Does Smaily Connect have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Smaily Connect compatible with WordPress 6.8.5?

According to WordPress.org data, Smaily Connect 1.6.1 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Smaily Connect compatible with PHP 7.0+?

Smaily Connect requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Smaily Connect updated?

Smaily Connect was last updated on Mar 10, 2026. Frequent updates are generally a positive security signal.

What is Smaily Connect's security score?

Smaily Connect has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Smaily Connect Security & Risk Analysis

wordpress.org/plugins/smaily-connect

The Smaily Connect plugin integrates Contact Form 7 and WooCommerce, offering a complete email marketing and automation solution.

1K active installs v1.6.1 PHP 7.0+ WP 6.0+ Updated Mar 10, 2026

emailmailmarketingnewslettersmaily

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Smaily Connect Safe to Use in 2026?

Generally Safe

Score 100/100

Smaily Connect has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The Smaily Connect plugin v1.6.1 exhibits a generally strong security posture with several positive indicators. The complete absence of known CVEs and a consistent use of prepared statements for all SQL queries are significant strengths. Furthermore, a high percentage of properly escaped output suggests good practices in preventing cross-site scripting (XSS) vulnerabilities. The plugin also demonstrates a reasonable number of nonce and capability checks, indicating an awareness of common WordPress security mechanisms.

However, a notable concern lies within the attack surface. The presence of two AJAX handlers, one of which lacks authentication checks, presents a clear vulnerability pathway. This unprotected entry point could be exploited by unauthenticated users to trigger unintended plugin functionality. While taint analysis shows no immediate critical or high-severity issues, the lack of unsanitized path flows could be due to the analysis scope or simply the absence of such vulnerabilities in this specific version. The plugin also makes external HTTP requests, which, while not inherently a vulnerability, can introduce risks if not handled securely or if external endpoints are compromised.

Overall, the plugin is well-maintained with no historical vulnerabilities, suggesting proactive security efforts. The primary risk stems from the unprotected AJAX handler, which requires immediate attention. If this AJAX endpoint performs sensitive operations, the risk is heightened. The plugin's strengths in SQL query handling and output escaping are commendable, but the identified attack surface weakness significantly detracts from its otherwise robust security.

Key Concerns

AJAX handler without auth checks

Vulnerabilities

None known

Smaily Connect Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Smaily Connect Release Timeline

v1.6.1Current

v1.6.0

v1.5.1

v1.5.0

v1.4.3

v1.4.2

v1.4.1

v1.4.0

v1.3.3

v1.3.2

v1.3.1

v1.3.0

v1.2.4

v1.2.3

v1.2.2

v1.2.1

v1.2.0

v1.1.0

v1.0.0

Code Analysis

Analyzed Mar 16, 2026

Smaily Connect Code Analysis

Dangerous Functions

Raw SQL Queries

10 prepared

Unescaped Output

306 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared10 total queries

Output Escaping

95% escaped323 total outputs

Attack Surface

1 unprotected

Smaily Connect Attack Surface

Entry Points3

Unprotected1

AJAX Handlers 2

authwp_ajax_smaily_connect_dismiss_noticeadmin\smaily-admin-notices.class.php:14

authwp_ajax_smaily_admin_saveadmin\smaily-admin.class.php:81

Shortcodes 1

[smaily_connect_newsletter_form] public\smaily-public.class.php:65

WordPress Hooks 57

actionadmin_noticesadmin\smaily-admin-notices.class.php:13

actionadmin_enqueue_scriptsadmin\smaily-admin.class.php:75

actionadmin_enqueue_scriptsadmin\smaily-admin.class.php:76

actionadmin_initadmin\smaily-admin.class.php:77

actionadmin_menuadmin\smaily-admin.class.php:78

actionwidgets_initadmin\smaily-admin.class.php:80

actionrest_api_initincludes\smaily-api.class.php:49

actioninitincludes\smaily-blocks.class.php:55

actioninitincludes\smaily-blocks.class.php:56

actioninitincludes\smaily-blocks.class.php:59

filter__experimental_woocommerce_blocks_add_data_attributes_to_blockincludes\smaily-blocks.class.php:60

actionwoocommerce_blocks_loadedincludes\smaily-blocks.class.php:61

actionwoocommerce_blocks_checkout_block_registrationincludes\smaily-blocks.class.php:123

filtersafe_style_cssincludes\smaily-helper.class.php:253

actioninitincludes\smaily-lifecycle.class.php:43

actionplugins_loadedincludes\smaily-lifecycle.class.php:44

actionupgrader_process_completeincludes\smaily-lifecycle.class.php:45

actionactivated_pluginincludes\smaily-lifecycle.class.php:46

actionwpcf7_editor_panelsintegrations\cf7\admin.class.php:45

actionwpcf7_after_saveintegrations\cf7\admin.class.php:46

actionwpcf7_initintegrations\cf7\admin.class.php:47

actionadmin_enqueue_scriptsintegrations\cf7\admin.class.php:48

actionwpcf7_submitintegrations\cf7\public.class.php:46

filterwpcf7_feedback_responseintegrations\cf7\public.class.php:165

filterwpcf7_ajax_json_echointegrations\cf7\public.class.php:175

actionelementor/elements/categories_registeredintegrations\elementor\admin.class.php:12

actionelementor/frontend/after_register_stylesintegrations\elementor\admin.class.php:13

actionelementor/frontend/after_enqueue_stylesintegrations\elementor\admin.class.php:14

actionelementor/widgets/registerintegrations\elementor\admin.class.php:15

actionwoocommerce_cart_updatedintegrations\woocommerce\cart.class.php:24

actionwoocommerce_thankyouintegrations\woocommerce\cart.class.php:25

actionwoocommerce_checkout_order_processedintegrations\woocommerce\cart.class.php:26

actionwoocommerce_store_api_checkout_order_processedintegrations\woocommerce\cart.class.php:27

filtercron_schedulesintegrations\woocommerce\cron.class.php:47

actionsmaily_connect_cron_sync_subscribersintegrations\woocommerce\cron.class.php:49

actionsmaily_connect_cron_abandoned_carts_statusintegrations\woocommerce\cron.class.php:51

actionsmaily_connect_cron_abandoned_carts_emailintegrations\woocommerce\cron.class.php:53

actionpersonal_options_updateintegrations\woocommerce\profile-settings.class.php:23

actionedit_user_profile_updateintegrations\woocommerce\profile-settings.class.php:24

actionshow_user_profileintegrations\woocommerce\profile-settings.class.php:27

actionedit_user_profileintegrations\woocommerce\profile-settings.class.php:28

actionwoocommerce_register_formintegrations\woocommerce\profile-settings.class.php:31

actionwoocommerce_edit_account_formintegrations\woocommerce\profile-settings.class.php:32

filterwoocommerce_checkout_fieldsintegrations\woocommerce\profile-settings.class.php:35

actionwoocommerce_created_customerintegrations\woocommerce\profile-settings.class.php:38

actionwoocommerce_save_account_detailsintegrations\woocommerce\profile-settings.class.php:39

actioninitintegrations\woocommerce\rss.class.php:19

filterquery_varsintegrations\woocommerce\rss.class.php:20

filtertemplate_includeintegrations\woocommerce\rss.class.php:21

actioninitintegrations\woocommerce\rss.class.php:22

actionpersonal_options_updateintegrations\woocommerce\subscriber-synchronization.class.php:47

actionedit_user_profile_updateintegrations\woocommerce\subscriber-synchronization.class.php:48

actionwoocommerce_created_customerintegrations\woocommerce\subscriber-synchronization.class.php:49

actionwoocommerce_save_account_detailsintegrations\woocommerce\subscriber-synchronization.class.php:50

actionwoocommerce_checkout_order_processedintegrations\woocommerce\subscriber-synchronization.class.php:51

actionwoocommerce_store_api_checkout_update_order_from_requestintegrations\woocommerce\subscriber-synchronization.class.php:52

actioninitpublic\smaily-public.class.php:56

Scheduled Events 3

smaily_connect_cron_sync_subscribers

smaily_connect_cron_abandoned_carts_status

smaily_connect_cron_abandoned_carts_email

Maintenance & Trust

Smaily Connect Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedMar 10, 2026

PHP min version7.0

Downloads11K

Community Trust

Rating0/100

Number of ratings0

Active installs1K

Alternatives

Smaily Connect Alternatives

Hostinger Reach – AI-Powered Email Marketing for WordPress

hostinger-reach

Launch and grow your email marketing effortlessly with Hostinger Reach. Collect contacts, sync subscribers, and send emails – all in one, AI powered.

1.0M 1 CVE

MailPoet – Newsletters, Email Marketing, and Automation

mailpoet

Send beautiful newsletters from WordPress. Collect subscribers with signup forms, automate your emails for WooCommerce, blog post notifications & more

500K 3 CVEs

Creative Mail – Easier WordPress & WooCommerce Email Marketing

creative-mail-by-constant-contact

Creative Mail was designed specifically for WordPress and WooCommerce. Our intelligent (and super fun) email editor simplifies email marketing campaig …

300K 3 CVEs

Newsletter – Send awesome emails from WordPress

newsletter

An email marketing tool for your blog: subscription forms to create your lists with unlimited subscribers and newsletters.

200K 20 CVEs

Brevo – Email, SMS, Web Push, Chat, and more.

mailin

Turn your WordPress site into a marketing powerhouse. Grow your audience, boost engagement, and drive more sales with Brevo.

100K 9 CVEs

Developer Profile

Smaily Connect Developer Profile

Smaily

4 plugins · 2K total installs

trust score

Avg Security Score

95/100

Avg Patch Time

115 days

View full developer profile

Detection Fingerprints

How We Detect Smaily Connect

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/smaily-connect/admin/css/smaily-admin.css/wp-content/plugins/smaily-connect/admin/js/smaily-admin.js/wp-content/plugins/smaily-connect/admin/js/smaily-admin-page.js

Script Paths

/wp-content/plugins/smaily-connect/admin/js/smaily-admin.js/wp-content/plugins/smaily-connect/admin/js/smaily-admin-page.js

Version Parameters

smaily-connect/admin/css/smaily-admin.css?ver=smaily-connect/admin/js/smaily-admin.js?ver=smaily-connect/admin/js/smaily-admin-page.js?ver=

HTML / DOM Fingerprints

CSS Classes

smaily-admin-wrapsmaily-admin-headersmaily-admin-formsmaily-api-credentials-formsmaily-settings-fieldsmaily-admin-footer

HTML Comments

Data Attributes

data-subdomaindata-usernamedata-password

JS Globals

smaily_admin_params

REST Endpoints

/wp-json/smaily-connect/v1/settings

FAQ