Does Subscriber by BestWebSoft have any unpatched vulnerabilities?

No. All known vulnerabilities in Subscriber by BestWebSoft have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Subscriber by BestWebSoft compatible with WordPress 6.5.8?

According to WordPress.org data, Subscriber by BestWebSoft 1.4.9 has been tested up to WordPress 6.5.8. Check the plugin's changelog for the latest compatibility information.

How often is Subscriber by BestWebSoft updated?

Subscriber by BestWebSoft was last updated on Jun 9, 2025. Frequent updates are generally a positive security signal.

What is Subscriber by BestWebSoft's security score?

Subscriber by BestWebSoft has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Subscriber by BestWebSoft Security & Risk Analysis

wordpress.org/plugins/subscriber

Add email newsletter sign up form to WordPress posts, pages, and widgets. Collect data and subscribe your users.

1K active installs v1.4.9 PHP + WP 5.6+ Updated Jun 9, 2025

add-subsribe-formdisplay-subscribe-formsubscribe-to-newsletterssubscribersubscriber-plugin

A · Safe

CVEs total1

Unpatched0

Last CVEApr 12, 2017

Plugin page Download

Safety Verdict

Is Subscriber by BestWebSoft Safe to Use in 2026?

Generally Safe

Score 100/100

Subscriber by BestWebSoft has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Apr 12, 2017Updated 9mo ago

Risk Assessment

The "subscriber" plugin v1.4.9 exhibits a generally good security posture with several strong practices in place. The vast majority of SQL queries utilize prepared statements (73%), and output escaping is also very well implemented (97%). The plugin also has a healthy number of nonce and capability checks, indicating an awareness of common WordPress security vulnerabilities. However, the taint analysis reveals a significant concern with 5 out of 13 analyzed flows having unsanitized paths, with all of these being classified as high severity. This suggests potential vulnerabilities that could be exploited by malicious actors to manipulate file paths or access unintended resources. The plugin also has a history of a medium severity Cross-Site Scripting (XSS) vulnerability, although it is currently unpatched. While the static analysis reports no directly exploitable unprotected entry points, the high number of unsanitized taint flows in conjunction with the historical XSS vulnerability warrants careful attention. The plugin's strengths lie in its diligent use of prepared statements and output escaping, but the identified taint flow issues and past XSS vulnerability represent the primary areas of risk.

Key Concerns

High severity unsanitized taint flows
History of XSS vulnerability
Non-trivial file operations
External HTTP requests

Vulnerabilities

Subscriber by BestWebSoft Security Vulnerabilities

CVEs by Year

1 CVE in 2017

2017

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2017-18502medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Subscriber by BestWebSoft <= 1.3.4 - Multiple Cross-Site Scripting

Apr 12, 2017 Patched in 1.3.5 (2477d)

Code Analysis

Analyzed Mar 16, 2026

Subscriber by BestWebSoft Code Analysis

Dangerous Functions

Raw SQL Queries

32 prepared

Unescaped Output

757 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

73% prepared44 total queries

Output Escaping

97% escaped784 total outputs

Data Flows

5 unsanitized

Data Flow Analysis

13 flows5 with unsanitized paths

bws_add_menu_render (bws_menu\bws_menu.php:12)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Subscriber by BestWebSoft Attack Surface

Entry Points3

Unprotected0

AJAX Handlers 2

authwp_ajax_bws_submit_request_feature_actionbws_menu\class-bws-settings.php:1453

authwp_ajax_bws_submit_uninstall_reason_actionbws_menu\deactivation-form.php:433

Shortcodes 1

[sbscrbr_form] subscriber.php:2012

WordPress Hooks 42

filterload_textdomain_mofilebws_menu\bws_functions.php:37

filtermce_external_pluginsbws_menu\bws_functions.php:1089

filtermce_buttonsbws_menu\bws_functions.php:1090

actionadmin_initbws_menu\bws_functions.php:1365

actionadmin_enqueue_scriptsbws_menu\bws_functions.php:1366

actionadmin_headbws_menu\bws_functions.php:1367

actionadmin_footerbws_menu\bws_functions.php:1368

actionadmin_noticesbws_menu\bws_functions.php:1370

actionwp_enqueue_scriptsbws_menu\bws_functions.php:1372

actiontemplate_redirectsubscriber.php:131

actionthe_postssubscriber.php:132

filtersbscrbr_cntctfrm_checkbox_addsubscriber.php:138

filtersbscrbr_cntctfrm_checkbox_checksubscriber.php:139

filtersbscrbr_checkbox_addsubscriber.php:142

filtersbscrbr_checkbox_checksubscriber.php:143

filterthe_contentsubscriber.php:435

filterthe_contentsubscriber.php:436

filterthe_contentsubscriber.php:437

filterthe_contentsubscriber.php:438

filterthe_contentsubscriber.php:439

filterthe_contentsubscriber.php:440

actionnetwork_admin_menusubscriber.php:1990

actionadmin_menusubscriber.php:1992

actionplugins_loadedsubscriber.php:1996

actioninitsubscriber.php:1998

actionadmin_initsubscriber.php:1999

actionadmin_enqueue_scriptssubscriber.php:2001

actionwp_enqueue_scriptssubscriber.php:2002

actionwp_footersubscriber.php:2003

actionprofile_personal_optionssubscriber.php:2006

actionprofile_updatesubscriber.php:2007

actionwidgets_initsubscriber.php:2010

filterwidget_textsubscriber.php:2013

filtersbscrbr_add_unsubscribe_linksubscriber.php:2015

actionuser_registersubscriber.php:2017

actiondelete_usersubscriber.php:2019

filterset-screen-optionsubscriber.php:2021

filterplugin_action_linkssubscriber.php:2023

filternetwork_admin_plugin_action_linkssubscriber.php:2026

filterplugin_row_metasubscriber.php:2029

actionadmin_noticessubscriber.php:2031

filterbws_shortcode_button_contentsubscriber.php:2034

Maintenance & Trust

Subscriber by BestWebSoft Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8

Last updatedJun 9, 2025

PHP min version

Downloads118K

Community Trust

Rating92/100

Number of ratings11

Active installs1K

Alternatives

Subscriber by BestWebSoft Alternatives

FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution

fluent-crm

The easiest and fastest Email Marketing, Newsletter, Marketing Automation Plugin & CRM Solution for WordPress

70K 3 CVEs

Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress

email-subscribers

Add subscription forms on the website and send newsletters & automatically send post notification about new blog posts once it gets published.

60K 42 CVEs

Kit (formerly ConvertKit) – Email Newsletter, Email Marketing, Membership, Subscribers and Landing Pages

convertkit

Build your email subscriber lists, send email marketing newsletters, sell more products and build your membership site with Kit (formerly ConvertKit).

40K 4 CVEs

Simple Newsletter Plugin – Noptin

newsletter-optin-box

A fast, GDPR-compliant newsletter plugin. Collect newsletter subscribers, let users subscribe to new post notifications, and send newsletters. ★★★★★

10K 4 CVEs

weMail: Email Marketing, Email Automation, Newsletters, Subscribers & eCommerce Email Optins

wemail

Send email newsletters, automate email marketing with email automation, manage subscribers, eCommerce emails, post notifications & optins with ease

10K 6 CVEs

Developer Profile

Subscriber by BestWebSoft Developer Profile

bestweblayout

32 plugins · 17K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

1944 days

View full developer profile

Detection Fingerprints

How We Detect Subscriber by BestWebSoft

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/subscriber/assets/css/form.css/wp-content/plugins/subscriber/assets/css/style.css/wp-content/plugins/subscriber/assets/js/form.js/wp-content/plugins/subscriber/assets/js/jquery.bxslider.min.js/wp-content/plugins/subscriber/assets/js/jquery.subscribe.min.js

Script Paths

/wp-content/plugins/subscriber/assets/js/jquery.subscribe.min.js/wp-content/plugins/subscriber/assets/js/form.js/wp-content/plugins/subscriber/assets/js/jquery.bxslider.min.js

Version Parameters

subscriber/assets/css/form.css?ver=subscriber/assets/css/style.css?ver=subscriber/assets/js/form.js?ver=subscriber/assets/js/jquery.bxslider.min.js?ver=subscriber/assets/js/jquery.subscribe.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

sbscrbr_subscribe_formsbscrbr_subscribe_form_stylesbscrbr_form_field_wrapsbscrbr_form_errorsbscrbr_form_submitsbscrbr_form_resetsbscrbr_subscribers_list_tablesbscrbr_list_table_td

HTML Comments

© Copyright 2021 BestWebSoft ( https://support.bestwebsoft.com )Plugin Name: Subscriber by BestWebSoftThis program is free software; you can redistribute it and/or modifyThis program is distributed in the hope that it will be useful,+7 more

Data Attributes

data-sbscrbr-form-id

JS Globals

sbscrbr_form_settingssbscrbr_ajaxurlsbscrbr_data

Shortcode Output

[subscribe][subscriber][subscribe_form]

FAQ