WP-Safety

RUA Blog Subscriber Lite Security & Risk Analysis

wordpress.org/plugins/rua-blog-subscriber-lite

Build your email list! Manage Subscribers from a Dashboard. Custom settings. Notify users of new posts. All without having users create accounts.

30 active installs v1.5.4 PHP + WP 4.2+ Updated Jan 23, 2018
blog-subscribersblog-subscriptionmultisitesubscribesubscription
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is RUA Blog Subscriber Lite Safe to Use in 2026?

Generally Safe

Score 85/100

RUA Blog Subscriber Lite has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago
Risk Assessment

The rua-blog-subscriber-lite plugin v1.5.4 exhibits a mixed security posture. While it demonstrates strong practices in output escaping and a lack of file operations or external HTTP requests, significant concerns arise from its attack surface and code analysis signals. The presence of two AJAX handlers without authentication checks presents a direct vulnerability for unauthorized access and potential manipulation of plugin functionality. Furthermore, the use of the `create_function` PHP construct is a known security risk, often leading to code injection vulnerabilities if not handled with extreme caution. The taint analysis, although limited in scope, did identify one flow with an unsanitized path, which warrants further investigation. The plugin's history of zero known CVEs is positive, suggesting a potentially well-maintained codebase or limited exposure. However, this cannot entirely offset the identified weaknesses in the current version. The plugin has strengths in output sanitization and avoidance of external interactions, but the unprotected entry points and use of dangerous functions are notable weaknesses that require immediate attention.

Key Concerns

  • AJAX handlers without auth checks
  • Dangerous function create_function used
  • SQL queries with low prepared statement usage
  • Unsanitized path in taint flow
  • No capability checks
Vulnerabilities
None known

RUA Blog Subscriber Lite Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

RUA Blog Subscriber Lite Code Analysis

Dangerous Functions
1
Raw SQL Queries
8
2 prepared
Unescaped Output
5
91 escaped
Nonce Checks
2
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
1

Dangerous Functions Found

create_functionadd_filter( 'wp_mail_content_type', create_function( '', 'return "text/html";' ) );rua-blog-subscriber-lite.php:664

Bundled Libraries

DataTables

SQL Query Safety

20% prepared10 total queries

Output Escaping

95% escaped96 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths
rua_create_email_subscribers_settings_page (rua-blog-subscriber-lite.php:322)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

RUA Blog Subscriber Lite Attack Surface

Entry Points5
Unprotected2

AJAX Handlers 4

authwp_ajax_rua_email_validationrua-blog-subscriber-lite.php:661
noprivwp_ajax_rua_email_validationrua-blog-subscriber-lite.php:662
authwp_ajax_rua_save_subscriberrua-blog-subscriber-lite.php:784
noprivwp_ajax_rua_save_subscriberrua-blog-subscriber-lite.php:785

Shortcodes 1

[ruasubscriber] rua-blog-subscriber-lite.php:853
WordPress Hooks 13
filterpage_attributes_dropdown_pages_argsincludes\new-page-templater.php:38
filtertheme_page_templatesincludes\new-page-templater.php:43
filterwp_insert_post_dataincludes\new-page-templater.php:50
filtertemplate_includeincludes\new-page-templater.php:58
filterwp_dropdown_pagesincludes\page-templater.php:39
filterwp_insert_post_dataincludes\page-templater.php:44
filtertemplate_includeincludes\page-templater.php:50
actioninitincludes\register-settings.php:32
actionplugins_loadedrua-blog-subscriber-lite.php:59
actionwp_enqueue_scriptsrua-blog-subscriber-lite.php:76
actionadmin_menurua-blog-subscriber-lite.php:90
filterwp_mail_content_typerua-blog-subscriber-lite.php:664
actionpublish_postrua-blog-subscriber-lite.php:948
Maintenance & Trust

RUA Blog Subscriber Lite Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29
Last updatedJan 23, 2018
PHP min version
Downloads5K

Community Trust

Rating90/100
Number of ratings6
Active installs30
Alternatives

RUA Blog Subscriber Lite Alternatives

Subscribe2 – Form, Email Subscribers & Newsletters

Subscribe2 – Form, Email Subscribers & Newsletters

subscribe2

A
88

Sends a list of subscribers an email notification when you publish new posts.

20K 8 CVEs
WP Subscribe

WP Subscribe

wp-subscribe

C
61

WP Subscribe is a simple but powerful subscription plugin which supports MailChimp, Aweber and Feedburner.

9K 1 unpatched
Delete Me

Delete Me

delete-me

A
92

Allow users with specific WordPress roles to delete themselves from the Your Profile page or anywhere Shortcodes can be used.

8K 1 CVE
WP Subscription Forms – Subscription Form Plugin for WordPress

WP Subscription Forms – Subscription Form Plugin for WordPress

wp-subscription-forms

A
96

Create unlimited subscription forms effortlessly with our user-friendly tool. Collect subscribers directly in WP Backend and export them to CSV.

500 3 CVEs
Subscribe to Download Lite – Download after Email Subscription Form WordPress Plugin

Subscribe to Download Lite – Download after Email Subscription Form WordPress Plugin

subscribe-to-download-lite

A
97

Capture subscribers right from your WordPress site by simply providing them freebies to download through email after successful subscription

400 2 CVEs
Developer Profile

RUA Blog Subscriber Lite Developer Profile

dxladner

3 plugins · 360 total installs

79
trust score
Avg Security Score
78/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect RUA Blog Subscriber Lite

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/rua-blog-subscriber-lite/css/rua-blog-subscriber-public-styles.css/wp-content/plugins/rua-blog-subscriber-lite/js/custom.js/wp-content/plugins/rua-blog-subscriber-lite/css/font-awesome.min.css/wp-content/plugins/rua-blog-subscriber-lite/js/jquery.validate.min.js/wp-content/plugins/rua-blog-subscriber-lite/css/font-awesome.min.css/wp-content/plugins/rua-blog-subscriber-lite/css/bootstrap.min.css/wp-content/plugins/rua-blog-subscriber-lite/css/dataTables.bootstrap.css/wp-content/plugins/rua-blog-subscriber-lite/css/rua-blog-subscriber-admin-styles.css+5 more
Script Paths
/wp-content/plugins/rua-blog-subscriber-lite/js/custom.js/wp-content/plugins/rua-blog-subscriber-lite/js/jquery.validate.min.js/wp-content/plugins/rua-blog-subscriber-lite/js/bootstrap.min.js/wp-content/plugins/rua-blog-subscriber-lite/js/custom.js/wp-content/plugins/rua-blog-subscriber-lite/js/custom-datatables.js/wp-content/plugins/rua-blog-subscriber-lite/js/jquery.dataTables.min.js+1 more
Version Parameters
rua-blog-subscriber-lite/css/rua-blog-subscriber-public-styles.css?ver=rua-blog-subscriber-lite/js/custom.js?ver=rua-blog-subscriber-lite/css/font-awesome.min.css?ver=rua-blog-subscriber-lite/js/jquery.validate.min.js?ver=rua-blog-subscriber-lite/css/font-awesome.min.css?ver=rua-blog-subscriber-lite/css/bootstrap.min.css?ver=rua-blog-subscriber-lite/css/dataTables.bootstrap.css?ver=rua-blog-subscriber-lite/css/rua-blog-subscriber-admin-styles.css?ver=rua-blog-subscriber-lite/js/bootstrap.min.js?ver=rua-blog-subscriber-lite/js/custom.js?ver=rua-blog-subscriber-lite/js/custom-datatables.js?ver=rua-blog-subscriber-lite/js/jquery.dataTables.min.js?ver=rua-blog-subscriber-lite/js/dataTables.bootstrap.js?ver=

HTML / DOM Fingerprints

CSS Classes
btn-upgrade-sm
Data Attributes
id="datatable"
JS Globals
MyAjax
Shortcode Output
[rua_blog_subscriber]
FAQ

Frequently Asked Questions about RUA Blog Subscriber Lite