Does Sailthru for WordPress have any unpatched vulnerabilities?

No. All known vulnerabilities in Sailthru for WordPress have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Sailthru for WordPress compatible with WordPress 5.7.15?

According to WordPress.org data, Sailthru for WordPress 4.3.10 has been tested up to WordPress 5.7.15. Check the plugin's changelog for the latest compatibility information.

How often is Sailthru for WordPress updated?

Sailthru for WordPress was last updated on Mar 9, 2026. Frequent updates are generally a positive security signal.

What is Sailthru for WordPress's security score?

Sailthru for WordPress has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Sailthru for WordPress Security & Risk Analysis

wordpress.org/plugins/sailthru-widget

Provides an integration with Sailthru

2K active installs v4.3.10 PHP + WP 5.5+ Updated Mar 9, 2026

emailpersonalization

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Sailthru for WordPress Safe to Use in 2026?

Generally Safe

Score 100/100

Sailthru for WordPress has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 26d ago

Risk Assessment

The Sailthru Widget plugin, version 4.3.10, exhibits a generally strong security posture based on the provided static analysis and vulnerability history. The plugin demonstrates good practices by utilizing prepared statements for all SQL queries and implementing nonce and capability checks for its identified entry points. The absence of any recorded vulnerabilities, including critical or high severity CVEs, further reinforces its current security soundness. The minimal attack surface, composed of a few AJAX handlers and a shortcode, is also noteworthy, especially since no unprotected entry points were identified.

However, a minor concern arises from the output escaping. While 83% of outputs are properly escaped, this leaves 17% potentially unescaped. In a plugin with this many output operations (462 total), even a small percentage of unescaped output could lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is involved in these unescaped outputs. The presence of external HTTP requests, while not inherently a vulnerability, warrants attention as it can introduce risks if not handled securely and if the external services are compromised.

In conclusion, Sailthru Widget v4.3.10 appears to be a secure plugin, benefiting from robust security checks and a clean vulnerability history. The primary area for improvement is ensuring 100% output escaping to eliminate any potential XSS risks. The plugin's strengths lie in its secure handling of database interactions and protected entry points. Overall, the risk is assessed as low, with a minor deduction for the unescaped output percentage.

Key Concerns

Percentage of unescaped outputs

Vulnerabilities

None known

Sailthru for WordPress Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Sailthru for WordPress Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

384 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

83% escaped462 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

add_subscriber (widget.subscribe.php:297)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Sailthru for WordPress Attack Surface

Entry Points3

Unprotected0

AJAX Handlers 2

noprivwp_ajax_add_subscriberwidget.subscribe.php:71

authwp_ajax_add_subscriberwidget.subscribe.php:72

Shortcodes 1

[sailthru_widget] widget.subscribe.php:608

WordPress Hooks 41

actionadmin_menuclasses\class-sailthru-content.php:8

actionadmin_initclasses\class-sailthru-content.php:9

actionsave_postclasses\class-sailthru-content.php:10

actionwp_headclasses\class-sailthru-content.php:11

actionwp_trash_postclasses\class-sailthru-content.php:12

actioninitclasses\class-sailthru-horizon.php:21

actionadmin_enqueue_scriptsclasses\class-sailthru-horizon.php:25

actionwp_enqueue_scriptsclasses\class-sailthru-horizon.php:28

actionadmin_menuclasses\class-sailthru-horizon.php:31

actionplugins_loadedclasses\class-sailthru-horizon.php:34

filterscript_loader_tagclasses\class-sailthru-horizon.php:200

actionload-post.phpclasses\class-sailthru-meta-box.php:11

actionload-post-new.phpclasses\class-sailthru-meta-box.php:12

actionadd_meta_boxesclasses\class-sailthru-meta-box.php:19

actionsave_postclasses\class-sailthru-meta-box.php:20

actionwp_enqueue_scriptsclasses\class-sailthru-scout.php:13

actioninitclasses\class-sailthru-scout.php:16

actionwp_footerclasses\class-sailthru-scout.php:75

actionwidgets_initclasses\class-sailthru-scout.php:278

actioninitclasses\class-sailthru-subscribe-fields.php:23

actionadmin_enqueue_scriptsclasses\class-sailthru-subscribe-fields.php:27

actionadmin_menuclasses\class-sailthru-subscribe-fields.php:30

actionwp_headclasses\class-sailthru-subscribe-fields.php:33

actionadd_meta_boxesclasses\class-sailthru-subscribe-fields.php:36

actionsave_postclasses\class-sailthru-subscribe-fields.php:37

actionwp_loginplugin.php:277

actionphpmailer_initsailthru_mail.php:43

filterwp_mail_content_typesailthru_mail.php:84

filterwp_mail_content_typesailthru_mail.php:126

actionadmin_initviews\admin.functions.concierge.options.php:135

actionadmin_initviews\admin.functions.integrations.options.php:132

actionadmin_initviews\admin.functions.scout.options.php:93

filtersailthru_api_verificationviews\admin.functions.setup.options.php:18

actionadmin_initviews\admin.functions.setup.options.php:330

actionadmin_initviews\admin.functions.subscribe.options.php:510

actioninitwidget.subscribe.php:53

actionadmin_enqueue_scriptswidget.subscribe.php:68

actionwp_enqueue_scriptswidget.subscribe.php:73

actionwp_enqueue_scriptswidget.subscribe.php:74

actionwp_headwidget.subscribe.php:75

actionwidgets_initwidget.subscribe.php:551

Maintenance & Trust

Sailthru for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested5.7.15

Last updatedMar 9, 2026

PHP min version

Downloads142K

Community Trust

Rating0/100

Number of ratings0

Active installs2K

Alternatives

Sailthru for WordPress Alternatives

Product Completion Emails for WooCommerce

product-completion-emails-for-woocommerce

Send personalized emails for each product after order completion in WooCommerce.

30 No CVEs

WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin

wp-mail-smtp

Make email delivery easy for WordPress. Connect with SMTP, Gmail, Outlook, SendGrid, Mailgun, SES, Zoho, + more. Rated #1 WordPress SMTP Email plugin.

4.0M 2 CVEs

Hostinger Reach – AI-Powered Email Marketing for WordPress

hostinger-reach

100

Launch and grow your email marketing effortlessly with Hostinger Reach. Collect contacts, sync subscribers, and send emails – all in one, AI powered.

1.0M No CVEs

MC4WP: Mailchimp for WordPress

mailchimp-for-wp

The #1 Mailchimp plugin for WordPress. Allows you to add a multitude of newsletter sign-up methods to your site.

1.0M 11 CVEs

Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more

easy-wp-smtp

Make SMTP email sending and delivery easy. Configure Gmail, Outlook, Brevo, SendGrid, Mailgun, SendLayer or connect to any SMTP server.

500K 8 CVEs

Developer Profile

Sailthru for WordPress Developer Profile

Sailthru

1 plugin · 2K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Sailthru for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/sailthru-widget/css/sailthru.css/wp-content/plugins/sailthru-widget/js/sailthru-admin.js/wp-content/plugins/sailthru-widget/js/sailthru.js/wp-content/plugins/sailthru-widget/js/sailthru-admin-setup.js

Script Paths

/wp-content/plugins/sailthru-widget/js/sailthru.js/wp-content/plugins/sailthru-widget/js/sailthru-admin.js/wp-content/plugins/sailthru-widget/js/sailthru-admin-setup.js

Version Parameters

sailthru-widget/css/sailthru.css?ver=sailthru-widget/js/sailthru.js?ver=sailthru-widget/js/sailthru-admin.js?ver=sailthru-widget/js/sailthru-admin-setup.js?ver=

HTML / DOM Fingerprints

CSS Classes

sailthru-subscribe-widgetsailthru-form-field

Data Attributes

data-sailthru-form-id

JS Globals

SailthruAdminsailthru_vars

FAQ