Does Subscription Widget for SendGrid have any unpatched vulnerabilities?

No. All known vulnerabilities in Subscription Widget for SendGrid have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Subscription Widget for SendGrid compatible with WordPress 6.8.5?

According to WordPress.org data, Subscription Widget for SendGrid 1.0 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Subscription Widget for SendGrid compatible with PHP 7.4+?

Subscription Widget for SendGrid requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Subscription Widget for SendGrid updated?

Subscription Widget for SendGrid was last updated on May 3, 2025. Frequent updates are generally a positive security signal.

What is Subscription Widget for SendGrid's security score?

Subscription Widget for SendGrid has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Subscription Widget for SendGrid Security & Risk Analysis

wordpress.org/plugins/subscription-widget-for-sendgrid

SG Widget is a Sendgrid Subscription Widget for collecting emails. Just add a shortcode to capture emails and store them in your Sendgrid Account.

0 active installs v1.0 PHP 7.4+ WP 4.0+ Updated May 3, 2025

double-opt-in-sendgridsendgrid-subscribe-formsendgrid-subscription-widgetsendgrid-unsubscribe-linksendgrid-widget

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Subscription Widget for SendGrid Safe to Use in 2026?

Generally Safe

Score 100/100

Subscription Widget for SendGrid has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11mo ago

Risk Assessment

The "subscription-widget-for-sendgrid" plugin v1.0 exhibits a generally strong security posture based on the provided static analysis. The absence of dangerous functions, the exclusive use of prepared statements for SQL queries, and proper output escaping for all identified outputs are positive indicators. Furthermore, the plugin has no recorded vulnerability history, which suggests a good track record and potentially a well-maintained codebase.

However, there are a few areas that warrant attention. The lack of nonce checks and capability checks, especially given the presence of a shortcode, raises a potential concern. While the static analysis did not identify any exploitable flows or vulnerabilities, the absence of these security mechanisms means that if the shortcode were to handle sensitive data or perform critical actions, it could be susceptible to cross-site request forgery (CSRF) or unauthorized access if not properly handled by the WordPress core or other security layers. The single external HTTP request also presents a potential, albeit low, risk if the target endpoint were compromised or if data were not handled securely during the request.

In conclusion, the plugin demonstrates good core security practices in areas like SQL and output handling, and its clean vulnerability history is commendable. Nevertheless, the missing nonce and capability checks on the shortcode represent a weakness that could be exploited under certain circumstances, and the external HTTP request should be monitored for secure implementation. Addressing these points would further strengthen the plugin's security.

Key Concerns

Missing nonce checks
Missing capability checks

Vulnerabilities

None known

Subscription Widget for SendGrid Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Subscription Widget for SendGrid Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

4 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped4 total outputs

Attack Surface

Subscription Widget for SendGrid Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[sg_widget] subscription-widget-for-sendgrid.php:142

WordPress Hooks 3

actionwp_enqueue_scriptssubscription-widget-for-sendgrid.php:34

actionadmin_menusubscription-widget-for-sendgrid.php:145

actionadmin_initsubscription-widget-for-sendgrid.php:173

Maintenance & Trust

Subscription Widget for SendGrid Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedMay 3, 2025

PHP min version7.4

Downloads277

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Subscription Widget for SendGrid Alternatives

No alternatives data available yet.

Developer Profile

Subscription Widget for SendGrid Developer Profile

leaderinternet

1 plugin · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Subscription Widget for SendGrid

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/subscription-widget-for-sendgrid/subscription-widget-for-sendgrid.php

Script Paths

https://app.sgwidget.com/js/sg-widget-v2.js

Version Parameters

sg-widget-v2.js?ver=2.0

HTML / DOM Fingerprints

CSS Classes

sg-widget-subscribe-form

Data Attributes

data-emailerrordata-nameerrordata-checkboxerrordata-customfieldserrordata-token

Shortcode Output

[sg_widget id="Error: No ID provided for sg_widget shortcode.Error: Unable to retrieve widget data.

FAQ