WP-Safety

Users2MailChimp Security & Risk Analysis

wordpress.org/plugins/users2mailchimp

Synchronizes wordpress users with MailChimp email marketing service.

10 active installs v1.5 PHP + WP 4.6+ Updated Oct 2, 2019
mailchimpsynchronizeusers
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Users2MailChimp Safe to Use in 2026?

Generally Safe

Score 85/100

Users2MailChimp has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago
Risk Assessment

The "users2mailchimp" v1.5 plugin presents a mixed security posture. On the positive side, it has no known vulnerabilities in its history and does not make external HTTP requests. The absence of AJAX handlers, REST API routes, shortcodes, and cron events suggests a limited attack surface, which is a good practice. However, the static analysis reveals significant concerns. The presence of a `unserialize` function is a critical danger signal, as it can lead to remote code execution if used with untrusted input. Furthermore, none of the outputs are properly escaped, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities. The taint analysis also highlights issues with unsanitized paths, although no critical or high severity flows were identified. The lack of nonce and capability checks on any potential entry points (though none are explicitly listed) is a significant oversight.

Key Concerns

  • Dangerous function unserialize used
  • Output escaping missing on all outputs
  • Taint analysis shows unsanitized paths
  • No nonce checks
  • No capability checks
Vulnerabilities
None known

Users2MailChimp Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Users2MailChimp Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
30
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
2
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$serial = unserialize($response);API\MCAPI.class.php:2886

Output Escaping

0% escaped30 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths
register_form (extensions\wordpress-users2mailchimp.php:14)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Users2MailChimp Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 11
actionuser_registerclass-users2mailchimp.php:31
actionedit_user_profile_updateclass-users2mailchimp.php:33
actionpersonal_options_updateclass-users2mailchimp.php:34
actiondelete_userclass-users2mailchimp.php:36
actionset_user_roleclass-users2mailchimp.php:38
actionregister_formextensions\wordpress-users2mailchimp.php:9
actionuser_registerextensions\wordpress-users2mailchimp.php:10
actioninitusers2mailchimp.php:52
actionadmin_noticesusers2mailchimp.php:53
actionadmin_menuusers2mailchimp.php:58
actionadmin_initusers2mailchimp.php:61
Maintenance & Trust

Users2MailChimp Maintenance & Trust

Maintenance Signals

WordPress version tested5.2.24
Last updatedOct 2, 2019
PHP min version
Downloads3K

Community Trust

Rating80/100
Number of ratings1
Active installs10
Alternatives

Users2MailChimp Alternatives

Users to CRM Contacts

Users to CRM Contacts

users-to-crm-contacts

A
92

Integrate WordPress with SugarCRM/SuiteCRM to sync user data, simplify lead management, and improve user tracking

10 No CVEs
MC4WP: Mailchimp for WordPress

MC4WP: Mailchimp for WordPress

mailchimp-for-wp

A
92

The #1 Mailchimp plugin for WordPress. Allows you to add a multitude of newsletter sign-up methods to your site.

1.0M 11 CVEs
Mailchimp for WooCommerce

Mailchimp for WooCommerce

mailchimp-for-woocommerce

A
99

Connect your store to your Mailchimp audience to track sales, create targeted emails, send abandoned cart emails, and more.

300K 2 CVEs
User Switching

User Switching

user-switching

A
100

Instant switching between user accounts in WordPress and WooCommerce.

200K No CVEs
Redirection for Contact Form 7

Redirection for Contact Form 7

wpcf7-redirect

A
88

Redirect to any page or URL, execute scripts after submission, save data to the database, and unlock additional submission actions for Contact Form 7.

200K 14 CVEs
Developer Profile

Users2MailChimp Developer Profile

ablancodev

5 plugins · 100 total installs

86
trust score
Avg Security Score
89/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Users2MailChimp

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/users2mailchimp/css/users2mailchimp.css/wp-content/plugins/users2mailchimp/js/users2mailchimp.js
Script Paths
/wp-content/plugins/users2mailchimp/js/users2mailchimp.js
Version Parameters
users2mailchimp/css/users2mailchimp.css?ver=users2mailchimp/js/users2mailchimp.js?ver=

HTML / DOM Fingerprints

CSS Classes
users2mailchimp
FAQ

Frequently Asked Questions about Users2MailChimp