WP-Safety

MailerLite – WooCommerce integration Security & Risk Analysis

wordpress.org/plugins/woo-mailerlite

Powerful e-commerce email marketing tools that are easy to use. Grow your store with automated emails, pop-ups, product blocks, sales tracking + more.

30K active installs v3.1.11 PHP 7.2.5+ WP 3.0.1+ Updated Feb 26, 2026
automationecommerceemail-marketingmailerlitewoocommerce
93
A · Safe
CVEs total4
Unpatched0
Last CVEJan 20, 2026
Plugin page Download
Safety Verdict

Is MailerLite – WooCommerce integration Safe to Use in 2026?

Generally Safe

Score 93/100

MailerLite – WooCommerce integration has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: Jan 20, 2026Updated 1mo ago
Risk Assessment

The "woo-mailerlite" v3.1.11 plugin presents a concerning security posture, primarily due to a significant number of unprotected AJAX handlers. With 13 AJAX handlers and all of them lacking authentication checks, this creates a substantial attack surface that could be exploited by unauthenticated users. While the plugin shows some good practices like a majority of SQL queries using prepared statements and a decent percentage of properly escaped output, the absence of authentication on so many entry points overshadows these strengths. The limited taint analysis (0 flows) is positive but might not cover all potential vectors, especially given the identified attack surface.

The plugin's vulnerability history, with 4 known CVEs including one high severity and three medium, suggests a pattern of past security weaknesses. The types of vulnerabilities found (SQL Injection, Missing Authorization, CSRF) are common and often directly related to issues like insufficient input validation, missing authorization checks, and inadequate nonce protection, which are unfortunately reflected in the static analysis.

In conclusion, while the plugin demonstrates some positive coding practices, the overwhelming number of unprotected AJAX endpoints is a critical flaw. Coupled with a history of significant vulnerabilities, this plugin requires immediate attention and remediation to address the extensive attack surface and past security issues. The presence of `shell_exec` is also a red flag that warrants further investigation.

Key Concerns

  • 13 unprotected AJAX handlers
  • 1 dangerous function: shell_exec
  • 1 high severity CVE (unpatched)
  • 3 medium severity CVEs (unpatched)
  • 3 Nonce checks on 13 entry points
  • 1 Capability check on 13 entry points
  • 33% of SQL queries not using prepared statements
  • 33% of outputs not properly escaped
Vulnerabilities
4

MailerLite – WooCommerce integration Security Vulnerabilities

CVEs by Year

2 CVEs in 2024
2024
1 CVE in 2025
2025
1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

High
1
Medium
3

4 total CVEs

CVE-2025-67945high · 7.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

MailerLite – WooCommerce integration <= 3.1.2 - Unauthenticated SQL Injection

Jan 20, 2026 Patched in 3.1.3 (8d)
CVE-2026-1000medium · 6.5Missing Authorization

MailerLite - WooCommerce integration <= 3.1.3 - Missing Authorization to Data Deletion

Dec 15, 2025 Patched in 3.1.4 (32d)
CVE-2023-52227medium · 4.3Missing Authorization

MailerLite – WooCommerce integration <= 2.0.8 - Missing Authorization via Multiple Functions

Jan 8, 2024 Patched in 2.0.9 (15d)
CVE-2023-52223medium · 5.4Cross-Site Request Forgery (CSRF)

MailerLite – WooCommerce integration <= 2.0.8 - Cross-Site Request Forgery via Multiple AJAX Functions

Jan 8, 2024 Patched in 2.0.9 (15d)
Code Analysis
Analyzed Mar 16, 2026

MailerLite – WooCommerce integration Code Analysis

Dangerous Functions
1
Raw SQL Queries
7
15 prepared
Unescaped Output
6
12 escaped
Nonce Checks
3
Capability Checks
1
File Operations
1
External Requests
6
Bundled Libraries
1

Dangerous Functions Found

shell_exec$log = shell_exec("tail -500 {$errorPath}");admin\controllers\WooMailerLiteAdminWizardController.php:205

Bundled Libraries

Select2

SQL Query Safety

68% prepared22 total queries

Output Escaping

67% escaped18 total outputs
Attack Surface
13 unprotected

MailerLite – WooCommerce integration Attack Surface

Entry Points13
Unprotected13

AJAX Handlers 13

authwp_ajax_woo_mailerlite_handle_connect_accountincludes\WooMailerLite.php:120
authwp_ajax_woo_mailerlite_get_groupsincludes\WooMailerLite.php:121
authwp_ajax_woo_mailerlite_shop_setupincludes\WooMailerLite.php:122
authwp_ajax_woo_mailerlite_create_groupincludes\WooMailerLite.php:123
authwp_ajax_woo_mailerlite_sync_handlerincludes\WooMailerLite.php:124
authwp_ajax_woo_mailerlite_reset_sync_handlerincludes\WooMailerLite.php:125
authwp_ajax_handle_save_settingsincludes\WooMailerLite.php:126
authwp_ajax_woo_mailerlite_reset_integration_settingsincludes\WooMailerLite.php:127
authwp_ajax_handle_debug_logincludes\WooMailerLite.php:128
authwp_ajax_woo_mailerlite_downgrade_pluginincludes\WooMailerLite.php:129
authwp_ajax_woo_mailerlite_enable_debug_modeincludes\WooMailerLite.php:130
authwp_ajax_woo_mailerlite_set_cart_emailincludes\WooMailerLite.php:188
noprivwp_ajax_woo_mailerlite_set_cart_emailincludes\WooMailerLite.php:189
WordPress Hooks 35
actionwoocommerce_product_quick_edit_endincludes\WooMailerLite.php:101
actionwoocommerce_product_bulk_edit_endincludes\WooMailerLite.php:102
actionmanage_product_posts_custom_columnincludes\WooMailerLite.php:103
actionwoocommerce_process_product_metaincludes\WooMailerLite.php:104
actionwoocommerce_product_data_panelsincludes\WooMailerLite.php:105
actionwoocommerce_update_productincludes\WooMailerLite.php:106
actioncreated_product_catincludes\WooMailerLite.php:107
actionedited_product_catincludes\WooMailerLite.php:108
actiondelete_product_catincludes\WooMailerLite.php:109
filterwoocommerce_product_data_tabsincludes\WooMailerLite.php:112
filterwoocommerce_product_data_store_cpt_get_products_queryincludes\WooMailerLite.php:113
filterplugin_action_links_woo-mailerlite/woo-mailerlite.phpincludes\WooMailerLite.php:114
actionwoocommerce_product_bulk_and_quick_editincludes\WooMailerLite.php:115
filterscript_loader_tagincludes\WooMailerLite.php:116
actionadmin_enqueue_scriptsincludes\WooMailerLite.php:117
actionadmin_enqueue_scriptsincludes\WooMailerLite.php:118
actionadmin_menuincludes\WooMailerLite.php:119
actionadd_meta_boxesincludes\WooMailerLite.php:131
actionwp_enqueue_scriptsincludes\WooMailerLite.php:167
actioninitincludes\WooMailerLite.php:173
filterwoocommerce_form_fieldincludes\WooMailerLite.php:174
filterwoocommerce_checkout_fieldsincludes\WooMailerLite.php:175
filterwoocommerce_update_cart_action_cart_updatedincludes\WooMailerLite.php:181
actionwoocommerce_cart_item_set_quantityincludes\WooMailerLite.php:182
actionwoocommerce_add_to_cartincludes\WooMailerLite.php:183
actionwoocommerce_cart_item_removedincludes\WooMailerLite.php:184
actionwoocommerce_order_status_changedincludes\WooMailerLite.php:185
actionwoocommerce_saved_order_itemsincludes\WooMailerLite.php:186
actionwoocommerce_order_status_completedincludes\WooMailerLite.php:187
actionplugins_loadedwoo-mailerlite.php:67
actionwoocommerce_blocks_loadedwoo-mailerlite.php:68
actionwoocommerce_blocks_checkout_block_registrationwoo-mailerlite.php:71
filter__experimental_woocommerce_blocks_add_data_attributes_to_blockwoo-mailerlite.php:82
actionbefore_woocommerce_initwoo-mailerlite.php:92
filterauto_update_pluginwoo-mailerlite.php:98
Maintenance & Trust

MailerLite – WooCommerce integration Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedFeb 26, 2026
PHP min version7.2.5
Downloads1.4M

Community Trust

Rating58/100
Number of ratings63
Active installs30K
Alternatives

MailerLite – WooCommerce integration Alternatives

EmailWish

EmailWish

emailwish

A
85

EmailWish is an email marketing solution designed for ecommerce, offering powerful automation tools to drive the growth of businesses of every size.

0 No CVEs
MailPoet – Newsletters, Email Marketing, and Automation

MailPoet – Newsletters, Email Marketing, and Automation

mailpoet

A
98

Send beautiful newsletters from WordPress. Collect subscribers with signup forms, automate your emails for WooCommerce, blog post notifications & more

500K 3 CVEs
Brevo for WooCommerce

Brevo for WooCommerce

woocommerce-sendinblue-newsletter-subscription

A
93

All-in-one WooCommerce email marketing, automation, SMS, and CRM by Brevo. Grow your store with powerful marketing tools.

30K 3 CVEs
WebToffee eCommerce Marketing Automation – Email marketing, Popups, Email customizer

WebToffee eCommerce Marketing Automation – Email marketing, Popups, Email customizer

decorator-woocommerce-email-customizer

A
98

Create and send marketing emails and campaigns. Enable email automations, Popups, spin-a-wheel, sign-up forms, and more. Customize WooCommerce emails.

10K 2 CVEs
weMail: Email Marketing, Email Automation, Newsletters, Subscribers & eCommerce Email Optins

weMail: Email Marketing, Email Automation, Newsletters, Subscribers & eCommerce Email Optins

wemail

A
95

Send email newsletters, automate email marketing with email automation, manage subscribers, eCommerce emails, post notifications & optins with ease

10K 6 CVEs
Developer Profile

MailerLite – WooCommerce integration Developer Profile

MailerLite

3 plugins · 132K total installs

72
trust score
Avg Security Score
90/100
Avg Patch Time
356 days
View full developer profile
Detection Fingerprints

How We Detect MailerLite – WooCommerce integration

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/woo-mailerlite/admin/assets/css/admin.css/wp-content/plugins/woo-mailerlite/public/css/mailerlite-select2.css
Script Paths
/wp-content/plugins/woo-mailerlite/admin/assets/js/ml-app.js
Version Parameters
woo-mailerlite/assets/css/admin.css?ver=woo-mailerlite/public/css/mailerlite-select2.css?ver=woo-mailerlite/admin/assets/js/ml-app.js?ver=

HTML / DOM Fingerprints

CSS Classes
t-woocommerce-products-by-image__imaget-woocommerce-product-card__imaget-woocommerce-product-card__titlet-woocommerce-product-card__pricet-woocommerce-product-card__linkt-woocommerce-product-card__button
Data Attributes
data-vue-appv-cloak
JS Globals
woo_mailerlite_admin_dataWooMailerLite
REST Endpoints
/wp-json/woo-mailerlite/v1/settings/wp-json/woo-mailerlite/v1/account
Shortcode Output
[mailerlite_woo_products]
FAQ

Frequently Asked Questions about MailerLite – WooCommerce integration