WP-Safety

Retainly Optin Forms Security & Risk Analysis

wordpress.org/plugins/retainly

Plugin Name: Retainly Optin Forms Contributors: Palash Bagchi, Rajesh Pandurangan Tags: wp popup, wordpress popup plugin, wordpress subscription plug …

10 active installs v1.4 PHP + WP + Updated Aug 8, 2017
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Retainly Optin Forms Safe to Use in 2026?

Generally Safe

Score 85/100

Retainly Optin Forms has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago
Risk Assessment

The Retainly plugin v1.4 exhibits a generally good security posture with several strengths. The static analysis reveals a robust implementation of security best practices, evidenced by the high percentage of SQL queries using prepared statements and a substantial number of output escaping mechanisms. The absence of known CVEs and a clean vulnerability history are positive indicators of past security diligence. However, there are areas of concern that warrant attention. The presence of 35 AJAX handlers, with 4 lacking authentication checks, represents a significant attack surface that could be exploited if not properly secured. While the taint analysis did not reveal critical or high severity issues, the single flow with an unsanitized path, even if low severity, suggests a potential for subtle vulnerabilities. The limited number of capability checks (3) compared to the number of entry points also raises a flag regarding the granularity of access control.

Key Concerns

  • AJAX handlers without auth checks
  • Flow with unsanitized path
  • Limited capability checks relative to entry points
Vulnerabilities
None known

Retainly Optin Forms Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Retainly Optin Forms Code Analysis

Dangerous Functions
0
Raw SQL Queries
4
13 prepared
Unescaped Output
28
431 escaped
Nonce Checks
33
Capability Checks
3
File Operations
4
External Requests
1
Bundled Libraries
1

Bundled Libraries

TinyMCE

SQL Query Safety

76% prepared17 total queries

Output Escaping

94% escaped459 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

6 flows1 with unsanitized paths
generate_modal_warning (dashboard\dashboard.php:232)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

Retainly Optin Forms Attack Surface

Entry Points38
Unprotected4

AJAX Handlers 35

authwp_ajax_rad_dashboard_generate_warningdashboard\dashboard.php:46
authwp_ajax_rad_dashboard_execute_live_searchdashboard\dashboard.php:47
authwp_ajax_rad_dashboard_activate_screendashboard\dashboard.php:48
authwp_ajax_rad_rapidology_save_settingsretainly.php:89
authwp_ajax_rapidology_reset_options_pageretainly.php:95
authwp_ajax_rapidology_remove_optinretainly.php:97
authwp_ajax_rapidology_duplicate_optinretainly.php:99
authwp_ajax_rapidology_add_variantretainly.php:101
authwp_ajax_rapidology_home_tab_tablesretainly.php:103
authwp_ajax_rapidology_toggle_optin_statusretainly.php:105
authwp_ajax_rapidology_authorize_accountretainly.php:107
authwp_ajax_rapidology_reset_accounts_tableretainly.php:109
authwp_ajax_rapidology_generate_mailing_listsretainly.php:111
authwp_ajax_rapidology_generate_new_account_fieldsretainly.php:113
authwp_ajax_rapidology_generate_accounts_listretainly.php:115
authwp_ajax_rapidology_generate_current_listsretainly.php:117
authwp_ajax_rapidology_generate_edit_account_pageretainly.php:119
authwp_ajax_rapidology_save_account_tabretainly.php:121
authwp_ajax_rapidology_ab_test_actionsretainly.php:123
authwp_ajax_rapidology_get_stats_graph_ajaxretainly.php:125
authwp_ajax_rapidology_refresh_optins_stats_tableretainly.php:127
authwp_ajax_rapidology_reset_statsretainly.php:129
authwp_ajax_rapidology_pick_winner_optinretainly.php:131
authwp_ajax_rapidology_clear_statsretainly.php:133
authwp_ajax_rapidology_clear_stats_single_optinretainly.php:134
authwp_ajax_rapidology_get_premade_valuesretainly.php:137
authwp_ajax_rapidology_generate_template_filterretainly.php:138
authwp_ajax_rapidology_generate_premade_gridretainly.php:139
authwp_ajax_rapidology_display_previewretainly.php:141
authwp_ajax_rapidology_handle_stats_addingretainly.php:143
noprivwp_ajax_rapidology_handle_stats_addingretainly.php:144
authwp_ajax_rapidology_subscriberetainly.php:146
noprivwp_ajax_rapidology_subscriberetainly.php:147
authwp_ajax_rapidology_center_webhooksretainly.php:149
noprivwp_ajax_rapidology_center_webhooksretainly.php:150

Shortcodes 3

[rapidology_on_click_intent] includes\rapidology_functions.php:15
[rad_retainly_inline] retainly.php:156
[rad_retainly_locked] retainly.php:157
WordPress Hooks 41
actionplugins_loadeddashboard\dashboard.php:45
actionadmin_initdashboard\dashboard.php:49
actionadmin_enqueue_scriptsdashboard\dashboard.php:50
actionadmin_initdashboard\dashboard.php:51
actionadmin_initdashboard\dashboard.php:52
actionwp_enqueue_scriptsincludes\ext\rapidology_rapidbar\class.rapidology_rapidbar.php:6
actionadmin_initincludes\ext\rapidology_rapidbar\class.rapidology_rapidbar.php:7
actionadmin_menuretainly.php:52
actionplugins_loadedretainly.php:54
actionadmin_initretainly.php:56
filterrad_rapidology_import_sub_arrayretainly.php:59
filterrad_rapidology_import_arrayretainly.php:60
filterrad_rapidology_export_excluderetainly.php:61
filterrad_rapidology_save_button_classretainly.php:62
actionrad_rapidology_after_header_optionsretainly.php:66
actionrad_rapidology_after_main_optionsretainly.php:68
actionrad_rapidology_after_save_buttonretainly.php:70
actionadmin_enqueue_scriptsretainly.php:91
actionwp_enqueue_scriptsretainly.php:93
actionwidgets_initretainly.php:152
actionafter_setup_themeretainly.php:154
filterbody_classretainly.php:159
actionadmin_noticesretainly.php:163
actionrapidology_lists_auto_refreshretainly.php:172
actionrapidology_stats_auto_refreshretainly.php:173
actionrapidology_update_source_checkretainly.php:174
filtermce_external_pluginsretainly.php:361
filtermce_buttonsretainly.php:362
filteradmin_body_classretainly.php:2242
actionwp_headretainly.php:4726
actionwp_footerretainly.php:4741
filtercomment_post_redirectretainly.php:4746
actionwoocommerce_thankyouretainly.php:4751
actionwp_footerretainly.php:4760
filtercomment_post_redirectretainly.php:4765
actionwoocommerce_thankyouretainly.php:4770
filterthe_contentretainly.php:4779
actionwoocommerce_after_single_product_summaryretainly.php:4780
actionwp_headretainly.php:4791
filterthe_contentretainly.php:4803
filteradmin_footer_textretainly.php:4816

Scheduled Events 2

rapidology_update_source_check
rapidology_stats_auto_refresh
Maintenance & Trust

Retainly Optin Forms Maintenance & Trust

Maintenance Signals

WordPress version tested
Last updatedAug 8, 2017
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Retainly Optin Forms Alternatives

No alternatives data available yet.

Developer Profile

Retainly Optin Forms Developer Profile

retainly

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Retainly Optin Forms

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/retainly/dashboard/assets/css/dashboard.css/wp-content/plugins/retainly/dashboard/assets/js/dashboard.js/wp-content/plugins/retainly/dashboard/assets/js/jquery.datetimepicker.full.min.js/wp-content/plugins/retainly/dashboard/assets/css/jquery.datetimepicker.min.css
Script Paths
/wp-content/plugins/retainly/dashboard/assets/js/dashboard.js/wp-content/plugins/retainly/dashboard/assets/js/jquery.datetimepicker.full.min.js
Version Parameters
/wp-content/plugins/retainly/dashboard/assets/css/dashboard.css?ver=/wp-content/plugins/retainly/dashboard/assets/js/dashboard.js?ver=/wp-content/plugins/retainly/dashboard/assets/js/jquery.datetimepicker.full.min.js?ver=/wp-content/plugins/retainly/dashboard/assets/css/jquery.datetimepicker.min.css?ver=

HTML / DOM Fingerprints

CSS Classes
rad_rapidology_optionsrad_dashboard_containerrad_dashboard_wrapperrad_dashboard_headerrad_dashboard_contentrad_dashboard_footerrad_dashboard_sidebarrad_dashboard_main_content+51 more
Data Attributes
data-rad-dashboard-options-pagenamedata-rad-dashboard-plugin-namedata-rad-dashboard-save-button-textdata-rad-dashboard-plugin-class-namedata-rad-dashboard-options-pathdata-rad-dashboard-options-page
JS Globals
RAD_Rapidologyrad_rapidology_varsrad_dashboard_ajax_object
REST Endpoints
/wp-json/retainly/v1/subscribe/wp-json/retainly/v1/webhook
Shortcode Output
[rad_retainly_inline][rad_retainly_locked]
FAQ

Frequently Asked Questions about Retainly Optin Forms