Does RDS Newsletter have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is RDS Newsletter compatible with WordPress 6.9.4?

According to WordPress.org data, RDS Newsletter 1.3.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is RDS Newsletter compatible with PHP 7.4+?

RDS Newsletter requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is RDS Newsletter updated?

RDS Newsletter was last updated on Apr 9, 2026. Frequent updates are generally a positive security signal.

What is RDS Newsletter's security score?

RDS Newsletter has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

RDS Newsletter Security & Risk Analysis

wordpress.org/plugins/rds-newsletter

A self-hosted email newsletter plugin for WordPress with subscriber management, batch sending, open and click tracking, and bounce processing.

0 active installs v1.3.0 PHP 7.4+ WP 6.2+ Updated Apr 9, 2026

emailmailing-listnewslettersubscribers

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is RDS Newsletter Safe to Use in 2026?

Generally Safe

Score 100/100

RDS Newsletter has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The rds-newsletter plugin version 1.3.0 exhibits a mixed security posture. On the positive side, it demonstrates strong adherence to secure coding practices by exclusively using prepared statements for all SQL queries and ensuring all output is properly escaped. The absence of any known CVEs and a clean vulnerability history are also significant strengths, suggesting a well-maintained and historically secure codebase.

However, the plugin presents a considerable risk due to its substantial attack surface, particularly its 11 unprotected AJAX handlers. While there are 23 nonce checks and 18 capability checks in total, the fact that a majority of AJAX entry points lack these fundamental security measures creates a direct path for potential unauthorized actions if not adequately protected by other layers.

The taint analysis reveals one high-severity flow with unsanitized paths. Although this did not translate into a critical finding, it warrants attention as it points to areas where user-supplied data might be processed in a way that could lead to unintended consequences or further vulnerabilities if exploited in conjunction with other weaknesses. The presence of unsanitized paths, even without a critical rating, indicates a potential for privilege escalation or other security issues.

Key Concerns

11 unprotected AJAX handlers
1 high severity taint flow with unsanitized paths

Vulnerabilities

None known

RDS Newsletter Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

RDS Newsletter Release Timeline

v1.4.0

Code Analysis

Analyzed Apr 16, 2026

RDS Newsletter Code Analysis

Dangerous Functions

Raw SQL Queries

71 prepared

Unescaped Output

381 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared71 total queries

Output Escaping

100% escaped382 total outputs

Data Flows · Security

4 unsanitized

Data Flow Analysis

11 flows4 with unsanitized paths

page_reports (includes/class-admin.php:761)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

11 unprotected

RDS Newsletter Attack Surface

Entry Points14

Unprotected11

AJAX Handlers 12

authwp_ajax_rdsnl_subscriberds-newsletter.php:175

noprivwp_ajax_rdsnl_subscriberds-newsletter.php:176

authwp_ajax_rdsnl_unsubscriberds-newsletter.php:179

noprivwp_ajax_rdsnl_unsubscriberds-newsletter.php:180

authwp_ajax_rdsnl_send_newsletterrds-newsletter.php:183

authwp_ajax_rdsnl_delete_subscriberrds-newsletter.php:184

authwp_ajax_rdsnl_import_subscribersrds-newsletter.php:185

authwp_ajax_rdsnl_export_subscribersrds-newsletter.php:186

authwp_ajax_rdsnl_send_testrds-newsletter.php:187

authwp_ajax_rdsnl_test_imaprds-newsletter.php:190

authwp_ajax_rdsnl_check_bouncesrds-newsletter.php:191

authwp_ajax_rdsnl_process_queue_nowrds-newsletter.php:194

Shortcodes 2

[rdsnl_signup] rds-newsletter.php:166

[rdsnl_unsubscribe] rds-newsletter.php:167

WordPress Hooks 16

actionadmin_menuincludes/class-admin.php:9

actionrdsnl_process_bouncesincludes/class-bounce-processor.php:12

actiontemplate_redirectincludes/class-public-pages.php:16

actiontemplate_redirectincludes/class-public-pages.php:17

filterwp_mail_fromincludes/class-sender.php:155

actionphpmailer_initincludes/class-sender.php:158

actiontemplate_redirectincludes/class-tracker.php:15

actionwp_mail_failedincludes/class-tracker.php:16

filtercron_schedulesrds-newsletter.php:96

actionrdsnl_process_queuerds-newsletter.php:105

actionplugins_loadedrds-newsletter.php:115

actioninitrds-newsletter.php:123

actioninitrds-newsletter.php:132

actioninitrds-newsletter.php:140

actionadmin_enqueue_scriptsrds-newsletter.php:160

actioninitrds-newsletter.php:169

Scheduled Events 4

rdsnl_process_bounces

rdsnl_process_queue

rdsnl_process_bounces

Maintenance & Trust

RDS Newsletter Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedApr 9, 2026

PHP min version7.4

Downloads69

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

RDS Newsletter Alternatives

Newsletters

newsletters-lite

Newsletter plugin for WordPress to capture subscribers and send beautiful, bulk newsletter emails.

2K 26 CVEs

CN Blog Mailer

cn-blog-mailer

100

Simple automated newsletter plugin for WordPress. Automatically email your latest blog posts to subscribers with scheduled newsletters, subscription f …

0 No CVEs

FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution

fluent-crm

The easiest and fastest Email Marketing, Newsletter, Marketing Automation Plugin & CRM Solution for WordPress

70K 3 CVEs

Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress

email-subscribers

Add subscription forms on the website and send newsletters & automatically send post notification about new blog posts once it gets published.

60K 42 CVEs

Kit (formerly ConvertKit) – Email Newsletter, Email Marketing, Membership, Subscribers and Landing Pages

convertkit

Build your email subscriber lists, send email marketing newsletters, sell more products and build your membership site with Kit (formerly ConvertKit).

40K 4 CVEs

Developer Profile

RDS Newsletter Developer Profile

Val Davis

1 plugin · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect RDS Newsletter

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/rds-newsletter/assets/css/admin.css/wp-content/plugins/rds-newsletter/assets/js/admin.js/wp-content/plugins/rds-newsletter/assets/css/public.css/wp-content/plugins/rds-newsletter/assets/js/public.js

Script Paths

/wp-content/plugins/rds-newsletter/assets/js/admin.js/wp-content/plugins/rds-newsletter/assets/js/public.js

Version Parameters

rds-newsletter/assets/css/admin.css?ver=rds-newsletter/assets/js/admin.js?ver=rds-newsletter/assets/css/public.css?ver=rds-newsletter/assets/js/public.js?ver=

HTML / DOM Fingerprints

JS Globals

rdsnlrdsnl_public

Shortcode Output

[rdsnl_signup][rdsnl_unsubscribe]

FAQ