theMarketer – Email marketing, Newsletters, Automation & Loyalty for Woocommerce Security & Risk Analysis

Collect subscribers. Send newsletters. Create 1:1 personalised emails using dynamic blocks. Activate one of almost 30 predefined workflows.

700 active installs v1.5.5 PHP 5.6+ WP 4.6+ Updated Apr 14, 2026

email-marketingemail-workflowsloyalty-programmarketing-automationnewsletter

A · Safe

CVEs total1

Unpatched0

Last CVEMay 7, 2025

Plugin page Download

Safety Verdict

Is theMarketer – Email marketing, Newsletters, Automation & Loyalty for Woocommerce Safe to Use in 2026?

Generally Safe

Score 99/100

theMarketer – Email marketing, Newsletters, Automation & Loyalty for Woocommerce has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: May 7, 2025Updated 1mo ago

Risk Assessment

The security posture of themarketer plugin v1.5.5 shows a mixed bag of good practices and significant concerns. While it demonstrates a strong tendency to use prepared statements for SQL queries (85%) and correctly escape a high percentage of its output (88%), the presence of 3 dangerous function calls, specifically `unserialize`, is a notable weakness. The taint analysis, while limited in scope, did identify one flow with unsanitized paths, which warrants further investigation, although it did not report critical or high severity issues.

The plugin presents a considerable attack surface, with 24 total entry points, a concerning 14 of which lack authentication checks. This broad unprotected attack surface, especially when combined with dangerous functions like `unserialize`, significantly increases the risk of unauthorized access and potential code execution. The vulnerability history shows one medium severity CVE, a CSRF vulnerability, from May 2025. Although currently unpatched, the fact that it's a single medium-severity issue and not critical or high suggests that past vulnerabilities were addressed or were less severe. However, the recent nature of the vulnerability indicates ongoing security challenges.

In conclusion, the plugin has some strengths in its handling of database operations and output escaping. However, the high number of unprotected AJAX handlers, the presence of the `unserialize` function, and the identified unsanitized path flow present significant security risks that need immediate attention. The single medium CVE, while not critical, reinforces the need for vigilant security practices.

Key Concerns

Unprotected AJAX handlers
Dangerous function: unserialize
Flows with unsanitized paths
Vulnerability history (1 medium CVE)

Vulnerabilities

1 published

theMarketer – Email marketing, Newsletters, Automation & Loyalty for Woocommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-47655medium · 6.1Cross-Site Request Forgery (CSRF)

theMarketer <= 1.4.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting

May 7, 2025 Patched in 1.4.8 (126d)

Version History

theMarketer – Email marketing, Newsletters, Automation & Loyalty for Woocommerce Release Timeline

v1.5.5Current

v1.5.4

v1.5.3

v1.5.2

v1.5.1

v1.5.0

v1.4.9

v1.4.8

v1.4.71 CVE

v1.4.61 CVE

v1.4.51 CVE

v1.4.41 CVE

v1.4.31 CVE

v1.4.21 CVE

v1.4.11 CVE

v1.3.91 CVE

v1.3.81 CVE

v1.3.71 CVE

v1.3.61 CVE

v1.3.51 CVE

Code Analysis

Analyzed Mar 16, 2026

theMarketer – Email marketing, Newsletters, Automation & Loyalty for Woocommerce Code Analysis

Dangerous Functions

Raw SQL Queries

11 prepared

Unescaped Output

42 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$v = unserialize($vv);Tracker\Admin.php:579

unserialize$statusData = unserialize($allow_export_gravity_data);Tracker\Routes\setEmail.php:134

unserialize$this->org = $data ? unserialize($data) : [];Tracker\Session.php:70

SQL Query Safety

85% prepared13 total queries

Output Escaping

88% escaped48 total outputs

Data Flows · Security

1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths

<Config> (Tracker\Config.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

14 unprotected

theMarketer – Email marketing, Newsletters, Automation & Loyalty for Woocommerce Attack Surface

Entry Points24

Unprotected14

AJAX Handlers 24

authwp_ajax_woocommerce_add_to_cartTracker\Run.php:99

noprivwp_ajax_woocommerce_add_to_cartTracker\Run.php:100

authwp_ajax_woocommerce_ajax_add_to_cartTracker\Run.php:102

noprivwp_ajax_woocommerce_ajax_add_to_cartTracker\Run.php:103

authwp_ajax_mailpoetTracker\Run.php:108

noprivwp_ajax_mailpoetTracker\Run.php:109

authwp_ajax_basel_ajax_add_to_cartTracker\Run.php:113

noprivwp_ajax_basel_ajax_add_to_cartTracker\Run.php:114

authwp_ajax_basel_add_to_wishlistTracker\Run.php:116

noprivwp_ajax_basel_add_to_wishlistTracker\Run.php:117

authwp_ajax_basel_remove_from_wishlistTracker\Run.php:119

noprivwp_ajax_basel_remove_from_wishlistTracker\Run.php:120

noprivwp_ajax_woodmart_ajax_add_to_cartTracker\Run.php:122

authwp_ajax_woodmart_ajax_add_to_cartTracker\Run.php:123

noprivwp_ajax_woodmart_add_to_wishlistTracker\Run.php:125

authwp_ajax_woodmart_add_to_wishlistTracker\Run.php:126

noprivwp_ajax_woodmart_remove_from_wishlistTracker\Run.php:136

authwp_ajax_woodmart_remove_from_wishlistTracker\Run.php:137

noprivwp_ajax_add_to_wishlistTracker\Run.php:139

authwp_ajax_add_to_wishlistTracker\Run.php:140

noprivwp_ajax_delete_itemTracker\Run.php:142

authwp_ajax_delete_itemTracker\Run.php:143

noprivwp_ajax_remove_from_wishlistTracker\Run.php:145

authwp_ajax_remove_from_wishlistTracker\Run.php:146

WordPress Hooks 38

actioninitTracker\Admin.php:272

filterplugin_row_metaTracker\Admin.php:274

actionadmin_menuTracker\Admin.php:275

actionadmin_noticesTracker\Admin.php:276

actionwoocommerce_order_edit_statusTracker\Admin.php:280

actionadmin_footerTracker\Admin.php:281

actionadmin_enqueue_scriptsTracker\Admin.php:282

actiontemplate_redirectTracker\Front.php:34

actionwp_loginTracker\Front.php:35

actionuser_registerTracker\Front.php:36

actionwoocommerce_loadedTracker\Front.php:40

actionwoocommerce_update_orderTracker\Front.php:41

actiontemplate_redirectTracker\Front.php:43

actionwoocommerce_before_thankyouTracker\Front.php:75

actionwoocommerce_thankyouTracker\Front.php:76

actionwoocommerce_new_orderTracker\Front.php:77

actionwp_headTracker\Front.php:79

actionwp_enqueue_scriptsTracker\Front.php:80

actionwoocommerce_checkout_update_order_metaTracker\Front.php:87

filterwcml_geolocation_get_user_countryTracker\Route.php:162

filterwcml_client_currencyTracker\Route.php:166

actioninitTracker\Run.php:75

filtergform_after_submissionTracker\Run.php:77

filterwoocommerce_registration_auth_new_customerTracker\Run.php:82

actionstyler_after_loginTracker\Run.php:83

actionbefore_woocommerce_initTracker\Run.php:85

filterwoocommerce_add_to_cart_product_idTracker\Run.php:97

actionmailpoet_subscriber_status_changedTracker\Run.php:106

actionwoodmart_after_body_openTracker\Run.php:111

actionyith_wcwl_added_to_wishlistTracker\Run.php:128

actionwlfmc_added_to_wishlistTracker\Run.php:130

actionwlfmc_removed_from_wishlistTracker\Run.php:131

actionwlfmc_before_delete_wishlist_itemTracker\Run.php:132

actionMKTR_CRONTracker\Run.php:152

actiontemplate_redirectTracker\Run.php:153

actiontemplate_redirectTracker\Run.php:154

actionwoocommerce_cart_emptiedTracker\Run.php:155

actionwoocommerce_remove_cart_itemTracker\Run.php:156

Scheduled Events 1

MKTR_CRON

Maintenance & Trust

theMarketer – Email marketing, Newsletters, Automation & Loyalty for Woocommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedApr 14, 2026

PHP min version5.6

Downloads10K

Community Trust

Rating100/100

Number of ratings4

Active installs700

Alternatives

theMarketer – Email marketing, Newsletters, Automation & Loyalty for Woocommerce Alternatives

Brevo for WooCommerce

woocommerce-sendinblue-newsletter-subscription

All-in-one WooCommerce email marketing, automation, SMS, and CRM by Brevo. Grow your store with powerful marketing tools.

30K 3 CVEs

FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce

wp-marketing-automations

Recover lost revenue with Cart Abandonment Recovery for WooCommerce. Increase retention with Post Purchase Follow-Up Emails.

20K 12 CVEs

CleverReach® WP

cleverreach-wp

Connect your WordPress account with our easy-to-use email software and increase the success of your website or blog with newsletter marketing!

4K 2 CVEs

Newsletter Sign-Up for CleverReach

cleverreach

100

Easily integrate a CleverReach Sign-Up form in your website. Supports widget, shortcode, comment integration and template function

2K No CVEs

Drip for WordPress

email-marketing

Do you sell online? If so you need our new Drip for WooCommerce Plugin instead of this one. It includes your entire product catalog, order history int …

2K No CVEs

Developer Profile

theMarketer – Email marketing, Newsletters, Automation & Loyalty for Woocommerce Developer Profile

themarketer2023

1 plugin · 700 total installs

trust score

Avg Security Score

99/100

Avg Patch Time

126 days

View full developer profile

Detection Fingerprints

How We Detect theMarketer – Email marketing, Newsletters, Automation & Loyalty for Woocommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/themarketer/assets/css/admin.css/wp-content/plugins/themarketer/assets/js/admin.js/wp-content/plugins/themarketer/assets/js/vendor/jquery.validate.min.js/wp-content/plugins/themarketer/assets/js/vendor/jquery.dataTables.min.js/wp-content/plugins/themarketer/assets/js/vendor/dataTables.bootstrap4.min.js/wp-content/plugins/themarketer/assets/js/vendor/moment.min.js/wp-content/plugins/themarketer/assets/js/vendor/daterangepicker.js/wp-content/plugins/themarketer/assets/js/vendor/chart.min.js+149 more

Script Paths

/wp-content/plugins/themarketer/assets/js/admin.js

HTML / DOM Fingerprints

CSS Classes

mktr-admin-noticemktr-section-headermktr-form-groupmktr-input-wrappermktr-input-labelmktr-input-fieldmktr-select-wrappermktr-select-label+13 more

HTML Comments

+8 more

Data Attributes

data-mktr-toggledata-mktr-targetdata-mktr-dismiss

JS Globals

Mktrmktr_admin_paramsCKEDITOR

FAQ

theMarketer – Email marketing, Newsletters, Automation & Loyalty for Woocommerce Security & Risk Analysis

Is theMarketer – Email marketing, Newsletters, Automation & Loyalty for Woocommerce Safe to Use in 2026?

Generally Safe

Key Concerns

theMarketer – Email marketing, Newsletters, Automation & Loyalty for Woocommerce Security Vulnerabilities

CVEs by Year

Severity Breakdown

theMarketer – Email marketing, Newsletters, Automation & Loyalty for Woocommerce Release Timeline

theMarketer – Email marketing, Newsletters, Automation & Loyalty for Woocommerce Code Analysis

Dangerous Functions Found

SQL Query Safety

Output Escaping

Data Flow Analysis

theMarketer – Email marketing, Newsletters, Automation & Loyalty for Woocommerce Attack Surface

AJAX Handlers 24

Scheduled Events 1

theMarketer – Email marketing, Newsletters, Automation & Loyalty for Woocommerce Maintenance & Trust

Maintenance Signals

Community Trust

theMarketer – Email marketing, Newsletters, Automation & Loyalty for Woocommerce Alternatives

Brevo for WooCommerce

FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce

CleverReach® WP

Newsletter Sign-Up for CleverReach

Drip for WordPress

theMarketer – Email marketing, Newsletters, Automation & Loyalty for Woocommerce Developer Profile

How We Detect theMarketer – Email marketing, Newsletters, Automation & Loyalty for Woocommerce

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about theMarketer – Email marketing, Newsletters, Automation & Loyalty for Woocommerce