WP-Safety

weMail: Email Marketing, Email Automation, Newsletters, Subscribers & eCommerce Email Optins Security & Risk Analysis

wordpress.org/plugins/wemail

Send email newsletters, automate email marketing with email automation, manage subscribers, eCommerce emails, post notifications & optins with ease

10K active installs v2.0.13 PHP 7.4+ WP 5.6+ Updated Mar 5, 2026
email-automationemail-marketingemail-newslettersubscriberswoocommerce-emails
95
A · Safe
CVEs total6
Unpatched0
Last CVEFeb 20, 2026
Plugin page Download
Safety Verdict

Is weMail: Email Marketing, Email Automation, Newsletters, Subscribers & eCommerce Email Optins Safe to Use in 2026?

Generally Safe

Score 95/100

weMail: Email Marketing, Email Automation, Newsletters, Subscribers & eCommerce Email Optins has a strong security track record. Known vulnerabilities have been patched promptly.

6 known CVEsLast CVE: Feb 20, 2026Updated 29d ago
Risk Assessment

The plugin 'wemail' v2.0.14 exhibits a mixed security posture. While it shows good practices in SQL query preparation (79%) and output escaping (67%), significant concerns arise from its attack surface and past vulnerability history. The presence of 3 unprotected AJAX handlers presents a direct entry point for attackers to potentially exploit vulnerabilities without proper authentication. The static analysis also reveals the use of the `unserialize` function, which can be a vector for remote code execution if not handled with extreme caution and robust input validation. The vulnerability history is particularly worrying, with a total of 6 known CVEs, all classified as medium severity. The types of past vulnerabilities, including Missing Authorization, Improper Authorization, Exposure of Sensitive Information, and Cross-site Scripting, suggest recurring issues with access control and input sanitization. The fact that the last vulnerability was dated 2026-02-20 (future date, likely a typo and indicates recent issues) and that there are currently no unpatched CVEs is a positive sign, but the pattern of past issues demands vigilance. The plugin's strengths lie in its SQL practices and output escaping, but these are overshadowed by the exposure of its attack surface and the historical trend of authorization and sanitization flaws.

Key Concerns

  • 3 unprotected AJAX handlers
  • Use of unserialize function
  • 6 medium severity CVEs in history
  • Past CVEs include XSS and auth issues
  • Low percentage of properly escaped outputs (67%)
Vulnerabilities
6

weMail: Email Marketing, Email Automation, Newsletters, Subscribers & eCommerce Email Optins Security Vulnerabilities

CVEs by Year

1 CVE in 2022
2022
2 CVEs in 2024
2024
1 CVE in 2025
2025
2 CVEs in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
6

6 total CVEs

CVE-2025-14339medium · 6.5Missing Authorization

weMail <= 2.0.7 - Missing Authorization to Unauthenticated Form Deletion

Feb 20, 2026 Patched in 2.0.8 (1d)
CVE-2025-14348medium · 5.3Improper Authorization

weMail <= 2.0.7 - Insufficient Authorization via x-wemail-user Header to Sensitive Information Disclosure

Jan 19, 2026 Patched in 2.0.8 (1d)
CVE-2025-47540medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

weMail <= 1.14.13 - Unauthenticated Sensitive Information Exposure

May 7, 2025 Patched in 1.14.14 (7d)
CVE-2024-43238medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

weMail <= 1.14.5 - Reflected Cross-Site Scripting

Aug 12, 2024 Patched in 1.14.6 (11d)
CVE-2024-34822medium · 5.3Missing Authorization

weMail <= 1.14.2 - Missing Authorization to Notice Dismissal

May 15, 2024 Patched in 1.14.3 (1d)
WF-84003388-c47c-41db-8d2d-4643aa375a89-wemailmedium · 4.3Missing Authorization

Appsero <= 1.2.1 - Missing Authorization

Dec 16, 2022 Patched in 1.14.2 (699d)
Code Analysis
Analyzed Mar 16, 2026

weMail: Email Marketing, Email Automation, Newsletters, Subscribers & eCommerce Email Optins Code Analysis

Dangerous Functions
2
Raw SQL Queries
6
22 prepared
Unescaped Output
33
66 escaped
Nonce Checks
6
Capability Checks
4
File Operations
0
External Requests
7
Bundled Libraries
1

Dangerous Functions Found

unserialize$fields[] = $this->get_field( unserialize( $meta_field ) );includes\Core\Form\Integrations\HappyForms.php:89
unserialize$columns = array_merge( $columns, unserialize( $layout ) );includes\Core\Form\Integrations\HappyForms.php:121

Bundled Libraries

TinyMCE

SQL Query Safety

79% prepared28 total queries

Output Escaping

67% escaped99 total outputs
Attack Surface
3 unprotected

weMail: Email Marketing, Email Automation, Newsletters, Subscribers & eCommerce Email Optins Attack Surface

Entry Points4
Unprotected3

AJAX Handlers 3

authwp_ajax_wemail_previewincludes\Admin\FormPreview.php:21
authwp_ajax_sgpb_process_after_submissionincludes\Core\Form\Integrations\Hooks.php:24
noprivwp_ajax_sgpb_process_after_submissionincludes\Core\Form\Integrations\Hooks.php:25

Shortcodes 1

[wemail_form] includes\FrontEnd\Shortcodes.php:15
WordPress Hooks 116
actionadmin_initincludes\Admin\Admin.php:12
actioninitincludes\Admin\GutenbergBlock.php:13
actionenqueue_block_editor_assetsincludes\Admin\GutenbergBlock.php:14
actionadmin_menuincludes\Admin\Menu.php:22
actionadmin_print_stylesincludes\Admin\Menu.php:23
actionadmin_enqueue_scriptsincludes\Admin\Notice.php:24
actionadmin_noticesincludes\Admin\Notice.php:75
actionadmin_enqueue_scriptsincludes\Admin\ReviewNotice.php:20
actionadmin_noticesincludes\Admin\ReviewNotice.php:117
actionwemail_admin_enqueue_stylesincludes\Admin\Scripts.php:32
actionwemail_admin_enqueue_scriptsincludes\Admin\Scripts.php:33
filtermce_buttonsincludes\Admin\Shortcode.php:19
filtermce_external_pluginsincludes\Admin\Shortcode.php:20
actionbefore_wp_tiny_mceincludes\Admin\Shortcode.php:22
filterwemail_admin_submenuincludes\Core\Automation\Menu.php:27
filterwemail_admin_submenuincludes\Core\Billing\Menu.php:28
filterwemail_customizer_content_type_settings_campaignincludes\Core\Campaign\Editor.php:49
filterwemail_admin_submenuincludes\Core\Campaign\Menu.php:28
actionpost_updatedincludes\Core\Ecommerce\Platforms\EDD.php:190
actionedd_refund_orderincludes\Core\Ecommerce\Platforms\EDD.php:193
actionedd_update_payment_statusincludes\Core\Ecommerce\Platforms\EDD.php:194
actionedd_complete_purchaseincludes\Core\Ecommerce\Platforms\EDD.php:195
actionafter_delete_postincludes\Core\Ecommerce\Platforms\EDD.php:197
actionedd_complete_purchaseincludes\Core\Ecommerce\Platforms\EDD.php:198
actionedd_update_payment_statusincludes\Core\Ecommerce\Platforms\EDD.php:199
actionshutdownincludes\Core\Ecommerce\Platforms\EDD.php:277
actionwoocommerce_new_orderincludes\Core\Ecommerce\Platforms\WooCommerce.php:102
actionwoocommerce_order_status_changedincludes\Core\Ecommerce\Platforms\WooCommerce.php:105
actionwoocommerce_order_status_pendingincludes\Core\Ecommerce\Platforms\WooCommerce.php:108
actionwoocommerce_order_refundedincludes\Core\Ecommerce\Platforms\WooCommerce.php:110
actionwoocommerce_refund_deletedincludes\Core\Ecommerce\Platforms\WooCommerce.php:111
actionafter_delete_postincludes\Core\Ecommerce\Platforms\WooCommerce.php:112
actionwoocommerce_update_productincludes\Core\Ecommerce\Platforms\WooCommerce.php:113
actionwoocommerce_new_productincludes\Core\Ecommerce\Platforms\WooCommerce.php:114
actionwoocommerce_new_product_variationincludes\Core\Ecommerce\Platforms\WooCommerce.php:115
actionwoocommerce_update_product_variationincludes\Core\Ecommerce\Platforms\WooCommerce.php:116
actionwoocommerce_delete_product_variationincludes\Core\Ecommerce\Platforms\WooCommerce.php:117
actioncreated_product_catincludes\Core\Ecommerce\Platforms\WooCommerce.php:118
actionedited_product_catincludes\Core\Ecommerce\Platforms\WooCommerce.php:119
actiondelete_product_catincludes\Core\Ecommerce\Platforms\WooCommerce.php:120
actionhappyforms_form_submit_afterincludes\Core\Form\Integrations\HappyForms.php:135
actionwpcf7_submitincludes\Core\Form\Integrations\Hooks.php:15
actiongform_after_submissionincludes\Core\Form\Integrations\Hooks.php:16
actionwpforms_process_completeincludes\Core\Form\Integrations\Hooks.php:17
actioncaldera_forms_submit_completeincludes\Core\Form\Integrations\Hooks.php:18
actionweforms_entry_submissionincludes\Core\Form\Integrations\Hooks.php:19
actionnf_save_subincludes\Core\Form\Integrations\Hooks.php:20
actionfluentform_before_insert_submissionincludes\Core\Form\Integrations\Hooks.php:21
actionhappyforms_submission_successincludes\Core\Form\Integrations\Hooks.php:22
actionfrm_after_entry_processedincludes\Core\Form\Integrations\Hooks.php:23
actionpum_sub_form_successincludes\Core\Form\Integrations\Hooks.php:26
actionforminator_custom_form_submit_before_set_fieldsincludes\Core\Form\Integrations\Hooks.php:27
actioneverest_forms_processincludes\Core\Form\Integrations\Hooks.php:28
actionelementor_pro/forms/new_recordincludes\Core\Form\Integrations\Hooks.php:29
filterwemail_admin_submenuincludes\Core\Form\Menu.php:28
filterwemail_admin_submenuincludes\Core\Help\Menu.php:28
filterwemail_admin_submenuincludes\Core\Integrations\Menu.php:28
filterwemail_admin_submenuincludes\Core\Lists\Menu.php:28
actionphpmailer_initincludes\Core\Mail\Hooks.php:14
filterwemail_admin_submenuincludes\Core\Overview\Menu.php:28
filterwemail_admin_submenuincludes\Core\Settings\Menu.php:28
filterwemail_admin_submenuincludes\Core\SuppressionLists\Menu.php:28
actionaffwp_insert_affiliateincludes\Core\Sync\AffiliateWp\AffiliateWp.php:21
actionaffwp_update_affiliate_profile_settingsincludes\Core\Sync\AffiliateWp\AffiliateWp.php:26
actionaffwp_delete_affiliatesincludes\Core\Sync\AffiliateWp\AffiliateWp.php:30
actionaffwp_update_affiliateincludes\Core\Sync\AffiliateWp\AffiliateWp.php:32
actionaffwp_updated_affiliateincludes\Core\Sync\AffiliateWp\AffiliateWp.php:34
actionaffwp_set_affiliate_statusincludes\Core\Sync\AffiliateWp\AffiliateWp.php:39
actionaffwp_register_userincludes\Core\Sync\AffiliateWp\AffiliateWp.php:45
actionedd_complete_purchaseincludes\Core\Sync\Ecommerce\EDD\Orders.php:26
actionedd_update_payment_statusincludes\Core\Sync\Ecommerce\EDD\Orders.php:27
actionpost_updatedincludes\Core\Sync\Ecommerce\EDD\Products.php:24
actiontemplate_redirectincludes\Core\Sync\Ecommerce\RevenueTrack.php:24
actionwoocommerce_thankyouincludes\Core\Sync\Ecommerce\WooCommerce\Orders.php:25
actionwoocommerce_order_status_changedincludes\Core\Sync\Ecommerce\WooCommerce\Orders.php:26
actionsave_postincludes\Core\Sync\Ecommerce\WooCommerce\Products.php:24
actionerp_create_new_peopleincludes\Core\Sync\Subscriber\Erp\Hooks.php:59
actionerp_update_peopleincludes\Core\Sync\Subscriber\Erp\Hooks.php:60
actionerp_crm_create_contact_subscriberincludes\Core\Sync\Subscriber\Erp\Hooks.php:62
actionerp_crm_edit_contact_subscriberincludes\Core\Sync\Subscriber\Erp\Hooks.php:63
actionerp_crm_delete_contact_subscriberincludes\Core\Sync\Subscriber\Erp\Hooks.php:64
actionerp_before_delete_peopleincludes\Core\Sync\Subscriber\Erp\Hooks.php:66
actionerp_after_delete_peopleincludes\Core\Sync\Subscriber\Erp\Hooks.php:67
actionshutdownincludes\Core\Sync\Subscriber\Erp\Hooks.php:214
actionuser_registerincludes\Core\Sync\Subscriber\Wp\Hooks.php:46
actionprofile_updateincludes\Core\Sync\Subscriber\Wp\Hooks.php:47
actiondelete_userincludes\Core\Sync\Subscriber\Wp\Hooks.php:48
actionshutdownincludes\Core\Sync\Subscriber\Wp\Hooks.php:135
actionuser_registerincludes\Core\User\Integrations\WpUser.php:12
actionprofile_updateincludes\Core\User\Integrations\WpUser.php:13
actiondelete_userincludes\Core\User\Integrations\WpUser.php:14
actionsignup_extra_fieldsincludes\FrontEnd\FormOptIn.php:47
actionafter_signup_userincludes\FrontEnd\FormOptIn.php:48
actionregister_formincludes\FrontEnd\FormOptIn.php:50
actionuser_registerincludes\FrontEnd\FormOptIn.php:51
filterwoocommerce_billing_fieldsincludes\FrontEnd\FormOptIn.php:56
filterwoocommerce_new_orderincludes\FrontEnd\FormOptIn.php:57
actioncomment_form_logged_in_afterincludes\FrontEnd\FormOptIn.php:61
actioncomment_form_after_fieldsincludes\FrontEnd\FormOptIn.php:62
actioncomment_postincludes\FrontEnd\FormOptIn.php:63
filterthe_contentincludes\FrontEnd\FormOptIn.php:67
actionwidgets_initincludes\FrontEnd\FrontEnd.php:18
actiontemplate_redirectincludes\FrontEnd\FrontEnd.php:19
actionwp_footerincludes\FrontEnd\FrontEnd.php:39
actionwp_enqueue_scriptsincludes\FrontEnd\Scripts.php:12
actionelementor_pro/initincludes\functions.php:305
actionadmin_initincludes\Privacy\Privacy.php:55
filterwp_privacy_personal_data_exportersincludes\Privacy\Privacy.php:56
filterwp_privacy_personal_data_erasersincludes\Privacy\Privacy.php:57
actionrest_api_initincludes\Rest\Rest.php:16
actionpre_user_queryincludes\Rest\WP.php:192
filterterms_clausesincludes\Rest\WP.php:238
actionadmin_noticesincludes\WeMail.php:153
actioninitincludes\WeMail.php:303
actionplugins_loadedincludes\WeMail.php:304
filterscript_loader_tagincludes\WeMail.php:484
Maintenance & Trust

weMail: Email Marketing, Email Automation, Newsletters, Subscribers & eCommerce Email Optins Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedMar 5, 2026
PHP min version7.4
Downloads567K

Community Trust

Rating82/100
Number of ratings31
Active installs10K
Alternatives

weMail: Email Marketing, Email Automation, Newsletters, Subscribers & eCommerce Email Optins Alternatives

MailPoet – Newsletters, Email Marketing, and Automation

MailPoet – Newsletters, Email Marketing, and Automation

mailpoet

A
98

Send beautiful newsletters from WordPress. Collect subscribers with signup forms, automate your emails for WooCommerce, blog post notifications & more

500K 3 CVEs
FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution

FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution

fluent-crm

A
96

The easiest and fastest Email Marketing, Newsletter, Marketing Automation Plugin & CRM Solution for WordPress

70K 3 CVEs
Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress

Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress

email-subscribers

B
76

Add subscription forms on the website and send newsletters & automatically send post notification about new blog posts once it gets published.

60K 42 CVEs
Kit (formerly ConvertKit) – Email Newsletter, Email Marketing, Membership, Subscribers and Landing Pages

Kit (formerly ConvertKit) – Email Newsletter, Email Marketing, Membership, Subscribers and Landing Pages

convertkit

A
97

Build your email subscriber lists, send email marketing newsletters, sell more products and build your membership site with Kit (formerly ConvertKit).

40K 4 CVEs
Mail Mint – Newsletters, Email Marketing, Automation, WooCommerce Emails, Post Notification, and more

Mail Mint – Newsletters, Email Marketing, Automation, WooCommerce Emails, Post Notification, and more

mail-mint

A
92

Use Mail Mint, the easiest email marketing automation plugin in WordPress to generate leads, send email campaigns, and run email automation workflows.

6K 8 CVEs
Developer Profile

weMail: Email Marketing, Email Automation, Newsletters, Subscribers & eCommerce Email Optins Developer Profile

weDevs

20 plugins · 113K total installs

73
trust score
Avg Security Score
91/100
Avg Patch Time
366 days
View full developer profile
Detection Fingerprints

How We Detect weMail: Email Marketing, Email Automation, Newsletters, Subscribers & eCommerce Email Optins

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wemail/assets/css/notice.css/wp-content/plugins/wemail/assets/js/admin-notice.js/wp-content/plugins/wemail/assets/css/review-notice.css/wp-content/plugins/wemail/assets/js/admin-review-notice.js
Script Paths
/wp-content/plugins/wemail/appsero/src/Client.php
Version Parameters
wemail/assets/css/notice.css?ver=wemail/assets/js/admin-notice.js?ver=wemail/assets/css/review-notice.css?ver=wemail/assets/js/admin-review-notice.js?ver=

HTML / DOM Fingerprints

CSS Classes
wemail-connect-notice-flex-containerwemail-connect-notice-logowemail-connect-notice-contentwemail-connect-notice-connect-buttonwemail-review-notice-flex-containerreview-time-background-image
Data Attributes
data-nonce
JS Globals
wemail_notice_nonce
FAQ

Frequently Asked Questions about weMail: Email Marketing, Email Automation, Newsletters, Subscribers & eCommerce Email Optins