WP-Safety

Triangle – Email Template Builder Security & Risk Analysis

wordpress.org/plugins/triangle-email-template

Drag and drop email template editor for wordpress.

10 active installs v1.1.0 PHP 7.1+ WP 5.0+ Updated Jun 13, 2020
email-designemail-templateemail-templateshtml-mailmail
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Triangle – Email Template Builder Safe to Use in 2026?

Generally Safe

Score 85/100

Triangle – Email Template Builder has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago
Risk Assessment

The plugin "triangle-email-template" v1.1.0 exhibits a concerning security posture primarily due to significant weaknesses in its code, despite a lack of recorded historical vulnerabilities. While the static analysis shows a very limited attack surface and no direct SQL injection risks via prepared statements, the presence of 21 dangerous functions, including `unserialize` and `system`, is a major red flag. Furthermore, a very low percentage of output escaping (6%) suggests a high likelihood of cross-site scripting (XSS) vulnerabilities. The taint analysis revealing two flows with unsanitized paths, even without a high severity rating, contributes to this risk profile. The absence of any recorded CVEs is positive but could also indicate a lack of thorough historical security auditing or a relatively new plugin without significant past exposure. The lack of nonce and capability checks on what little attack surface exists (though minimal in this case) also contributes to potential privilege escalation or unauthorized action risks if any entry points were to be discovered or added in the future.

Key Concerns

  • Dangerous functions: unserialize, system
  • Low output escaping percentage (6%)
  • Taint analysis: 2 flows with unsanitized paths
  • No nonce checks
  • No capability checks
Vulnerabilities
None known

Triangle – Email Template Builder Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Triangle – Email Template Builder Code Analysis

Dangerous Functions
21
Raw SQL Queries
0
0 prepared
Unescaped Output
107
7 escaped
Nonce Checks
0
Capability Checks
0
File Operations
11
External Requests
0
Bundled Libraries
1

Dangerous Functions Found

unserialize$screen = unserialize(TRIANGLE_SCREEN);src\Controller\Backend\Backend.php:86
unserialize$screen = unserialize(TRIANGLE_SCREEN);src\Controller\Base.php:26
unserialize$view->addData(['screen' => unserialize(TRIANGLE_SCREEN)]);src\Controller\Base.php:35
unserialize$screen = unserialize(TRIANGLE_SCREEN);src\Controller\EmailTemplate\EmailTemplate.php:61
unserialize$screen = unserialize(TRIANGLE_SCREEN);src\Controller\EmailTemplate\EmailTemplate.php:84
unserialize$urlCustomize = unserialize(TRIANGLE_PATH)['home_url'] . '?triangle_customize=true&post_id='. $screesrc\Controller\EmailTemplate\EmailTemplate.php:94
unserialize$urlCustomize = unserialize(TRIANGLE_PATH)['admin_url'] . 'customize.php?url=' . urlencode($urlCustosrc\Controller\EmailTemplate\EmailTemplate.php:95
unserialize$path = unserialize(TRIANGLE_PATH)['admin_url'] . 'post.php?' . http_build_query($path);src\Controller\EmailTemplate\EmailTemplate.php:108
unserialize$path = unserialize(TRIANGLE_PATH)['admin_url'] . 'post.php?' . http_build_query($path);src\Model\EmailTemplate.php:117
unserialize$path = unserialize(TRIANGLE_PATH);src\Model\EmailTemplate.php:133
systemsystem('rm -rf -- ' . escapeshellarg($dirPath), $retval);src\Plugin\Helper\Directory.php:59
unserialize$path = unserialize(TRIANGLE_PATH)['plugin_url'] . 'assets/css/';src\Plugin\Helper\Html.php:22
unserialize$path = unserialize(TRIANGLE_PATH)['plugin_url'] . 'assets/js/';src\Plugin\Helper\Html.php:33
unserialize$path = unserialize(TRIANGLE_PATH);src\Plugin\View.php:81
unserialize$data['url'] = unserialize(TRIANGLE_PATH)['home_url'] . $data['url'];src\Plugin\View.php:103
unserialize<img src="<?= unserialize(TRIANGLE_PATH)['plugin_url'] ?>/assets/img/loading-field.gif" class="ico-lsrc\View\Element\loading-field.php:7
unserialize<img src="<?= unserialize(TRIANGLE_PATH)['plugin_url'] ?>/assets/img/loading.gif" class="ico-loadingsrc\View\Element\loading.php:5
unserialize<?= file_get_contents(unserialize(TRIANGLE_PATH)['plugin_path'] . 'assets/css/emailtemplate/style.cssrc\View\EmailTemplate\backend\customizer.php:18
unserialize<?= file_get_contents(unserialize(TRIANGLE_PATH)['plugin_path'] . 'assets/css/emailtemplate/style.cssrc\View\EmailTemplate\email-content.php:18
unserialize$path = unserialize(DOT_PATH)['plugin_url'] . 'assets/css/';src\Wordpress\Service\Asset.php:70
unserialize$path = unserialize(DOT_PATH)['plugin_url'] . 'assets/js/';src\Wordpress\Service\Asset.php:86

Bundled Libraries

Select2

Output Escaping

6% escaped114 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
load_editor (src\Api\Editor.php:40)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Triangle – Email Template Builder Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 1
actioninittriangle-email-template.php:48
Maintenance & Trust

Triangle – Email Template Builder Maintenance & Trust

Maintenance Signals

WordPress version tested5.4.19
Last updatedJun 13, 2020
PHP min version7.1
Downloads1K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

Triangle – Email Template Builder Alternatives

Email Templates Customizer and Designer for WordPress and WooCommerce

Email Templates Customizer and Designer for WordPress and WooCommerce

email-templates

A
99

Design and send custom emails with Email Templates plugin for WordPress and WooCommerce

20K 2 CVEs
Advanced Emailing for WooCommerce

Advanced Emailing for WooCommerce

advanced-emailing-for-woocommerce

A
100

Customize your WooCommerce emails or create new one that are sent when a condition is met.

20 No CVEs
Email Design Studio

Email Design Studio

email-design-studio

A
85

create and customize powerful email design and templates for your customers.

0 No CVEs
EmailCraft

EmailCraft

emailcraft

A
100

Design stunning, responsive email templates with intuitive drag-and-drop blocks. Professional results, no coding required.

0 No CVEs
PressMailer

PressMailer

pressmailer

A
100

PressMailer enables you to change the texts of default notifications in WordPress and makes the notifications a bit nicer with HTML mails.

0 No CVEs
Developer Profile

Triangle – Email Template Builder Developer Profile

Agung Sundoro

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Triangle – Email Template Builder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/triangle-email-template/backend/user.js/wp-content/plugins/triangle-email-template/backend/contact.js/wp-content/plugins/triangle-email-template/builder/juice.build.js/wp-content/plugins/triangle-email-template/builder/none.build.js/wp-content/plugins/triangle-email-template/backend/setting.js
Script Paths
backend/user.jsbackend/contact.jsbuilder/juice.build.jsbuilder/none.build.jsbackend/setting.js

HTML / DOM Fingerprints

HTML Comments
<!-- @backend - Eneque scripts --><!-- @backend - Add setting link for plugin in plugins page --><!-- @backend - Eneque scripts --><!-- @backend - Load plugin scripts in a page -->+4 more
Data Attributes
data-triangle-smtpdata-triangle-smtp-authdata-triangle-smtp-hostdata-triangle-smtp-portdata-triangle-smtp-usernamedata-triangle-smtp-password+4 more
JS Globals
TRIANGLE_SCREEN
FAQ

Frequently Asked Questions about Triangle – Email Template Builder