WP-Safety

ReCorp Divi MailChimp Extension Security & Risk Analysis

wordpress.org/plugins/recorp-divi-mailchimp-extension

Integrate Divi Contact Form with MailChimp. Automatically add form submissions to predetermined lists in MailChimp, using its latest API.

10 active installs v1.0.1 PHP + WP 3.0.1+ Updated Oct 11, 2024
dividivi-contact-formdivi-mailchimpdivi-mailchimp-extensionmailchimp-for-divi
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is ReCorp Divi MailChimp Extension Safe to Use in 2026?

Generally Safe

Score 92/100

ReCorp Divi MailChimp Extension has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The recorp-divi-mailchimp-extension v1.0.1 exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and appears to have a clean vulnerability history with no known CVEs. The absence of shortcodes, cron events, and REST API routes, combined with all identified entry points having authentication checks, significantly reduces the immediate attack surface. However, there are notable areas of concern.

The presence of the `unserialize` function is a critical red flag. If this function is used with data that can be influenced by an attacker, it opens the door to object injection vulnerabilities, even if no direct taint flows were identified as critical or high in the static analysis. Furthermore, the taint analysis reveals a high number of flows with unsanitized paths (4 out of 5), which, while not categorized as critical or high, indicates potential for data manipulation or unintended behavior if those paths are exploited. The output escaping is also suboptimal, with over 45% of outputs not being properly escaped, which could lead to cross-site scripting (XSS) vulnerabilities.

While the lack of historical vulnerabilities is a good sign, it cannot fully compensate for the inherent risks posed by insecure coding practices like unserialization and insufficient output sanitization. The plugin's strengths lie in its adherence to secure SQL practices and its limited entry points with authentication. However, the identified weaknesses, particularly the `unserialize` function and the high rate of unsanitized paths and unescaped output, necessitate careful attention and remediation.

Key Concerns

  • Unsanitized data flows identified
  • Dangerous function 'unserialize' found
  • Significant portion of output not escaped
Vulnerabilities
None known

ReCorp Divi MailChimp Extension Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

ReCorp Divi MailChimp Extension Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
27
32 escaped
Nonce Checks
4
Capability Checks
0
File Operations
0
External Requests
1
Bundled Libraries
0

Dangerous Functions Found

unserialize$license = !empty($license) ? unserialize($license) : array();includes\global_functions.php:6

Output Escaping

54% escaped59 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

5 flows4 with unsanitized paths
save_dcfme_mailchimp_rc_api (admin\class-divi-contact-form-mailchimp-extension-admin.php:239)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

ReCorp Divi MailChimp Extension Attack Surface

Entry Points8
Unprotected0

AJAX Handlers 8

authwp_ajax_divi_contact_for_mailchimp_rc_save_dataadmin\class-divi-contact-form-mailchimp-extension-admin.php:57
noprivwp_ajax_divi_contact_for_mailchimp_rc_save_dataadmin\class-divi-contact-form-mailchimp-extension-admin.php:58
authwp_ajax_save_dcfme_mailchimp_rc_apiadmin\class-divi-contact-form-mailchimp-extension-admin.php:60
noprivwp_ajax_save_dcfme_mailchimp_rc_apiadmin\class-divi-contact-form-mailchimp-extension-admin.php:61
authwp_ajax_dcfme_refresh_mailchimp_rc_listsadmin\class-divi-contact-form-mailchimp-extension-admin.php:63
noprivwp_ajax_dcfme_refresh_mailchimp_rc_listsadmin\class-divi-contact-form-mailchimp-extension-admin.php:64
authwp_ajax_get_dcfme_mailchimp_rc_list_merge_tagsadmin\class-divi-contact-form-mailchimp-extension-admin.php:66
noprivwp_ajax_get_dcfme_mailchimp_rc_list_merge_tagsadmin\class-divi-contact-form-mailchimp-extension-admin.php:67
WordPress Hooks 8
actionadmin_menuadmin\class-divi-contact-form-mailchimp-extension-admin.php:55
filteret_contact_page_email_toadmin\class-divi-contact-form-mailchimp-extension-admin.php:70
actionadmin_initdivi-contact-form-mailchimp-extension.php:87
actionplugins_loadedincludes\class-divi-contact-form-mailchimp-extension.php:147
actionadmin_enqueue_scriptsincludes\class-divi-contact-form-mailchimp-extension.php:162
actionadmin_enqueue_scriptsincludes\class-divi-contact-form-mailchimp-extension.php:163
actionwp_enqueue_scriptsincludes\class-divi-contact-form-mailchimp-extension.php:178
actionwp_enqueue_scriptsincludes\class-divi-contact-form-mailchimp-extension.php:179
Maintenance & Trust

ReCorp Divi MailChimp Extension Maintenance & Trust

Maintenance Signals

WordPress version tested6.3.8
Last updatedOct 11, 2024
PHP min version
Downloads2K

Community Trust

Rating20/100
Number of ratings1
Active installs10
Alternatives

ReCorp Divi MailChimp Extension Alternatives

Contact Form DB Divi

Contact Form DB Divi

contact-form-db-divi

A
100

The Contact Form DB plugin is designed to provide an easy way to store and manage form submissions on your Divi website

3K No CVEs
Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder

Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder

supreme-modules-for-divi

A
95

Divi Supreme lite plugin enhances the experience and features found on Divi and extend with custom creative modules to help you build amazing websites …

200K 3 CVEs
Popups for Divi

Popups for Divi

popups-for-divi

A
100

A quick and easy way to create Popup layers inside the Divi Visual Builder!

100K No CVEs
Column Shortcodes

Column Shortcodes

column-shortcodes

A
85

Adds shortcodes to easily create columns in your posts or pages.

60K No CVEs
Divi Torque Lite – Divi Theme, Divi Builder & Extra Theme

Divi Torque Lite – Divi Theme, Divi Builder & Extra Theme

addons-for-divi

A
99

The Divi Torque plugin you install after Divi builder! Packed with 70+ stunning modules like Post Grid, Filterable Gallery, Google Reviews, and more.

50K 2 CVEs
Developer Profile

ReCorp Divi MailChimp Extension Developer Profile

recorp

6 plugins · 10K total installs

80
trust score
Avg Security Score
88/100
Avg Patch Time
52 days
View full developer profile
Detection Fingerprints

How We Detect ReCorp Divi MailChimp Extension

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/recorp-divi-mailchimp-extension/admin/css/divi-contact-form-mailchimp-extension-admin.css/wp-content/plugins/recorp-divi-mailchimp-extension/admin/css/bootstrap.min.css/wp-content/plugins/recorp-divi-mailchimp-extension/admin/css/multi-select.css
Version Parameters
recorp-divi-mailchimp-extension/admin/css/divi-contact-form-mailchimp-extension-admin.css?ver=recorp-divi-mailchimp-extension/admin/css/bootstrap.min.css?ver=recorp-divi-mailchimp-extension/admin/css/multi-select.css?ver=

HTML / DOM Fingerprints

CSS Classes
dcfme-admin-content
HTML Comments
<!-- admin --><!-- /admin --><!-- admin_content --><!-- /admin_content -->+2 more
Data Attributes
data-mailchimp-rc-api-keydata-mailchimp-rc-list-iddata-mailchimp-rc-email-fielddata-mailchimp-rc-fname-fielddata-mailchimp-rc-lname-fielddata-mailchimp-rc-success-message+5 more
JS Globals
window.dcfme_mailchimp_rc_saved_settingswindow.dcfme_mailchimp_rc_api_keywindow.dcfme_mailchimp_rc_list_idwindow.dcfme_mailchimp_rc_email_fieldwindow.dcfme_mailchimp_rc_fname_fieldwindow.dcfme_mailchimp_rc_lname_field+3 more
REST Endpoints
/wp-json/dcfme/v1/save-settings/wp-json/dcfme/v1/refresh-lists/wp-json/dcfme/v1/get-merge-tags
FAQ

Frequently Asked Questions about ReCorp Divi MailChimp Extension