Does Email Marketing for WooCommerce by Omnisend have any unpatched vulnerabilities?

No. All known vulnerabilities in Email Marketing for WooCommerce by Omnisend have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Email Marketing for WooCommerce by Omnisend compatible with WordPress 6.9.4?

According to WordPress.org data, Email Marketing for WooCommerce by Omnisend 1.18.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Email Marketing for WooCommerce by Omnisend compatible with PHP 7.1+?

Email Marketing for WooCommerce by Omnisend requires PHP 7.1 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Email Marketing for WooCommerce by Omnisend updated?

Email Marketing for WooCommerce by Omnisend was last updated on Jan 22, 2026. Frequent updates are generally a positive security signal.

What is Email Marketing for WooCommerce by Omnisend's security score?

Email Marketing for WooCommerce by Omnisend has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Email Marketing for WooCommerce by Omnisend Security & Risk Analysis

wordpress.org/plugins/omnisend-connect

Email Marketing, Newsletter, Email Automation, Forms, Pop Up, SMS, Abandoned Cart made easy for WordPress & WooCommerce by Omnisend

60K active installs v1.18.0 PHP 7.1+ WP 4.7.0+ Updated Jan 22, 2026

email-marketingmarketingnewslettersmswoocommerce

A · Safe

CVEs total2

Unpatched0

Last CVEApr 11, 2024

Plugin page Download

Safety Verdict

Is Email Marketing for WooCommerce by Omnisend Safe to Use in 2026?

Generally Safe

Score 99/100

Email Marketing for WooCommerce by Omnisend has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Apr 11, 2024Updated 2mo ago

Risk Assessment

The Omnisend Connect plugin v1.18.0 exhibits a generally strong security posture with good coding practices, as evidenced by a high percentage of prepared SQL statements and properly escaped output. The absence of dangerous functions, file operations, and critical/high severity taint flows are positive indicators. However, a significant concern arises from the presence of 7 AJAX handlers, one of which lacks authentication checks, and 5 REST API routes, with one missing permission callbacks. This constitutes an unprotected entry point, increasing the potential attack surface. The plugin's vulnerability history, though currently showing no unpatched issues, reveals two past medium severity vulnerabilities of types CSRF and sensitive information exposure. This suggests a need for continued vigilance regarding these specific vulnerability classes. Overall, while the code quality is commendable, the unprotected entry points and historical vulnerability patterns warrant attention to mitigate potential risks.

Key Concerns

Unprotected REST API route
Unprotected AJAX handler
Past medium severity vulnerabilities (2)

Vulnerabilities

Email Marketing for WooCommerce by Omnisend Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2024-32101medium · 4.3Cross-Site Request Forgery (CSRF)

Email Marketing for WooCommerce by Omnisend <= 1.14.3 - Cross-Site Request Forgery

Apr 11, 2024 Patched in 1.14.4 (7d)

CVE-2023-47244medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

Email Marketing for WooCommerce by Omnisend <= 1.13.8 - Sensitive Information Exposure

Nov 7, 2023 Patched in 1.13.9 (77d)

Code Analysis

Analyzed Mar 16, 2026

Email Marketing for WooCommerce by Omnisend Code Analysis

Dangerous Functions

Raw SQL Queries

17 prepared

Unescaped Output

147 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

71% prepared24 total queries

Output Escaping

99% escaped148 total outputs

Attack Surface

1 unprotected

Email Marketing for WooCommerce by Omnisend Attack Surface

Entry Points12

Unprotected1

AJAX Handlers 7

authwp_ajax_omnisend_identifyclass-omnisend-ajax.php:10

noprivwp_ajax_omnisend_identifyclass-omnisend-ajax.php:11

authwp_ajax_omnisend_track_started_checkout_eventclass-omnisend-ajax.php:25

noprivwp_ajax_omnisend_track_started_checkout_eventclass-omnisend-ajax.php:26

authwp_ajax_omnisend_update_plugin_settingclass-omnisend-ajax.php:39

authwp_ajax_omnisend_disconnect_current_siteclass-omnisend-ajax.php:80

authwp_ajax_omnisend_toggle_loggingclass-omnisend-ajax.php:95

REST API Routes 5

GET/wp-json/omnisend-api/v1/connectincludes\omnisend-api.php:214

GET/wp-json/omnisend-api/v1/disconnect-current-siteincludes\omnisend-api.php:223

GET/wp-json/omnisend-api/v1/connectedincludes\omnisend-api.php:232

GET/wp-json/omnisend-api/v1/statusincludes\omnisend-api.php:241

GET/wp-json/omnisend-api/v1/omnisend-settingsincludes\omnisend-api.php:250

WordPress Hooks 49

actionwoocommerce_store_api_checkout_update_order_from_requestincludes\blocks\class-omnisend-checkout-block-extend-woo-core.php:18

actionwoocommerce_blocks_loadedincludes\blocks\init.php:12

actionwoocommerce_blocks_checkout_block_registrationincludes\blocks\init.php:22

actionrest_api_initincludes\omnisend-api.php:211

filteromnisend_cart_line_itemincludes\omnisend-cart-event-filter.php:10

actionomnisend_init_contacts_syncmanager\class-omnisend-manager-assistant.php:10

actionomnisend_init_products_syncmanager\class-omnisend-manager-assistant.php:11

actionomnisend_init_categories_syncmanager\class-omnisend-manager-assistant.php:12

actionomnisend_batch_checkmanager\class-omnisend-manager-assistant.php:13

actionwp_loadedomnisend-rebuild-cart.php:83

actionwoocommerce_new_productomnisend-woocommerce-hooks.php:14

actionwoocommerce_update_productomnisend-woocommerce-hooks.php:15

actiontrash_productomnisend-woocommerce-hooks.php:16

actionwoocommerce_after_single_productomnisend-woocommerce-hooks.php:44

actionedited_product_catomnisend-woocommerce-hooks.php:56

actioncreate_product_catomnisend-woocommerce-hooks.php:57

actiondelete_product_catomnisend-woocommerce-hooks.php:58

actionprofile_updateomnisend-woocommerce-hooks.php:86

actionuser_registeromnisend-woocommerce-hooks.php:93

actionwoocommerce_checkout_update_order_metaomnisend-woocommerce-hooks.php:102

actionwoocommerce_add_to_cartomnisend-woocommerce-hooks.php:108

actionwp_enqueue_scriptsomnisend-woocommerce-hooks.php:114

actionwp_enqueue_scriptsomnisend-woocommerce-hooks.php:143

filterwoocommerce_webhook_payloadomnisend-woocommerce-hooks.php:186

actionwp_loginomnisend-woocommerce-hooks.php:197

actionwp_footeromnisend-woocommerce-hooks.php:200

actionwp_headomnisend-woocommerce-hooks.php:220

actionwoocommerce_after_checkout_billing_formomnisend-woocommerce-hooks.php:362

actionwoocommerce_checkout_update_order_metaomnisend-woocommerce-hooks.php:363

actionomnisend_plugin_updatedomnisend-woocommerce-hooks.php:365

actionomnisend_plugin_updatedomnisend-woocommerce-hooks.php:366

actionomnisend_plugin_updatedomnisend-woocommerce-hooks.php:367

actionomnisend_plugin_updatedomnisend-woocommerce-hooks.php:368

actionomnisend_wordpress_updatedomnisend-woocommerce-hooks.php:369

actionplugins_loadedomnisend-woocommerce-hooks.php:401

actionplugins_loadedomnisend-woocommerce-hooks.php:424

actionplugins_loadedomnisend-woocommerce-hooks.php:437

actionplugins_loadedomnisend-woocommerce-hooks.php:458

actionin_admin_headeromnisend-woocommerce-hooks.php:471

actionadmin_menuomnisend-woocommerce.php:115

actionadmin_enqueue_scriptsomnisend-woocommerce.php:156

actionwp_enqueue_scriptsomnisend-woocommerce.php:203

actionactivated_pluginomnisend-woocommerce.php:221

filtercron_schedulesomnisend-woocommerce.php:257

actioninitomnisend-woocommerce.php:262

actionadmin_noticesomnisend-woocommerce.php:288

actionadmin_noticesomnisend-woocommerce.php:306

actionbefore_woocommerce_initomnisend-woocommerce.php:324

filterallowed_redirect_hostsomnisend-woocommerce.php:355

Scheduled Events 5

omnisend_batch_check

omnisend_init_contacts_sync

omnisend_init_products_sync

omnisend_init_categories_sync

omnisend_plugin_updated

Maintenance & Trust

Email Marketing for WooCommerce by Omnisend Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 22, 2026

PHP min version7.1

Downloads909K

Community Trust

Rating98/100

Number of ratings167

Active installs60K

Alternatives

Email Marketing for WooCommerce by Omnisend Alternatives

Brevo for WooCommerce

woocommerce-sendinblue-newsletter-subscription

All-in-one WooCommerce email marketing, automation, SMS, and CRM by Brevo. Grow your store with powerful marketing tools.

30K 3 CVEs

MailPoet – Newsletters, Email Marketing, and Automation

mailpoet

Send beautiful newsletters from WordPress. Collect subscribers with signup forms, automate your emails for WooCommerce, blog post notifications & more

500K 3 CVEs

Newsletters, Email Marketing, SMS and Popups by Omnisend

omnisend

100

Newsletters, Email Marketing, Email Automation, Forms, Pop Up, SMS by Omnisend

100K No CVEs

weMail: Email Marketing, Email Automation, Newsletters, Subscribers & eCommerce Email Optins

wemail

Send email newsletters, automate email marketing with email automation, manage subscribers, eCommerce emails, post notifications & optins with ease

10K 6 CVEs

Mail Mint – Newsletters, Email Marketing, Automation, WooCommerce Emails, Post Notification, and more

mail-mint

Use Mail Mint, the easiest email marketing automation plugin in WordPress to generate leads, send email campaigns, and run email automation workflows.

6K 8 CVEs

Developer Profile

Email Marketing for WooCommerce by Omnisend Developer Profile

Omnisend

9 plugins · 161K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

42 days

View full developer profile

Detection Fingerprints

How We Detect Email Marketing for WooCommerce by Omnisend

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/omnisend-connect/assets/css/omnisend-connect.css/wp-content/plugins/omnisend-connect/assets/js/omnisend-connect.js/wp-content/plugins/omnisend-connect/assets/css/omnisend-connect-styles.css/wp-content/plugins/omnisend-connect/assets/js/omnisend-connect-scripts.js/wp-content/plugins/omnisend-connect/includes/omnisend-api.js/wp-content/plugins/omnisend-connect/includes/omnisend-cart-event-filter.js/wp-content/plugins/omnisend-connect/includes/blocks/init.js

Script Paths

/wp-content/plugins/omnisend-connect/assets/js/omnisend-connect.js/wp-content/plugins/omnisend-connect/includes/omnisend-api.js/wp-content/plugins/omnisend-connect/includes/omnisend-cart-event-filter.js

Version Parameters

omnisend-connect/assets/css/omnisend-connect.css?ver=omnisend-connect/assets/js/omnisend-connect.js?ver=omnisend-connect/assets/css/omnisend-connect-styles.css?ver=omnisend-connect/assets/js/omnisend-connect-scripts.js?ver=

HTML / DOM Fingerprints

CSS Classes

omnisend-connect-settings-pageomnisend-connect-api-access-noticeomnisend-connect-api-bad-status-noticeomnisend-connect-navigation-tabsomnisend-connect-account-informationomnisend-connect-connectedomnisend-connect-connectionomnisend-connect-permalink-notice+4 more

HTML Comments

Omnisend Connect - API Access NoticeOmnisend Connect - API Bad Status NoticeOmnisend Connect - Navigation TabsOmnisend Connect - Account Information+7 more

Data Attributes

data-omnisend-connect-settingsdata-omnisend-connect-api-noticedata-omnisend-connect-navigationdata-omnisend-connect-account-infodata-omnisend-connect-connected-statusdata-omnisend-connect-connection-settings+5 more

JS Globals

omnisendConnect

REST Endpoints

/wp-json/omnisend-connect/v1/settings/wp-json/omnisend-connect/v1/sync-status/wp-json/omnisend-connect/v1/disconnect

FAQ