Does Optimizely Campaign have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Optimizely Campaign compatible with WordPress 6.8.5?

According to WordPress.org data, Optimizely Campaign 1.0.0 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Optimizely Campaign compatible with PHP 7.4+?

Optimizely Campaign requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Optimizely Campaign updated?

Optimizely Campaign was last updated on Sep 3, 2025. Frequent updates are generally a positive security signal.

What is Optimizely Campaign's security score?

Optimizely Campaign has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Optimizely Campaign Security & Risk Analysis

wordpress.org/plugins/optimizely-campaign

Empower your email marketing with Optimizely Campaign. Sync customer data, and send transactional emails.

0 active installs v1.0.0 PHP 7.4+ WP 6.6+ Updated Sep 3, 2025

digital-experienceemail-marketingnewslettersmtpwoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Optimizely Campaign Safe to Use in 2026?

Generally Safe

Score 100/100

Optimizely Campaign has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8mo ago

Risk Assessment

The "optimizely-campaign" v1.0.0 plugin exhibits a generally strong security posture based on the provided static analysis. The plugin demonstrates excellent practices by having 100% of its outputs properly escaped and using prepared statements for a high percentage (86%) of its SQL queries. Furthermore, the absence of any critical or high severity taint flows, dangerous functions, or known CVEs is highly encouraging. The plugin also implements nonce checks on all identified entry points, which is a fundamental security control.

However, a notable weakness lies in the complete absence of capability checks for its AJAX handlers. While the entry points are protected by nonces, the lack of authorization checks means that any authenticated user, regardless of their role or permissions, could potentially interact with these AJAX endpoints. This presents a potential risk if these handlers perform sensitive operations or expose privileged information. The plugin's vulnerability history being completely clean is a positive indicator of past development quality, but it does not negate the potential risks identified in the current version's code.

In conclusion, "optimizely-campaign" v1.0.0 is well-developed with strong fundamental security implementations. The primary concern is the missing capability checks on AJAX handlers, which introduces a significant risk of privilege escalation or unauthorized actions by lower-privileged authenticated users. Addressing this would significantly bolster the plugin's security.

Key Concerns

AJAX handlers without capability checks

Vulnerabilities

None known

Optimizely Campaign Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Optimizely Campaign Release Timeline

v1.0.0Current

Code Analysis

Analyzed Mar 17, 2026

Optimizely Campaign Code Analysis

Dangerous Functions

Raw SQL Queries

6 prepared

Unescaped Output

204 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

86% prepared7 total queries

Output Escaping

100% escaped205 total outputs

Attack Surface

Optimizely Campaign Attack Surface

Entry Points3

Unprotected0

AJAX Handlers 2

authwp_ajax_submit_newsletter_formincludes\Newsletter.php:48

noprivwp_ajax_submit_newsletter_formincludes\Newsletter.php:49

Shortcodes 1

[optimizelycampaign_newsletter] includes\Newsletter.php:81

WordPress Hooks 28

filtercron_schedulesincludes\Api\Http.php:116

actioninitincludes\Api\Http.php:117

actionoptimizelycampaign_error_queue_cronincludes\Api\Http.php:118

filterwp_mail_content_typeincludes\Api\Http.php:246

actionadmin_enqueue_scriptsincludes\Base.php:32

actionwp_enqueue_scriptsincludes\Base.php:33

actioninitincludes\ConditionalMailing.php:33

filterwp_mailincludes\ConditionalMailing.php:34

actionwp_mail_succeededincludes\ConditionalMailing.php:35

filterwp_mail_fromincludes\ConditionalMailing.php:123

filterwp_mail_from_nameincludes\ConditionalMailing.php:124

actionphpmailer_initincludes\ConditionalMailing.php:149

actioninitincludes\Newsletter.php:47

actionwoocommerce_register_formincludes\Newsletter.php:51

actionwoocommerce_edit_account_formincludes\Newsletter.php:52

actionprofile_updateincludes\Newsletter.php:53

actionwoocommerce_account_contentincludes\Newsletter.php:54

actionshow_user_profileincludes\Newsletter.php:55

actionedit_user_profileincludes\Newsletter.php:56

actionuser_new_formincludes\Newsletter.php:57

actionuser_registerincludes\Newsletter.php:58

actionadmin_noticesincludes\Newsletter.php:59

actionwoocommerce_customer_save_addressincludes\Newsletter.php:60

actiondelete_userincludes\Newsletter.php:67

actiontemplate_redirectincludes\Newsletter.php:69

actionadmin_menuincludes\OptimizelyPage.php:56

actionadmin_initincludes\OptimizelyPage.php:57

actionwp_enqueue_scriptsincludes\OptimizelyPage.php:58

Scheduled Events 1

optimizelycampaign_error_queue_cron

Maintenance & Trust

Optimizely Campaign Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedSep 3, 2025

PHP min version7.4

Downloads209

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Optimizely Campaign Alternatives

MailPoet – Newsletters, Email Marketing, and Automation

mailpoet

Send beautiful newsletters from WordPress. Collect subscribers with signup forms, automate your emails for WooCommerce, blog post notifications & more

500K 3 CVEs

Email Marketing for WooCommerce by Omnisend

omnisend-connect

Email Marketing, Newsletter, Email Automation, Forms, Pop Up, SMS, Abandoned Cart made easy for WordPress & WooCommerce by Omnisend

50K 3 CVEs

Brevo for WooCommerce

woocommerce-sendinblue-newsletter-subscription

All-in-one WooCommerce email marketing, automation, SMS, and CRM by Brevo. Grow your store with powerful marketing tools.

30K 3 CVEs

weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerce

wemail

Send email newsletters, automate email marketing with email automation, manage subscribers, post notifications, optins & emails for WooCommerce.

10K 6 CVEs

Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails

mail-mint

Use Mail Mint, the easiest email marketing automation plugin in WordPress to generate leads, send email campaigns, and run email automation workflows.

5K 8 CVEs

Developer Profile

Optimizely Campaign Developer Profile

optimizelycampaign

1 plugin · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Optimizely Campaign

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/optimizely-campaign/assets/js/admin-script.js/wp-content/plugins/optimizely-campaign/assets/css/admin-style.css/wp-content/plugins/optimizely-campaign/assets/js/front-script.js

Script Paths

/wp-content/plugins/optimizely-campaign/assets/js/admin-script.js/wp-content/plugins/optimizely-campaign/assets/js/front-script.js

Version Parameters

optimizely-campaign/assets/js/admin-script.js?ver=optimizely-campaign/assets/css/admin-style.css?ver=optimizely-campaign/assets/js/front-script.js?ver=

HTML / DOM Fingerprints

JS Globals

window.optimizelycampaign

FAQ