WP-Safety

Skytake – WordPress Email Marketing Plugin Security & Risk Analysis

wordpress.org/plugins/skytake

Skytake is a Wordpress lead generation plugin that allows you to grow your email list on your website. It is compatible with Woocommerce and Mailchimp …

0 active installs v0.34.0 PHP 5.4+ WP 4.6+ Updated Nov 22, 2019
couponmailchimpmarketingwoocommercewoocommerce-coupon
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Skytake – WordPress Email Marketing Plugin Safe to Use in 2026?

Generally Safe

Score 85/100

Skytake – WordPress Email Marketing Plugin has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago
Risk Assessment

The "skytake" v0.34.0 plugin exhibits a mixed security posture. While it has no recorded vulnerability history and generally uses prepared statements for SQL queries and proper output escaping, significant concerns arise from its attack surface and taint analysis. A large number of AJAX handlers lack authentication checks, creating a substantial entry point for potential unauthorized actions. Furthermore, the presence of "unserialize" as a dangerous function, combined with taint flows indicating unsanitized paths, strongly suggests a risk of arbitrary code execution or object injection if user-controlled data reaches these functions without proper validation.

The lack of a vulnerability history is a positive sign, suggesting a historically well-maintained codebase. However, this cannot offset the immediate risks identified in the static and taint analysis. The plugin's strengths lie in its use of prepared statements and output escaping, indicating some security awareness. The weaknesses, however, are critical: the unauthenticated AJAX handlers and the potential for deserialization vulnerabilities are serious threats that could compromise the WordPress site.

In conclusion, "skytake" v0.34.0 presents a moderate to high security risk. The absence of past vulnerabilities is reassuring, but the current analysis reveals significant potential attack vectors. Remediation efforts should prioritize securing the AJAX handlers and thoroughly sanitizing any input used with the "unserialize" function. It is crucial to address these identified weaknesses to mitigate the risks to the site.

Key Concerns

  • Many AJAX handlers without auth checks
  • Dangerous function: unserialize
  • Taint flows with unsanitized paths (High)
  • Low nonce check coverage
  • Limited capability check coverage
Vulnerabilities
None known

Skytake – WordPress Email Marketing Plugin Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Skytake – WordPress Email Marketing Plugin Code Analysis

Dangerous Functions
6
Raw SQL Queries
5
8 prepared
Unescaped Output
137
262 escaped
Nonce Checks
1
Capability Checks
3
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$item['c_settings'] = unserialize( $item['c_settings'] );inc\class-campaign-list-table.php:91
unserialize$item['c_statistics'] = unserialize( $item['c_statistics'] );inc\class-campaign-list-table.php:92
unserialize$campaign['c_settings'] = unserialize( $campaign['c_settings'] );inc\class-campaign.php:34
unserialize$campaign['c_statistics'] = unserialize( $campaign['c_statistics'] );inc\class-campaign.php:35
unserialize$campaign['c_settings'] = unserialize( $campaign['c_settings'] );inc\class-campaign.php:59
unserialize$campaign['c_statistics'] = unserialize( $campaign['c_statistics'] );inc\class-campaign.php:60

SQL Query Safety

62% prepared13 total queries

Output Escaping

66% escaped399 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

4 flows3 with unsanitized paths
<class-backend> (inc\class-backend.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
14 unprotected

Skytake – WordPress Email Marketing Plugin Attack Surface

Entry Points15
Unprotected14

AJAX Handlers 14

authwp_ajax_skytake_get_popupinc\class-ajax.php:22
noprivwp_ajax_skytake_get_popupinc\class-ajax.php:23
authwp_ajax_skytake_subscribeinc\class-ajax.php:25
noprivwp_ajax_skytake_subscribeinc\class-ajax.php:26
authwp_ajax_skytake_update_campaign_viewsinc\class-ajax.php:28
noprivwp_ajax_skytake_update_campaign_viewsinc\class-ajax.php:29
authwp_ajax_skytake_save_editor_settingsinc\class-ajax.php:31
authwp_ajax_skytake_duplicate_campaigninc\class-ajax.php:32
authwp_ajax_skytake_new_campaigninc\class-ajax.php:33
authwp_ajax_skytake_delete_campaigninc\class-ajax.php:34
authwp_ajax_skytake_toggle_status_campaigninc\class-ajax.php:35
authwp_ajax_skytake_envato_validationinc\class-ajax.php:36
authwp_ajax_skytake_get_preview_template_markupinc\class-ajax.php:37
authwp_ajax_skytake_get_mailchimp_list_itemsinc\class-ajax.php:38

Shortcodes 1

[skytake] inc\class-shortcode.php:21
WordPress Hooks 33
actionadmin_menuinc\class-backend.php:23
actionadmin_enqueue_scriptsinc\class-backend.php:25
actionadmin_enqueue_scriptsinc\class-backend.php:26
actioninitinc\class-backend.php:28
actionadmin_noticesinc\class-backend.php:29
actionadmin_noticesinc\class-backend.php:30
actionadmin_initinc\class-backend.php:33
actionadmin_initinc\class-editor.php:21
filtershow_admin_barinc\class-editor.php:34
actionwp_headinc\class-editor.php:43
actionwp_headinc\class-editor.php:44
actionwp_headinc\class-editor.php:45
actionwp_headinc\class-editor.php:46
actionwp_footerinc\class-editor.php:48
actionwp_footerinc\class-editor.php:49
actionwp_enqueue_scriptsinc\class-editor.php:58
actionwp_enqueue_scriptsinc\class-editor.php:59
filterheartbeat_settingsinc\class-editor.php:62
actionwp_enqueue_scriptsinc\class-frontend.php:17
actioninitinc\class-gutenberg.php:21
actionplugins_loadedinc\class-plugin.php:58
actionadmin_initinc\class-plugin.php:60
actionadmin_initinc\class-preview.php:26
filtershow_admin_barinc\class-preview.php:39
actionwp_headinc\class-preview.php:48
actionwp_headinc\class-preview.php:49
actionwp_headinc\class-preview.php:50
actionwp_headinc\class-preview.php:51
actionwp_footerinc\class-preview.php:53
actionwp_enqueue_scriptsinc\class-preview.php:63
actionwp_enqueue_scriptsinc\class-preview.php:64
filterheartbeat_settingsinc\class-preview.php:67
actionwidgets_initinc\class-widget.php:93
Maintenance & Trust

Skytake – WordPress Email Marketing Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested5.3.21
Last updatedNov 22, 2019
PHP min version5.4
Downloads950

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Skytake – WordPress Email Marketing Plugin Alternatives

Smart Coupons For WooCommerce Coupons

Smart Coupons For WooCommerce Coupons

wt-smart-coupons-for-woocommerce

A
99

Best WooCommerce coupons plugin to create advanced coupons and discount codes with auto-apply, BOGO, free shipping, giveaways, and discount rules.

30K 1 CVE
Advanced Coupons for WooCommerce Coupons & Store Credit

Advanced Coupons for WooCommerce Coupons & Store Credit

advanced-coupons-for-woocommerce-free

A
96

Enhance WooCommerce coupons with new coupon types, BOGO coupons, store credit, discount rules, url coupons, gift cards, loyalty program + more!

20K 2 CVEs
Coupon Generator for WooCommerce

Coupon Generator for WooCommerce

coupon-generator-for-woocommerce

A
92

Generate WooCommerce coupons easily and fast.

10K No CVEs
Power Coupons for WooCommerce

Power Coupons for WooCommerce

power-coupons

A
100

WordPress coupon plugin for WooCommerce that auto-applies discounts with flexible rules and dynamic cart incentives—no codes required.

2K No CVEs
First Order Coupon Manager for WooCommerce

First Order Coupon Manager for WooCommerce

first-order-coupon-manager-for-woocommerce

A
85

Maintain the first-order discount using this plugin.

1K No CVEs
Developer Profile

Skytake – WordPress Email Marketing Plugin Developer Profile

Sabri

3 plugins · 90 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Skytake – WordPress Email Marketing Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/skytake/assets/css/admin.css/wp-content/plugins/skytake/assets/js/admin.js
Version Parameters
/assets/js/admin.js?ver=/assets/css/admin.css?ver=

HTML / DOM Fingerprints

CSS Classes
skytake-new-campaigndlb_containeropen-skytake-new-campaignskytake-new-campaign-boxcreate-skytake-new-campaign
Data Attributes
data-name="campaign_type"
JS Globals
skytake_admin_settings
FAQ

Frequently Asked Questions about Skytake – WordPress Email Marketing Plugin