Does Simple Email & MailChimp Subscriber have any unpatched vulnerabilities?

No. All known vulnerabilities in Simple Email & MailChimp Subscriber have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Simple Email & MailChimp Subscriber compatible with WordPress 5.5.18?

According to WordPress.org data, Simple Email & MailChimp Subscriber 2.2.3 has been tested up to WordPress 5.5.18. Check the plugin's changelog for the latest compatibility information.

How often is Simple Email & MailChimp Subscriber updated?

Simple Email & MailChimp Subscriber was last updated on Aug 31, 2020. Frequent updates are generally a positive security signal.

What is Simple Email & MailChimp Subscriber's security score?

Simple Email & MailChimp Subscriber has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Simple Email & MailChimp Subscriber Security & Risk Analysis

wordpress.org/plugins/simple-email-mailchimp-subscriber

This is the simple and super user friendly mailchimp subscriber plugin form WordPress

10 active installs v2.2.3 PHP + WP 3.0.1+ Updated Aug 31, 2020

mailchimp-subscriber-wordpresswordpress-mailchimpwp-mailchimp

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Simple Email & MailChimp Subscriber Safe to Use in 2026?

Generally Safe

Score 85/100

Simple Email & MailChimp Subscriber has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago

Risk Assessment

The plugin 'simple-email-mailchimp-subscriber' v2.2.3 exhibits a mixed security posture. While it has a clean vulnerability history with no recorded CVEs, indicating a generally well-maintained codebase in the past, the static analysis reveals significant concerns. The presence of two unprotected AJAX handlers presents a direct attack vector for unauthenticated users. Furthermore, the taint analysis highlights two flows with unsanitized paths, both classified as high severity. This suggests potential for malicious data to be processed without proper validation, which could lead to various security issues depending on how these flows are handled. The low percentage of properly escaped output (10%) is also a serious concern, increasing the risk of Cross-Site Scripting (XSS) vulnerabilities. Although the use of prepared statements for SQL queries is relatively high, the overall lack of nonce checks and limited capability checks on critical entry points, combined with the unprotected AJAX handlers and unsanitized data flows, points to a plugin that requires immediate attention to address these critical security weaknesses.

Key Concerns

AJAX handlers without auth checks
High severity unsanitized taint flows
Low percentage of properly escaped output
No nonce checks on entry points
Limited capability checks

Vulnerabilities

None known

Simple Email & MailChimp Subscriber Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Simple Email & MailChimp Subscriber Code Analysis

Dangerous Functions

Raw SQL Queries

6 prepared

Unescaped Output

11 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

SQL Query Safety

75% prepared8 total queries

Output Escaping

10% escaped106 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

wpmsems_subscriber_list (inc\wpmsems_subscriber_list.php:10)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Simple Email & MailChimp Subscriber Attack Surface

Entry Points4

Unprotected2

AJAX Handlers 2

authwp_ajax_wpmsems_simple_subscriberincludes\class-functions.php:18

noprivwp_ajax_wpmsems_simple_subscriberincludes\class-functions.php:19

Shortcodes 2

[wpmsems-subscriber-form] inc\wpmsems_shortcode.php:4

[wpmsems-subscriber-form] public\shortcode\shortcode-default.php:4

WordPress Hooks 23

actioninitadmin\class\class-create-cpt.php:6

actionadmin_enqueue_scriptsadmin\class-plugin-admin.php:15

actionadmin_enqueue_scriptsadmin\class-plugin-admin.php:16

actionadmin_initinc\wpmsems_admin_setting_panel.php:16

actionadmin_menuinc\wpmsems_admin_setting_panel.php:17

actionwp_enqueue_scriptsinc\wpmsems_enqueue.php:5

actionadmin_enqueue_scriptsinc\wpmsems_enqueue.php:15

actionwp_enqueue_scriptsinc\wpmsems_enqueue.php:16

actionadmin_menuinc\wpmsems_subscriber_list.php:3

actionplugins_loadedincludes\class-functions.php:17

filtermanage_wpmsems_subscriber_posts_columnsincludes\class-functions.php:20

actionmanage_wpmsems_subscriber_posts_custom_columnincludes\class-functions.php:21

actionwp_headincludes\class-functions.php:300

actionadmin_headincludes\class-functions.php:301

actioninitincludes\class-upgrade.php:2

actionadmin_noticesincludes\class_csv_export.php:2

actionadmin_initincludes\class_csv_export.php:47

actionwp_enqueue_scriptspublic\class-plugin-public.php:14

actionwp_enqueue_scriptspublic\class-plugin-public.php:15

actionadmin_enqueue_scriptspublic\class-plugin-public.php:16

actionwp_enqueue_scriptspublic\class-plugin-public.php:17

actionelementor/frontend/after_register_scriptssupport\elementor\elementor-support.php:49

actionelementor/widgets/widgets_registeredsupport\elementor\elementor-support.php:50

Maintenance & Trust

Simple Email & MailChimp Subscriber Maintenance & Trust

Maintenance Signals

WordPress version tested5.5.18

Last updatedAug 31, 2020

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Simple Email & MailChimp Subscriber Alternatives

No alternatives data available yet.

Developer Profile

Simple Email & MailChimp Subscriber Developer Profile

wpmonkeys

2 plugins · 80 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Simple Email & MailChimp Subscriber

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/simple-email-mailchimp-subscriber/admin/css/jquery-ui.css/wp-content/plugins/simple-email-mailchimp-subscriber/admin/assets/css/pickplugins-options-framework.css/wp-content/plugins/simple-email-mailchimp-subscriber/admin/assets/css/jquery-ui.css/wp-content/plugins/simple-email-mailchimp-subscriber/admin/assets/css/select2.min.css/wp-content/plugins/simple-email-mailchimp-subscriber/admin/assets/css/codemirror.css/wp-content/plugins/simple-email-mailchimp-subscriber/admin/assets/css/fontawesome.min.css/wp-content/plugins/simple-email-mailchimp-subscriber/admin/css/mage-plugin-admin.css/wp-content/plugins/simple-email-mailchimp-subscriber/public/css/style.css+7 more

Script Paths

/wp-content/plugins/simple-email-mailchimp-subscriber/admin/js/mage-plugin-admin.js/wp-content/plugins/simple-email-mailchimp-subscriber/public/js/mage-plugin-public.js

Version Parameters

simple-email-mailchimp-subscriber/admin/css/mage-plugin-admin.css?ver=simple-email-mailchimp-subscriber/public/css/style.css?ver=simple-email-mailchimp-subscriber/admin/assets/js/pickplugins-options-framework.js?ver=simple-email-mailchimp-subscriber/admin/assets/js/select2.min.js?ver=simple-email-mailchimp-subscriber/admin/assets/js/codemirror.min.js?ver=simple-email-mailchimp-subscriber/admin/assets/js/form-field-dependency.js?ver=simple-email-mailchimp-subscriber/admin/js/mage-plugin-admin.js?ver=simple-email-mailchimp-subscriber/public/js/mage-plugin-public.js?ver=

HTML / DOM Fingerprints

CSS Classes

wpmsems-subscriber-form

Data Attributes

data-wpmsems-form-id

JS Globals

wpmsems_ajax

Shortcode Output

[wpmsems_form]

FAQ