Newsletter subscription optin module Security & Risk Analysis

wordpress.org/plugins/newsletter-subscription-widget-for-sendblaster

Plugin for managing subscriptions to a mailing list. It provides a simple form for subscription to your mailing list through single or double opt-in.

60 active installs v1.2.9 PHP + WP 2.9+ Updated Sep 13, 2021
bulk-emailemailnewslettersidebarwidget
63
C · Use Caution
CVEs total1
Unpatched1
Last CVEAug 25, 2025
Safety Verdict

Is Newsletter subscription optin module Safe to Use in 2026?

Use With Caution

Score 63/100

Newsletter subscription optin module has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Aug 25, 2025Updated 4yr ago
Risk Assessment

The plugin "newsletter-subscription-widget-for-sendblaster" v1.2.9 exhibits a mixed security posture. On the positive side, the static analysis reveals no dangerous functions, all SQL queries are prepared, and there are no file operations or external HTTP requests. The absence of a significant attack surface with entry points is also a good sign. However, there are notable concerns.

The taint analysis indicates a significant issue with 6 flows having unsanitized paths, with 4 of these being of high severity. This suggests that user-supplied data is not being properly validated or sanitized before being used in potentially sensitive operations, creating a risk of injection or other path traversal vulnerabilities. The lack of nonce checks and capability checks in general, especially given the presence of high-severity taint flows, means that even if an entry point were discovered, there are no built-in protections against unauthorized actions.

The vulnerability history shows a medium severity CVE that is currently unpatched. This, combined with the medium severity of the last vulnerability type (CSRF), indicates a pattern of potential security weaknesses that, while not critical, still require attention. The overall conclusion is that while the plugin has some good security fundamentals, the unpatched CVE and the high-severity unsanitized taint flows present clear and present risks that need to be addressed.

Key Concerns

  • Unpatched CVE
  • High severity taint flows with unsanitized paths
  • Output not properly escaped (16% of outputs)
  • Missing nonce checks
  • Missing capability checks
Vulnerabilities
1 published

Newsletter subscription optin module Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-48308medium · 6.1Cross-Site Request Forgery (CSRF)

Newsletter subscription optin module <= 1.2.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Aug 25, 2025Unpatched
Version History

Newsletter subscription optin module Release Timeline

No version history available.
Code Analysis
Analyzed Apr 16, 2026

Newsletter subscription optin module Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
9 prepared
Unescaped Output
17
90 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared9 total queries

Output Escaping

84% escaped107 total outputs
Data Flows · Security
6 unsanitized

Data Flow Analysis

6 flows6 with unsanitized paths
wpsb_widget_init (wpsb-opt-in.php:790)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Newsletter subscription optin module Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 2
actionadmin_menuwpsb-opt-in.php:888
actioninitwpsb-opt-in.php:889
Maintenance & Trust

Newsletter subscription optin module Maintenance & Trust

Maintenance Signals

WordPress version tested5.8.13
Last updatedSep 13, 2021
PHP min version
Downloads10K

Community Trust

Rating0/100
Number of ratings0
Active installs60
Developer Profile

Newsletter subscription optin module Developer Profile

nonletter

1 plugin · 60 total installs

68
trust score
Avg Security Score
63/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Newsletter subscription optin module

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/newsletter-subscription-widget-for-sendblaster/style.css
Version Parameters
newsletter-subscription-widget-for-sendblaster/style.css?ver=

HTML / DOM Fingerprints

CSS Classes
wpsb_form_labelwpsb_form_txtwpsb_form_radiowpsb_form_btnwidgetmodule
HTML Comments
Made by www.sendblaster.com Newsletter Software Opt-in
Data Attributes
id="wpsb_email"id="wpsb_fld_onclick="wpsb_toggle_custom_fields(1)"onclick="wpsb_toggle_custom_fields(0)"id="wpsb_form_submit"
JS Globals
wpsb_toggle_custom_fields
Shortcode Output
<form action="#wpsbw" method="post"><h6>Get this <a href="https://wordpress.org/plugins/newsletter-subscription-widget-for-sendblaster/" title="Wordpress newsletter plugin">newsletter subscription widget</a> for your own WP project.<br /> <a href="//www.sendblaster.com/newsletter-software-no-recurring-fees/" title="Powered by: Sendblaster.com" rel="nofollow">Powered by: Sendblaster.com</a></h6>
FAQ

Frequently Asked Questions about Newsletter subscription optin module