated 1mo ago
Risk Assessment

The "newsletter-optin-box" plugin v4.1.8 exhibits a generally good security posture in its static analysis, with a high percentage of SQL queries using prepared statements and almost all output being properly escaped. The absence of dangerous functions, file operations, and critical/high severity taint flows is also positive. However, the plugin's vulnerability history is a significant concern, with 4 known CVEs including one high severity and three medium severity issues. The types of past vulnerabilities (XSS, Missing Authorization, CSV Injection, Open Redirect) suggest a pattern of input validation and authorization weaknesses. While the current version has no unpatched CVEs, the historical prevalence of significant vulnerabilities indicates potential for future undiscovered flaws or regressions. The attack surface, though seemingly protected by capability checks and nonces, is still present through shortcodes, and the plugin makes external HTTP requests, which could be a vector if not handled securely. The plugin's strengths lie in its robust output escaping and prepared statement usage, but its past security record necessitates caution and ongoing vigilance.

Key Concerns

  • Multiple past vulnerabilities (4 total)
  • Past high severity vulnerability
  • Past medium severity vulnerabilities (3)
  • External HTTP requests made
  • SQL queries not fully prepared (53% not prepared)
Vulnerabilities
4

Simple Newsletter Plugin – Noptin Security Vulnerabilities

CVEs by Year

1 CVE in 2022
2022
1 CVE in 2023
2023
1 CVE in 2024
2024
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

High
1
Medium
3

4 total CVEs

CVE-2025-49871medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Noptin <= 3.8.7 - Authenticated (Administrator+) Stored Cross-Site Scripting

Jun 12, 2025 Patched in 4.0.0 (6d)
CVE-2024-37456medium · 5.3Missing Authorization

Noptin <= 3.4.2 - Missing Authorization to Unauthenticated Form Submission

Jul 1, 2024 Patched in 3.4.3 (9d)
CVE-2022-46803high · 7.2Improper Neutralization of Formula Elements in a CSV File

Simple Newsletter Plugin – Noptin <= 1.10.3 - Unauthenticated CSV Injection

Jan 27, 2023 Patched in 1.11.0 (361d)
CVE-2021-25033medium · 6.1URL Redirection to Untrusted Site ('Open Redirect')

WordPress Newsletter Plugin – Noptin < 1.6.5 - Open Redirect

Jan 17, 2022 Patched in 1.6.5 (736d)
Code Analysis
Analyzed Mar 16, 2026

Simple Newsletter Plugin – Noptin Code Analysis

Dangerous Functions
0
Raw SQL Queries
8
7 prepared
Unescaped Output
14
620 escaped
Nonce Checks
6
Capability Checks
9
File Operations
0
External Requests
3
Bundled Libraries
0

SQL Query Safety

47% prepared15 total queries

Output Escaping

98% escaped634 total outputs
Attack Surface

Simple Newsletter Plugin – Noptin Attack Surface

Entry Points5
Unprotected0

Shortcodes 5

[noptin_action_page] includes\class-noptin-page.php:24
[noptin-show-if-subscriber] includes\subscriber.php:923
[noptin-show-if-non-subscriber] includes\subscriber.php:942
[noptin-subscriber-count] includes\subscriber.php:954
[noptin-subscriber-field] includes\subscriber.php:975
WordPress Hooks 194
actionadmin_menuincludes\admin\class-noptin-admin-menus.php:20
actionadmin_menuincludes\admin\class-noptin-admin-menus.php:21
actionadmin_initincludes\admin\class-noptin-admin.php:118
actionadmin_noticesincludes\admin\class-noptin-admin.php:121
actionnoptin_admin_reset_dataincludes\admin\class-noptin-admin.php:123
actionadmin_menuincludes\admin\class-noptin-tools.php:10
actionnoptin_before_admin_toolsincludes\admin\class-noptin-tools.php:11
actionnoptin_after_admin_toolsincludes\admin\class-noptin-tools.php:12
actionnoptin_admin_toolsincludes\admin\class-noptin-tools.php:13
actionnoptin_admin_tool_debug_logincludes\admin\class-noptin-tools.php:14
actionnoptin_admin_tool_new_post_notificationincludes\admin\class-noptin-tools.php:15
actionnoptin_trigger_new_post_notificationincludes\admin\class-noptin-tools.php:16
filternoptin_subscription_sourcesincludes\automation-rules\triggers\class-noptin-form-submit-trigger.php:37
actionwp_set_comment_statusincludes\automation-rules\triggers\class-noptin-new-comment-trigger.php:30
actionwp_insert_commentincludes\automation-rules\triggers\class-noptin-new-comment-trigger.php:31
actionadmin_initincludes\class-noptin-hooks.php:18
actioninitincludes\class-noptin-hooks.php:21
actionparse_requestincludes\class-noptin-page.php:27
filternoptin_get_settingsincludes\class-noptin-page.php:30
filterpre_handle_404includes\class-noptin-page.php:216
actiontemplate_redirectincludes\class-noptin-page.php:218
actionadmin_enqueue_scriptsincludes\class-noptin-scripts.php:19
filteredd_load_admin_scriptsincludes\class-noptin-scripts.php:46
filternoptin_email_can_sendincludes\emails\automated-email-types\class-post_digest.php:56
actiontransition_post_statusincludes\emails\automated-email-types\class-post_notifications.php:51
actionnoptin_force_trigger_new_post_notificationincludes\emails\automated-email-types\class-post_notifications.php:52
filternoptin_automation_sub_typesincludes\emails\automated-email-types\class-type.php:67
actioninitincludes\emails\class-email-tags.php:35
filternoptin_parse_email_subject_tagsincludes\emails\class-email-tags.php:36
filternoptin_parse_email_content_tagsincludes\emails\class-email-tags.php:37
actionnoptin_before_send_emailincludes\emails\class-email-type.php:67
actionnoptin_after_send_emailincludes\emails\class-email-type.php:68
actionnoptin_prepare_email_previewincludes\emails\class-email-type.php:69
filternoptin_get_email_propincludes\emails\class-email-type.php:70
filternoptin_get_default_email_propsincludes\emails\class-email-type.php:71
actionplugins_loadedincludes\emails\class-manager.php:40
actionafter_setup_themeincludes\emails\class-manager.php:43
filterexcerpt_moreincludes\functions.php:1560
filterget_the_excerptincludes\functions.php:1573
actionnoptin_daily_maintenanceincludes\functions.php:2289
filternoptin_subscription_sourcesincludes\integrations\class-noptin-abstract-integration.php:78
filternoptin_get_integration_settingsincludes\integrations\class-noptin-abstract-integration.php:85
actioninitincludes\integrations\class-noptin-abstract-integration.php:97
actionafter_setup_themeincludes\integrations\class-noptin-integrations.php:22
actionnoptin_checkbox_integration_process_submissionincludes\subscriber.php:452
actionnoptin_subscriber_status_set_to_subscribedincludes\subscriber.php:628
actionnoptin_subscriber_status_set_to_unsubscribedincludes\subscriber.php:629
actionnoptin_subscriber_createdincludes\subscriber.php:836
actionnoptin_subscriber_createdincludes\subscriber.php:1264
actionnoptin_subscriber_updatedincludes\subscriber.php:1265
actionplugins_loadednoptin.php:221
actionnoptin_initnoptin.php:301
actioninitnoptin.php:304
actioninitnoptin.php:307
filterbody_classnoptin.php:310
actioninitnoptin.php:313
actionadmin_initsrc\Core\Bulk_Task_Runner.php:54
filtercron_schedulessrc\Core\Bulk_Task_Runner.php:57
actioninitsrc\DB\Main.php:69
actionnoptin_initsrc\DB\Main.php:70
filterhizzle_rest_noptin_subscribers_admin_app_routessrc\DB\Main.php:71
filterhizzle_rest_noptin_subscribers_collection_js_paramssrc\DB\Main.php:72
filterhizzle_rest_noptin_subscribers_record_tabssrc\DB\Main.php:73
actionnoptin_collection_registeredsrc\DB\Main.php:74
actionnoptin_automation_rules_loadsrc\Integrations\Automation_Integration.php:30
filternoptin_subscription_sourcessrc\Integrations\Checkbox_Integration.php:71
filternoptin_get_integration_settingssrc\Integrations\Checkbox_Integration.php:74
filternoptin_get_custom_fields_map_settingssrc\Integrations\Checkbox_Integration.php:77
actioninitsrc\Integrations\Checkbox_Integration.php:88
filterwpcf7_editor_panelssrc\Integrations\Contact_Form_7\Main.php:35
actionwpcf7_after_savesrc\Integrations\Contact_Form_7\Main.php:38
actionwpcf7_submitsrc\Integrations\Contact_Form_7\Main.php:42
filternoptin_users_known_custom_fieldssrc\Integrations\Custom_Fields_Integration.php:27
filternoptin_post_type_known_custom_fieldssrc\Integrations\Custom_Fields_Integration.php:30
filternoptin_get_custom_fields_map_settingssrc\Integrations\Ecommerce_Integration.php:54
actionedd_transition_order_item_statussrc\Integrations\EDD\Downloads.php:35
actioninitsrc\Integrations\EDD\Main.php:38
filternoptin_supports_ecommerce_trackingsrc\Integrations\EDD\Main.php:39
filternoptin_format_price_callbacksrc\Integrations\EDD\Main.php:40
actionedd_transition_order_statussrc\Integrations\EDD\Orders.php:52
actionedd_order_addedsrc\Integrations\EDD\Orders.php:53
actionedd_complete_purchasesrc\Integrations\EDD\Subscription_Checkbox.php:41
filteredd_payment_metasrc\Integrations\EDD\Subscription_Checkbox.php:54
filteredd_email_footer_textsrc\Integrations\EDD\Template.php:39
actionelementor_pro/forms/new_recordsrc\Integrations\Elementor\Main.php:35
actionelementor_pro/initsrc\Integrations\Elementor\Main.php:38
actionfluentform_submission_insertedsrc\Integrations\Fluent_Forms\Main.php:53
actiongeodir_pricing_post_downgradedsrc\Integrations\GeoDirectory\Listings.php:32
actiongeodir_pricing_post_expiredsrc\Integrations\GeoDirectory\Listings.php:33
actiongeodir_pricing_complete_package_post_updatedsrc\Integrations\GeoDirectory\Listings.php:34
actionnoptin_register_post_type_objectssrc\Integrations\GeoDirectory\Main.php:21
actiongform_entry_post_savesrc\Integrations\Gravity_Forms\Main.php:35
actiongform_loadedsrc\Integrations\Gravity_Forms\Main.php:41
actionafter_setup_themesrc\Integrations\Main.php:46
actioninitsrc\Integrations\Main.php:49
filternoptin_get_all_known_integrationssrc\Integrations\Main.php:51
actionnoptin_refresh_integrationssrc\Integrations\Main.php:53
actionnoptin_upgrade_dbsrc\Integrations\Main.php:54
actionadmin_noticessrc\Integrations\Main.php:57
actionninja_forms_after_submissionsrc\Integrations\Ninja_Forms\Main.php:35
actionnf_initsrc\Integrations\Ninja_Forms\Main.php:38
actionnoptin_loadsrc\Integrations\PMPro\Main.php:21
filternoptin_user_collection_triggerssrc\Integrations\PMPro\Main.php:22
filternoptin_user_test_argssrc\Integrations\PMPro\Main.php:23
filternoptin_user_collection_actionssrc\Integrations\PMPro\Main.php:24
actionpmpro_after_change_membership_levelsrc\Integrations\PMPro\Main.php:25
actionpmpro_checkout_before_change_membership_levelsrc\Integrations\PMPro\Main.php:26
actionpmpro_after_checkoutsrc\Integrations\PMPro\Main.php:27
filternoptin_get_settingssrc\Integrations\PMPro\Main.php:28
actionpmpro_show_user_profilesrc\Integrations\PMPro\Main.php:31
filternoptin_collection_type_register_trigger_argssrc\Integrations\PMPro\Membership_Levels.php:30
filternoptin_collection_type_trigger_argssrc\Integrations\PMPro\Membership_Levels.php:31
filterpll_get_post_typessrc\Integrations\Polylang\Main.php:20
filtertranslate_noptin_form_idsrc\Integrations\Polylang\Main.php:21
filternoptin_post_localesrc\Integrations\Polylang\Main.php:22
filternoptin_is_multilingualsrc\Integrations\Polylang\Main.php:23
filternoptin_form_scripts_paramssrc\Integrations\Polylang\Main.php:24
filternoptin_multilingual_active_languagessrc\Integrations\Polylang\Main.php:25
filternoptin_convert_language_locale_to_slugsrc\Integrations\Polylang\Main.php:26
filternoptin_action_url_home_urlsrc\Integrations\Polylang\Main.php:27
filternoptin_woocommerce_order_localesrc\Integrations\Polylang\Main.php:28
filternoptin_email_sender_settingssrc\Integrations\Sender_Integration.php:25
filternoptin_can_email_recipient_for_bulk_campaignsrc\Integrations\Sender_Integration.php:26
filternoptin_email_templatessrc\Integrations\Template_Integration.php:31
filternoptin_email_after_apply_templatesrc\Integrations\Template_Integration.php:32
actionnoptin_email_stylessrc\Integrations\Template_Integration.php:33
filternoptin_content_pre_inline_stylessrc\Integrations\Template_Integration.php:34
actionwoocommerce_payment_completesrc\Integrations\WooCommerce\Customers.php:35
actionwoocommerce_order_status_completedsrc\Integrations\WooCommerce\Customers.php:36
actionnoptin_initsrc\Integrations\WooCommerce\Main.php:36
actionnoptin_register_post_type_objectssrc\Integrations\WooCommerce\Main.php:37
filternoptin_automation_rule_migrate_triggerssrc\Integrations\WooCommerce\Main.php:38
filternoptin_supports_ecommerce_trackingsrc\Integrations\WooCommerce\Main.php:39
filternoptin_format_price_callbacksrc\Integrations\WooCommerce\Main.php:40
filterwcwp_disregard_wholesale_pricingsrc\Integrations\WooCommerce\Product.php:202
filterwcwp_disregard_wholesale_pricingsrc\Integrations\WooCommerce\Product.php:217
filterwoocommerce_product_is_on_salesrc\Integrations\WooCommerce\Product.php:222
filterwoocommerce_get_price_htmlsrc\Integrations\WooCommerce\Product.php:223
actionwoocommerce_order_refundedsrc\Integrations\WooCommerce\Products.php:33
actionwoocommerce_payment_completesrc\Integrations\WooCommerce\Products.php:36
actionwoocommerce_order_status_completedsrc\Integrations\WooCommerce\Products.php:37
actionwoocommerce_new_productsrc\Integrations\WooCommerce\Products.php:40
actionwoocommerce_checkout_order_processedsrc\Integrations\WooCommerce\Subscription_Checkbox.php:41
actionwoocommerce_store_api_checkout_order_processedsrc\Integrations\WooCommerce\Subscription_Checkbox.php:42
filterwoocommerce_form_field_emailsrc\Integrations\WooCommerce\Subscription_Checkbox.php:55
actionwoocommerce_initsrc\Integrations\WooCommerce\Subscription_Checkbox.php:61
filterwoocommerce_get_default_value_for_noptin/optinsrc\Integrations\WooCommerce\Subscription_Checkbox.php:64
actionwoocommerce_set_additional_field_valuesrc\Integrations\WooCommerce\Subscription_Checkbox.php:73
filternoptin_integration_checkbox_label_attributessrc\Integrations\WooCommerce\Subscription_Checkbox.php:85
actionwoocommerce_checkout_create_ordersrc\Integrations\WooCommerce\Subscription_Checkbox.php:89
filterwoocommerce_email_footer_textsrc\Integrations\WooCommerce\Template.php:47
actioncomment_postsrc\Integrations\WordPress_Comment_Form\Main.php:40
filtercomment_form_submit_fieldsrc\Integrations\WordPress_Comment_Form\Main.php:49
actionum_user_registersrc\Integrations\WordPress_Registration_Form\Main.php:40
actionuser_registersrc\Integrations\WordPress_Registration_Form\Main.php:41
actionprofile_updatesrc\Integrations\WordPress_Registration_Form\Main.php:42
filterbp_signup_usermetasrc\Integrations\WordPress_Registration_Form\Main.php:53
actionbp_core_activated_usersrc\Integrations\WordPress_Registration_Form\Main.php:54
actionregister_formsrc\Integrations\WordPress_Registration_Form\Main.php:65
actionum_after_register_fieldssrc\Integrations\WordPress_Registration_Form\Main.php:68
actionwoocommerce_register_formsrc\Integrations\WordPress_Registration_Form\Main.php:71
actionuwp_template_fieldssrc\Integrations\WordPress_Registration_Form\Main.php:74
actionbp_before_registration_submit_buttonssrc\Integrations\WordPress_Registration_Form\Main.php:77
actionwpforms_process_completesrc\Integrations\WPForms\Main.php:47
filterwpforms_builder_settings_sectionssrc\Integrations\WPForms\Main.php:51
actionwpforms_form_settings_panel_contentsrc\Integrations\WPForms\Main.php:52
filtertranslate_noptin_form_idsrc\Integrations\WPML\Main.php:19
filternoptin_post_localesrc\Integrations\WPML\Main.php:20
filtericl_job_elementssrc\Integrations\WPML\Main.php:21
filterwpml_document_view_item_linksrc\Integrations\WPML\Main.php:22
filternoptin_is_multilingualsrc\Integrations\WPML\Main.php:23
filternoptin_form_scripts_paramssrc\Integrations\WPML\Main.php:24
filternoptin_multilingual_active_languagessrc\Integrations\WPML\Main.php:25
filternoptin_convert_language_locale_to_slugsrc\Integrations\WPML\Main.php:26
filternoptin_woocommerce_order_localesrc\Integrations\WPML\Main.php:27
filternoptin_post_type_get_all_filterssrc\Integrations\WPML\Main.php:28
actionadmin_initsrc\Integrations\WPML\Main.php:30
actionnoptin_post_type_get_all_after_querysrc\Integrations\WPML\Main.php:217
actionnoptin_register_post_type_objectssrc\Integrations\WP_Recipe_Maker\Main.php:21
actionwsf_submit_post_completesrc\Integrations\WSForm\Main.php:33
filternoptin_email_editor_objectssrc\Objects\Collection.php:108
actionnoptin_automation_rules_loadsrc\Objects\Collection.php:123
actionnoptin_before_send_emailsrc\Objects\Collection.php:127
actionnoptin_register_temporary_merge_tagssrc\Objects\Collection.php:128
actionnoptin_after_send_emailsrc\Objects\Collection.php:131
actionnoptin_unregister_temporary_merge_tagssrc\Objects\Collection.php:132
filterexcerpt_lengthsrc\Objects\Generic_Post.php:151
filterget_the_excerptsrc\Objects\Generic_Post.php:178
actionnoptin_init_current_email_recipientsrc\Objects\People.php:41
filternoptin_bulk_email_senderssrc\Objects\People.php:44
actionnoptin_init_current_email_recipientsrc\Objects\People.php:51
actionwp_after_insert_postsrc\Objects\Post_Type.php:44
actionnoptin_force_trigger_new_post_notificationsrc\Objects\Post_Type.php:45
actionbefore_delete_postsrc\Objects\Post_Type.php:49

Scheduled Events 1

noptin_daily_maintenance
Maintenance & Trust

Simple Newsletter Plugin – Noptin Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 2, 2026
PHP min version7.4
Downloads603K

Community Trust

Rating90/100
Number of ratings110
Active installs10K
Alternatives

Simple Newsletter Plugin – Noptin Alternatives

weMail: Email Marketing, Email Automation, Newsletters, Subscribers & eCommerce Email Optins

weMail: Email Marketing, Email Automation, Newsletters, Subscribers & eCommerce Email Optins

wemail

A
95

Send email newsletters, automate email marketing with email automation, manage subscribers, eCommerce emails, post notifications & optins with ease

10K 6 CVEs
Easy Subscribe

Easy Subscribe

easy-subscribe

A
100

Quickly integrate modern, customizable subscription forms into your website to simplify email marketing, increase subscribers, and boost engagement.

500 No CVEs
Integration for listmonk mailing list and newsletter service

Integration for listmonk mailing list and newsletter service

integration-for-listmonk-mailing-list-and-newsletter-manager

A
100

Integrates the open-source mailing list tool listmonk with WordPress/WooCommerce so users can subscribe to your mailing list.

100 No CVEs
WL Newsletter for WooCommerce

WL Newsletter for WooCommerce

wl-wc-newsletter

A
100

Allow visitors to your website to subscribe to your newsletters and reward discount coupons.

0 No CVEs
MC4WP: Mailchimp for WordPress

MC4WP: Mailchimp for WordPress

mailchimp-for-wp

A
92

The #1 Mailchimp plugin for WordPress. Allows you to add a multitude of newsletter sign-up methods to your site.

1.0M 11 CVEs
Developer Profile

Simple Newsletter Plugin – Noptin Developer Profile

Noptin Newsletter Team

5 plugins · 11K total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
278 days
View full developer profile
Detection Fingerprints

How We Detect Simple Newsletter Plugin – Noptin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/newsletter-optin-box/assets/css/main.css/wp-content/plugins/newsletter-optin-box/assets/css/select2.css/wp-content/plugins/newsletter-optin-box/assets/css/nouislider.css/wp-content/plugins/newsletter-optin-box/assets/js/admin.js/wp-content/plugins/newsletter-optin-box/assets/js/front.js/wp-content/plugins/newsletter-optin-box/assets/js/select2.js/wp-content/plugins/newsletter-optin-box/assets/js/nouislider.js
Script Paths
/wp-content/plugins/newsletter-optin-box/assets/js/admin.js/wp-content/plugins/newsletter-optin-box/assets/js/front.js/wp-content/plugins/newsletter-optin-box/assets/js/select2.js/wp-content/plugins/newsletter-optin-box/assets/js/nouislider.js
Version Parameters
/wp-content/plugins/newsletter-optin-box/assets/css/main.css?ver=/wp-content/plugins/newsletter-optin-box/assets/css/select2.css?ver=/wp-content/plugins/newsletter-optin-box/assets/css/nouislider.css?ver=/wp-content/plugins/newsletter-optin-box/assets/js/admin.js?ver=/wp-content/plugins/newsletter-optin-box/assets/js/front.js?ver=/wp-content/plugins/newsletter-optin-box/assets/js/select2.js?ver=/wp-content/plugins/newsletter-optin-box/assets/js/nouislider.js?ver=

HTML / DOM Fingerprints

CSS Classes
noptin-formnoptin-input-wrapnoptin-labelnoptin-submit-button
Data Attributes
data-noptin-formdata-noptin-iddata-noptin-type
JS Globals
noptin_ajax_objectNoptin_Form
REST Endpoints
/wp-json/noptin/v1/submit
Shortcode Output
[noptin-form
FAQ

Frequently Asked Questions about Simple Newsletter Plugin – Noptin