WP-Safety

Omnisend for SureCart Add-On Security & Risk Analysis

wordpress.org/plugins/omnisend-for-surecart-add-on

Email Marketing, Newsletter, Email Automation, Forms, Pop Up, SMS by Omnisend

10 active installs v1.0.11 PHP 7.4+ WP 4.7+ Updated Mar 24, 2026
email-marketingformsubscriber-collectionsurecartweb-tracking
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Omnisend for SureCart Add-On Safe to Use in 2026?

Generally Safe

Score 100/100

Omnisend for SureCart Add-On has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The Omnisend for SureCart Add-On plugin, version 1.0.10, exhibits a strong security posture based on the provided static analysis. The complete absence of AJAX handlers, REST API routes, shortcodes, and cron events with unprotected entry points indicates a minimal attack surface. Furthermore, the code shows no signs of dangerous functions, file operations, external HTTP requests, or critical taint flows. The adherence to prepared statements for all SQL queries is a significant strength, mitigating common injection risks. However, the lack of any recorded nonce or capability checks across the entire plugin is a notable concern. While the static analysis did not identify exploitable vulnerabilities due to this, it suggests a potential blind spot if any functionality were to be added or implicitly created that would benefit from these security measures.

The plugin's vulnerability history is spotless, with zero known CVEs and no recorded vulnerabilities of any severity. This is highly encouraging and suggests a well-maintained codebase or a relatively new/stable feature set. Coupled with the positive static analysis findings, the overall risk assessment is low. The primary area for improvement, as indicated by the data, is the consistent implementation of nonce and capability checks, even if the current attack surface appears negligible. This proactive measure would further harden the plugin against potential future threats, particularly if its functionality evolves.

Key Concerns

  • No nonce checks implemented
  • No capability checks implemented
  • Output escaping not fully implemented (26% unescaped)
Vulnerabilities
None known

Omnisend for SureCart Add-On Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Omnisend for SureCart Add-On Release Timeline

v1.0.11Current
v1.0.10
v1.0.9
v1.0.8
v1.0.7
v1.0.6
v1.0.5
v1.0.4
v1.0.3
v1.0.2
v1.0.1
v1.0.0
Code Analysis
Analyzed Mar 16, 2026

Omnisend for SureCart Add-On Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
14
40 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

74% escaped54 total outputs
Attack Surface

Omnisend for SureCart Add-On Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 28
actionactivated_pluginclass-omnisend-surecartaddon.php:30
actionplugins_loadedclass-omnisend-surecartaddon.php:31
actionadmin_noticesclass-omnisend-surecartaddon.php:136
actionadmin_noticesclass-omnisend-surecartaddon.php:144
actioninitclass-omnisend-surecartaddon.php:149
filterrender_blockincludes\Provider\class-omnisendconsentprovider.php:24
actionadmin_menuincludes\Provider\class-omnisendsettingsprovider.php:40
actionadmin_initincludes\Provider\class-omnisendsettingsprovider.php:41
filterplugin_action_links_omnisend-for-surecart-add-on/class-omnisend-surecartaddon.phpincludes\Provider\class-omnisendsettingsprovider.php:42
actionsurecart/models/productcollection/createdincludes\Service\class-omnisendapiservice.php:104
actionsurecart/models/productcollection/updatedincludes\Service\class-omnisendapiservice.php:105
actionsurecart/models/productcollection/deletedincludes\Service\class-omnisendapiservice.php:106
actionsurecart/models/product/updatedincludes\Service\class-omnisendapiservice.php:108
actionsurecart/models/product/deletedincludes\Service\class-omnisendapiservice.php:109
actionsurecart/models/customer/createdincludes\Service\class-omnisendapiservice.php:111
actionsurecart/checkout_confirmedincludes\Service\class-omnisendapiservice.php:113
actionsurecart/models/fulfillment/createdincludes\Service\class-omnisendapiservice.php:114
actionsurecart/models/refund/createdincludes\Service\class-omnisendapiservice.php:115
actionsurecart/models/checkout/cancelledincludes\Service\class-omnisendapiservice.php:116
actionsurecart/models/checkout/manually_paidincludes\Service\class-omnisendapiservice.php:117
actionsurecart/models/checkout/createdincludes\Service\class-omnisendapiservice.php:119
actionsurecart/models/lineitem/createdincludes\Service\class-omnisendapiservice.php:120
actionsurecart/models/checkout/updatedincludes\Service\class-omnisendapiservice.php:121
actionwpincludes\Service\class-omnisendapiservice.php:122
actionwp_footerincludes\Service\class-omnisendapiservice.php:124
actionwpincludes\Service\class-omnisendapiservice.php:126
actionset_current_userincludes\Service\class-omnisendsnippetservice.php:28
actionwp_enqueue_scriptsincludes\Service\class-omnisendsnippetservice.php:29
Maintenance & Trust

Omnisend for SureCart Add-On Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 24, 2026
PHP min version7.4
Downloads820

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Omnisend for SureCart Add-On Alternatives

Omnisend for Contact Form 7 Add-On

Omnisend for Contact Form 7 Add-On

omnisend-for-contact-form-7

A
100

Email Marketing, Newsletter, Email Automation, Forms, Pop Up, SMS by Omnisend

500 No CVEs
Omnisend for Gravity Forms Add-On

Omnisend for Gravity Forms Add-On

omnisend-for-gravity-forms-add-on

A
100

Email Marketing, Newsletter, Email Automation, Forms, Pop Up, SMS by Omnisend

200 No CVEs
Omnisend for Formidable Forms Add-On

Omnisend for Formidable Forms Add-On

omnisend-for-formidable-forms-add-on

A
100

Email Marketing, Newsletter, Email Automation, Forms, Pop Up, SMS by Omnisend

20 No CVEs
Omnisend for Ninja Forms Add-On

Omnisend for Ninja Forms Add-On

omnisend-for-ninja-forms-add-on

A
100

Email Marketing, Newsletter, Email Automation, Forms, Pop Up, SMS by Omnisend

20 No CVEs
Omnisend for LifterLMS Add-On

Omnisend for LifterLMS Add-On

omnisend-for-lifterlms-add-on

A
100

Email Marketing, Newsletter, Email Automation, Forms, Pop Up, SMS by Omnisend

0 No CVEs
Developer Profile

Omnisend for SureCart Add-On Developer Profile

omnisendcommunity

1 plugin · 10 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Omnisend for SureCart Add-On

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/omnisend-for-surecart-add-on/assets/css/admin-settings.css
Version Parameters
omnisend-for-surecart-add-on/assets/css/admin-settings.css?ver=1.0.10

HTML / DOM Fingerprints

Data Attributes
omnisend_sc_allow_email_consentomnisend_sc_allow_email_pre_selectomnisend_sc_allow_phone_consentomnisend_sc_phone_textomnisend_sc_email_text
FAQ

Frequently Asked Questions about Omnisend for SureCart Add-On