Does Simple MailChimp have any unpatched vulnerabilities?

No. All known vulnerabilities in Simple MailChimp have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Simple MailChimp compatible with WordPress 6.9.0?

According to WordPress.org data, Simple MailChimp 1.2.1 has been tested up to WordPress 6.9.0. Check the plugin's changelog for the latest compatibility information.

How often is Simple MailChimp updated?

Simple MailChimp was last updated on Dec 14, 2025. Frequent updates are generally a positive security signal.

What is Simple MailChimp's security score?

Simple MailChimp has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Simple MailChimp Security & Risk Analysis

wordpress.org/plugins/simple-mailchimp

The "Simple MailChimp" WordPress plugin will make it very easy for you to add a simple, customizable MailChimp form to any page using shortc …

10 active installs v1.2.1 PHP + WP 3.0+ Updated Dec 14, 2025

formmailchimpnewslettersign-upsubscribe

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Simple MailChimp Safe to Use in 2026?

Generally Safe

Score 100/100

Simple MailChimp has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago

Risk Assessment

The "simple-mailchimp" plugin v1.2.1 exhibits a mixed security posture. On the positive side, the plugin has no recorded vulnerabilities in its history and does not utilize dangerous functions or perform file operations. All SQL queries are properly prepared, and it makes only one external HTTP request, which is often unavoidable. However, significant concerns arise from the static analysis. The plugin fails to implement any nonce checks or capability checks, leaving its single entry point (a shortcode) potentially vulnerable to unauthorized actions if it interacts with sensitive data or functionality. Furthermore, the extremely low percentage of properly escaped output (3%) indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities, as user-supplied or dynamically generated data is likely being rendered directly to the browser without adequate sanitization. The taint analysis revealing unsanitized paths, even if not critical or high severity, combined with the lack of output escaping, points to potential avenues for malicious input to be processed insecurely.

Key Concerns

No nonce checks implemented
No capability checks implemented
Very low output escaping percentage
Unsanitized paths in taint analysis

Vulnerabilities

None known

Simple MailChimp Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Simple MailChimp Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

1 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

3% escaped32 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

simple_mailchimp_admin_page (simple-mailchimp.php:90)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Simple MailChimp Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[simple_mailchimp] simple-mailchimp.php:384

WordPress Hooks 6

actionplugins_loadedsimple-mailchimp.php:32

actioninitsimple-mailchimp.php:41

actionadmin_menusimple-mailchimp.php:53

actionadmin_headsimple-mailchimp.php:58

filterplugin_action_linkssimple-mailchimp.php:63

actioninitsimple-mailchimp.php:88

Maintenance & Trust

Simple MailChimp Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.0

Last updatedDec 14, 2025

PHP min version

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Simple MailChimp Alternatives

WDV MailChimp Ajax

wdv-mailchimp-ajax

With this plugin you can add 'WDV MailChimp Ajax' widget with subscribe form by MailChimp to your theme. You can change the design of the wi …

30 No CVEs

MC4WP: Mailchimp for WordPress

mailchimp-for-wp

The #1 Mailchimp plugin for WordPress. Allows you to add a multitude of newsletter sign-up methods to your site.

1.0M 11 CVEs

Creative Mail – Easier WordPress & WooCommerce Email Marketing

creative-mail-by-constant-contact

Creative Mail was designed specifically for WordPress and WooCommerce. Our intelligent (and super fun) email editor simplifies email marketing campaig …

300K 3 CVEs

MailerLite – Signup forms (official)

official-mailerlite-sign-up-forms

Add newsletter signup forms to your WordPress site. Subscribers will be saved directly to your MailerLite account. Super easy to set up!

100K 7 CVEs

MailChimp Forms by MailMunch

mailchimp-forms-by-mailmunch

MailChimp Forms to get more email subscribers. Subscribe your WordPress visitors to your MailChimp lists easily.

10K 5 CVEs

Developer Profile

Simple MailChimp Developer Profile

2biazdk

3 plugins · 120 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Simple MailChimp

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/simple-mailchimp/style.css

HTML / DOM Fingerprints

CSS Classes

simple-mailchimp-donate-box

Data Attributes

id="simple-mailchimp-api-key"id="simple-mailchimp-default-list"id="simple-mailchimp-subscribe-status"id="simple-mailchimp-success-message"id="simple-mailchimp-error-message"name="api_key"+4 more

FAQ