WP-Safety

Send Users Email – Email Subscribers, Email Marketing Newsletter Security & Risk Analysis

wordpress.org/plugins/send-users-email

Send Users Email provides a way to send email to all system users either by selecting individual users or user roles.

5K active installs v1.6.2 PHP 7.4+ WP 5.7+ Updated Nov 28, 2025
email-all-usersemail-subscribersemail-system-usersemail-userssend-email
99
A · Safe
CVEs total2
Unpatched0
Last CVEJul 12, 2024
Plugin page Download
Safety Verdict

Is Send Users Email – Email Subscribers, Email Marketing Newsletter Safe to Use in 2026?

Generally Safe

Score 99/100

Send Users Email – Email Subscribers, Email Marketing Newsletter has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

2 known CVEsLast CVE: Jul 12, 2024Updated 5mo ago
Risk Assessment

The 'send-users-email' plugin exhibits a concerning security posture despite some positive aspects. While the use of prepared statements for SQL queries and a high percentage of properly escaped output are commendable, the plugin suffers from a significant number of unprotected entry points. All six identified AJAX handlers lack authentication checks, creating a substantial attack surface where unauthenticated users could potentially trigger unintended actions. Furthermore, the taint analysis revealed four flows with unsanitized paths, indicating a risk of improper handling of user-supplied data, although no critical or high severity issues were found in this analysis.

The plugin's vulnerability history, with two known medium severity CVEs related to 'Insertion of Sensitive Information into Log File,' is a significant concern. Although currently unpatched vulnerabilities are zero, this pattern suggests a recurring weakness in how sensitive data is handled or logged. The presence of bundled libraries like DataTables and Freemius v1.0, without information on their versions, could also introduce risks if they are outdated or contain known vulnerabilities. Overall, while the plugin demonstrates good practices in database interaction and output sanitization, the lack of authentication on AJAX endpoints and the historical pattern of sensitive information disclosure present clear and actionable security risks that need to be addressed.

Key Concerns

  • AJAX handlers without auth checks
  • Flows with unsanitized paths
  • Medium severity CVEs (x2)
  • Bundled Freemius v1.0 library (potentially outdated)
  • Bundled DataTables library (potentially outdated)
Vulnerabilities
2 published

Send Users Email – Email Subscribers, Email Marketing Newsletter Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2024-38760medium · 5.3Insertion of Sensitive Information into Log File

Send Users Email <= 1.5.1 - Unauthenticated Information Exposure

Jul 12, 2024 Patched in 1.5.2 (4d)
CVE-2023-52126medium · 5.3Insertion of Sensitive Information into Log File

Send Users Email <= 1.4.3 - Sensitive Information Exposure via Error Logs

Dec 28, 2023 Patched in 1.4.4 (26d)
Version History

Send Users Email – Email Subscribers, Email Marketing Newsletter Release Timeline

v1.6.2Current
v1.6.1
v1.6
v1.5.15
v1.5.14
v1.5.13
v1.5.12
v1.5.11
v1.5.10
v1.5.9
v1.5.8
v1.5.7
v1.5.6
v1.5.5
v1.5.4
v1.5.3
v1.5.2
v1.5.11 CVE
CVE-2024-38760
v1.5.01 CVE
CVE-2024-38760
v1.4.41 CVE
CVE-2024-38760
Code Analysis
Analyzed Mar 16, 2026

Send Users Email – Email Subscribers, Email Marketing Newsletter Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
3 prepared
Unescaped Output
44
295 escaped
Nonce Checks
7
Capability Checks
10
File Operations
13
External Requests
0
Bundled Libraries
2

Bundled Libraries

DataTablesFreemius1.0

SQL Query Safety

100% prepared3 total queries

Output Escaping

87% escaped339 total outputs
Data Flows · Security
4 unsanitized

Data Flow Analysis

5 flows4 with unsanitized paths
handle_ajax_admin_user_email (admin\class-send-users-email-admin.php:448)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
6 unprotected

Send Users Email – Email Subscribers, Email Marketing Newsletter Attack Surface

Entry Points6
Unprotected6

AJAX Handlers 6

authwp_ajax_sue_user_email_ajaxincludes\class-send-users-email.php:58
authwp_ajax_sue_email_users_progressincludes\class-send-users-email.php:60
authwp_ajax_sue_role_email_ajaxincludes\class-send-users-email.php:62
authwp_ajax_sue_email_roles_progressincludes\class-send-users-email.php:64
authwp_ajax_sue_settings_ajaxincludes\class-send-users-email.php:66
authwp_ajax_sue_view_email_log_ajaxincludes\class-send-users-email.php:74
WordPress Hooks 16
actionshow_user_profileincludes\class-email-subscription-user-meta.php:52
actionedit_user_profileincludes\class-email-subscription-user-meta.php:53
actionpersonal_options_updateincludes\class-email-subscription-user-meta.php:64
actionedit_user_profile_updateincludes\class-email-subscription-user-meta.php:65
actionplugins_loadedincludes\class-send-users-email.php:45
actionadmin_enqueue_scriptsincludes\class-send-users-email.php:53
actionadmin_enqueue_scriptsincludes\class-send-users-email.php:54
actionadmin_menuincludes\class-send-users-email.php:56
actionwp_mail_failedincludes\class-send-users-email.php:68
actionadmin_initincludes\class-send-users-email.php:70
actionadmin_initincludes\class-send-users-email.php:72
filterinitincludes\class-send-users-email.php:76
filtersue_get_email_theme_scheme_choicesincludes\class-woo-email-template.php:8
filtersue_send_using_wp_mail_woocommerceincludes\class-woo-email-template.php:9
actionsue_process_sue_send_using_email_service_woocommerceincludes\class-woo-email-template.php:10
actionafter_uninstallsend-users-email.php:112
Maintenance & Trust

Send Users Email – Email Subscribers, Email Marketing Newsletter Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedNov 28, 2025
PHP min version7.4
Downloads125K

Community Trust

Rating90/100
Number of ratings28
Active installs5K
Alternatives

Send Users Email – Email Subscribers, Email Marketing Newsletter Alternatives

Email Log

Email Log

email-log

A
95

Log and view all outgoing emails from WordPress. Very useful if you have to debug email related problems or have to store sent emails for auditing.

80K 4 CVEs
Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress

Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress

email-subscribers

B
76

Add subscription forms on the website and send newsletters & automatically send post notification about new blog posts once it gets published.

60K 42 CVEs
Gutena Newsletter – Subscriber Block & Connect Mailchimp

Gutena Newsletter – Subscriber Block & Connect Mailchimp

newsletter-block-by-gutena

A
100

Are you looking for a simple and effective way to grow your email subscriber list using Mailchimp? Then the Gutena Newsletter is exactly what you need &hellip;

1K No CVEs
Mass Email To users

Mass Email To users

mass-email-to-users

A
100

Mass Email To Users is the plugin for sending a mass email to WordPress users. Admin can send an email to WordPress users together.

900 1 CVE
Send Email From Admin

Send Email From Admin

send-email-from-admin

A
85

Easily send a simple custom email with an attachment from the WordPress administration screen.

800 No CVEs
Developer Profile

Send Users Email – Email Subscribers, Email Marketing Newsletter Developer Profile

PARETO Digital

2 plugins · 10K total installs

93
trust score
Avg Security Score
99/100
Avg Patch Time
12 days
View full developer profile
Detection Fingerprints

How We Detect Send Users Email – Email Subscribers, Email Marketing Newsletter

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/send-users-email/admin/css/bootstrap.min.css/wp-content/plugins/send-users-email/admin/css/dataTables.bootstrap5.min.css/wp-content/plugins/send-users-email/admin/css/send-users-email-admin.css/wp-content/plugins/send-users-email/admin/js/bootstrap.bundle.min.js/wp-content/plugins/send-users-email/admin/js/jquery.dataTables.min.js/wp-content/plugins/send-users-email/admin/js/dataTables.bootstrap5.min.js/wp-content/plugins/send-users-email/admin/js/send-users-email-admin.js
Version Parameters
send-users-email/css/bootstrap.min.css?ver=send-users-email/css/dataTables.bootstrap5.min.css?ver=send-users-email/css/send-users-email-admin.css?ver=send-users-email/js/bootstrap.bundle.min.js?ver=send-users-email/js/jquery.dataTables.min.js?ver=send-users-email/js/dataTables.bootstrap5.min.js?ver=send-users-email/js/send-users-email-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
sue-bootstrap-5sue-bootstrap-5-datatablesend-users-email-admin
FAQ

Frequently Asked Questions about Send Users Email – Email Subscribers, Email Marketing Newsletter