WP-Safety

SureContact – Newsletters, Email Marketing, Automation, Revenue Tracking & CRM Security & Risk Analysis

wordpress.org/plugins/surecontact

Send newsletters, set up email automations, manage contacts and track ecommerce revenue in a CRM for WordPress.

500 active installs v1.3.1 PHP 7.4+ WP 5.8+ Updated Mar 10, 2026
crmecommerceemail-automationemail-marketingnewsletter
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is SureContact – Newsletters, Email Marketing, Automation, Revenue Tracking & CRM Safe to Use in 2026?

Generally Safe

Score 100/100

SureContact – Newsletters, Email Marketing, Automation, Revenue Tracking & CRM has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 24d ago
Risk Assessment

The "surecontact" plugin v1.3.1 demonstrates a generally strong security posture based on the provided static analysis. A significant strength is the complete absence of unescaped output, indicating good practices in preventing cross-site scripting (XSS) vulnerabilities. The high percentage of SQL queries using prepared statements (89%) also suggests a commendable effort to mitigate SQL injection risks. Furthermore, the plugin has no recorded vulnerability history (CVEs), which is a very positive indicator of its past security performance. The limited attack surface with no unprotected entry points further contributes to its perceived security.

Despite these strengths, a potential concern arises from the taint analysis, which identified one flow with an unsanitized path. While no critical or high severity issues were flagged, this single instance warrants attention as it could represent a latent vulnerability that might be exploitable in specific scenarios or with further research. Additionally, the presence of file operations and external HTTP requests, while not inherently insecure, are areas that often require careful scrutiny for potential vulnerabilities if not implemented with robust input validation and sanitization. The limited number of nonce and capability checks (2 and 7 respectively) might suggest that some functionalities are not as rigorously protected as they could be, although the absence of unprotected entry points mitigates this concern to some extent.

In conclusion, "surecontact" v1.3.1 appears to be a relatively secure plugin due to its well-implemented output escaping, widespread use of prepared statements, and clean vulnerability history. However, the identified unsanitized path in the taint analysis represents a specific area of potential risk that should be investigated. The plugin's strengths in core security practices outweigh the single identified flow, but vigilance is still recommended.

Key Concerns

  • Taint flow with unsanitized path
Vulnerabilities
None known

SureContact – Newsletters, Email Marketing, Automation, Revenue Tracking & CRM Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

SureContact – Newsletters, Email Marketing, Automation, Revenue Tracking & CRM Code Analysis

Dangerous Functions
0
Raw SQL Queries
7
55 prepared
Unescaped Output
0
101 escaped
Nonce Checks
2
Capability Checks
7
File Operations
1
External Requests
6
Bundled Libraries
0

SQL Query Safety

89% prepared62 total queries

Output Escaping

100% escaped101 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths
<class-auth-manager> (includes\class-auth-manager.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

SureContact – Newsletters, Email Marketing, Automation, Revenue Tracking & CRM Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 93
actionwp_abilities_api_categories_initincludes\abilities\class-abilities-loader.php:73
actionwp_abilities_api_initincludes\abilities\class-abilities-loader.php:74
actionadmin_enqueue_scriptsincludes\admin\class-admin-menu.php:56
actionadmin_initincludes\class-auth-manager.php:62
actionadmin_initincludes\class-auth-manager.php:63
actionadmin_menuincludes\class-auth-manager.php:348
actioninitincludes\class-daily-sync-manager.php:65
actionaction_scheduler_completed_actionincludes\class-queue-manager.php:109
filtersurecontact_meta_field_groupsincludes\integrations\class-base-integration.php:151
filtersurecontact_meta_fieldsincludes\integrations\class-base-integration.php:152
actioncartflows_wpincludes\integrations\class-cartflows-integration.php:301
actioncartflows_thankyou_details_beforeincludes\integrations\class-cartflows-integration.php:304
actioncartflows_offer_acceptedincludes\integrations\class-cartflows-integration.php:309
actioncartflows_offer_rejectedincludes\integrations\class-cartflows-integration.php:310
filtersurecontact_woocommerce_tracking_product_nameincludes\integrations\class-cartflows-integration.php:317
actionwpcf7_mail_sentincludes\integrations\class-contact-form-7-integration.php:73
actioncpro_form_submitincludes\integrations\class-convert-pro-integration.php:102
filtercpro_form_submit_settingsincludes\integrations\class-convert-pro-integration.php:105
filtersurecontact_available_sync_typesincludes\integrations\class-edd-integration.php:72
actionedd_complete_purchaseincludes\integrations\class-edd-integration.php:406
actionedd_transition_order_statusincludes\integrations\class-edd-integration.php:409
actionedd_refund_orderincludes\integrations\class-edd-integration.php:412
actionelementor_pro/forms/new_recordincludes\integrations\class-elementor-forms-integration.php:60
actionfluentform/submission_insertedincludes\integrations\class-fluent-forms-integration.php:52
filtersurecontact_available_sync_typesincludes\integrations\class-fluentcrm-integration.php:59
actionfluent_crm/contact_createdincludes\integrations\class-fluentcrm-integration.php:70
actionfluent_crm/contact_updatedincludes\integrations\class-fluentcrm-integration.php:71
actionfluent_crm/contact_email_changedincludes\integrations\class-fluentcrm-integration.php:72
actionfluentcrm_contact_added_to_listsincludes\integrations\class-fluentcrm-integration.php:75
actionfluentcrm_contact_removed_from_listsincludes\integrations\class-fluentcrm-integration.php:76
actionfluentcrm_contact_added_to_tagsincludes\integrations\class-fluentcrm-integration.php:77
actionfluentcrm_contact_removed_from_tagsincludes\integrations\class-fluentcrm-integration.php:78
actiongform_after_submissionincludes\integrations\class-gravity-forms-integration.php:94
filtergform_entry_list_columnsincludes\integrations\class-gravity-forms-integration.php:97
filtergform_entries_column_filterincludes\integrations\class-gravity-forms-integration.php:98
filtergform_entry_detail_meta_boxesincludes\integrations\class-gravity-forms-integration.php:101
actionadmin_initincludes\integrations\class-gravity-forms-integration.php:102
actionlatepoint_customer_createdincludes\integrations\class-latepoint-integration.php:421
actionlatepoint_customer_updatedincludes\integrations\class-latepoint-integration.php:422
actionlatepoint_booking_createdincludes\integrations\class-latepoint-integration.php:425
actionlatepoint_booking_updatedincludes\integrations\class-latepoint-integration.php:426
actionlatepoint_booking_change_statusincludes\integrations\class-latepoint-integration.php:427
actionlatepoint_order_createdincludes\integrations\class-latepoint-integration.php:430
actionlatepoint_order_updatedincludes\integrations\class-latepoint-integration.php:431
actionlatepoint_transaction_createdincludes\integrations\class-latepoint-integration.php:432
actionlatepoint_transaction_refund_createdincludes\integrations\class-latepoint-integration.php:435
actionpresto_player_progressincludes\integrations\class-presto-player-integration.php:72
actionpresto_player/pro/forms/saveincludes\integrations\class-presto-player-integration.php:73
filtersurecontact_available_sync_typesincludes\integrations\class-surecart-integration.php:72
actionsurecart/checkout_confirmedincludes\integrations\class-surecart-integration.php:437
actionsurecart/subscription_renewedincludes\integrations\class-surecart-integration.php:441
actionsurecart/models/refund/createdincludes\integrations\class-surecart-integration.php:444
actionsurecart/models/checkout/cancelledincludes\integrations\class-surecart-integration.php:447
actionsuredash_after_post_submitincludes\integrations\class-suredash-integration.php:218
actionsuredash_after_comment_submitincludes\integrations\class-suredash-integration.php:221
actionsuredash_item_bookmarkincludes\integrations\class-suredash-integration.php:224
actionsuredash_entity_like_reactionincludes\integrations\class-suredash-integration.php:227
actionsuredash_lesson_completedincludes\integrations\class-suredash-integration.php:230
actionsuredash_course_completedincludes\integrations\class-suredash-integration.php:231
actionsrfm_form_submitincludes\integrations\class-sureforms-integration.php:71
actionsuremembers_after_access_grantincludes\integrations\class-suremembers-integration.php:267
actionsuremembers_after_access_revokeincludes\integrations\class-suremembers-integration.php:268
actionsuremembers_user_access_group_grantedincludes\integrations\class-suremembers-integration.php:271
actionsuremembers_user_access_group_revokedincludes\integrations\class-suremembers-integration.php:272
actionwp_loginincludes\integrations\class-suremembers-integration.php:276
actionsurecontact_suremembers_check_expirationsincludes\integrations\class-suremembers-integration.php:279
filtersurecontact_available_sync_typesincludes\integrations\class-woocommerce-integration.php:83
actionwoocommerce_created_customerincludes\integrations\class-woocommerce-integration.php:441
actionwoocommerce_checkout_order_processedincludes\integrations\class-woocommerce-integration.php:442
actionwoocommerce_order_status_processingincludes\integrations\class-woocommerce-integration.php:443
actionwoocommerce_order_status_completedincludes\integrations\class-woocommerce-integration.php:444
actionwoocommerce_order_status_changedincludes\integrations\class-woocommerce-integration.php:445
actionwoocommerce_payment_completeincludes\integrations\class-woocommerce-integration.php:446
actionwoocommerce_order_refundedincludes\integrations\class-woocommerce-integration.php:447
actionwoocommerce_order_status_cancelledincludes\integrations\class-woocommerce-integration.php:448
actioncomment_postincludes\integrations\class-woocommerce-integration.php:449
actionwp_set_comment_statusincludes\integrations\class-woocommerce-integration.php:450
filtersurecontact_available_sync_typesincludes\integrations\class-wordpress-integration.php:70
actionuser_registerincludes\integrations\class-wordpress-integration.php:91
actionprofile_updateincludes\integrations\class-wordpress-integration.php:94
filterwp_pre_insert_user_dataincludes\integrations\class-wordpress-integration.php:97
actionset_user_roleincludes\integrations\class-wordpress-integration.php:101
actionadd_user_roleincludes\integrations\class-wordpress-integration.php:102
actionremove_user_roleincludes\integrations\class-wordpress-integration.php:103
actionwpforms_process_completeincludes\integrations\class-wpforms-integration.php:66
actionplugins_loadedsurecontact.php:229
actioninitsurecontact.php:231
actioninitsurecontact.php:232
actioninitsurecontact.php:233
actioninitsurecontact.php:235
actionrest_api_initsurecontact.php:236
actionadmin_menusurecontact.php:241
filterplugin_row_metasurecontact.php:243

Scheduled Events 1

surecontact_suremembers_check_expirations
Maintenance & Trust

SureContact – Newsletters, Email Marketing, Automation, Revenue Tracking & CRM Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 10, 2026
PHP min version7.4
Downloads3K

Community Trust

Rating100/100
Number of ratings4
Active installs500
Alternatives

SureContact – Newsletters, Email Marketing, Automation, Revenue Tracking & CRM Alternatives

MailPoet – Newsletters, Email Marketing, and Automation

MailPoet – Newsletters, Email Marketing, and Automation

mailpoet

A
98

Send beautiful newsletters from WordPress. Collect subscribers with signup forms, automate your emails for WooCommerce, blog post notifications & more

500K 3 CVEs
FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution

FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution

fluent-crm

A
96

The easiest and fastest Email Marketing, Newsletter, Marketing Automation Plugin & CRM Solution for WordPress

70K 3 CVEs
Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress

Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress

email-subscribers

B
76

Add subscription forms on the website and send newsletters & automatically send post notification about new blog posts once it gets published.

60K 42 CVEs
weMail: Email Marketing, Email Automation, Newsletters, Subscribers & eCommerce Email Optins

weMail: Email Marketing, Email Automation, Newsletters, Subscribers & eCommerce Email Optins

wemail

A
95

Send email newsletters, automate email marketing with email automation, manage subscribers, eCommerce emails, post notifications & optins with ease

10K 6 CVEs
Mail Mint – Newsletters, Email Marketing, Automation, WooCommerce Emails, Post Notification, and more

Mail Mint – Newsletters, Email Marketing, Automation, WooCommerce Emails, Post Notification, and more

mail-mint

A
92

Use Mail Mint, the easiest email marketing automation plugin in WordPress to generate leads, send email campaigns, and run email automation workflows.

6K 8 CVEs
Developer Profile

SureContact – Newsletters, Email Marketing, Automation, Revenue Tracking & CRM Developer Profile

Brainstorm Force

32 plugins · 8.6M total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
196 days
View full developer profile
Detection Fingerprints

How We Detect SureContact – Newsletters, Email Marketing, Automation, Revenue Tracking & CRM

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/surecontact/assets/css/backend.css/wp-content/plugins/surecontact/assets/css/frontend.css/wp-content/plugins/surecontact/assets/js/backend.js/wp-content/plugins/surecontact/assets/js/frontend.js
Script Paths
/wp-content/plugins/surecontact/assets/js/backend.js/wp-content/plugins/surecontact/assets/js/frontend.js
Version Parameters
surecontact/assets/css/backend.css?ver=surecontact/assets/css/frontend.css?ver=surecontact/assets/js/backend.js?ver=surecontact/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
surecontact-modal-wrappersurecontact-wrappersurecontact-admin-wrapper
Data Attributes
data-surecontact-id
JS Globals
SureContactAdminSureContact
REST Endpoints
/wp-json/surecontact/v1/settings/wp-json/surecontact/v1/forms/wp-json/surecontact/v1/contacts/wp-json/surecontact/v1/webhooks/wp-json/surecontact/v1/integrations/wp-json/surecontact/v1/automations
Shortcode Output
[surecontact_form][surecontact_popup]
FAQ

Frequently Asked Questions about SureContact – Newsletters, Email Marketing, Automation, Revenue Tracking & CRM