Does WP WooCommerce Mailchimp have any unpatched vulnerabilities?

No. All known vulnerabilities in WP WooCommerce Mailchimp have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP WooCommerce Mailchimp compatible with WordPress 6.8.5?

According to WordPress.org data, WP WooCommerce Mailchimp 2.5.1 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is WP WooCommerce Mailchimp compatible with PHP 5.6+?

WP WooCommerce Mailchimp requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WP WooCommerce Mailchimp updated?

WP WooCommerce Mailchimp was last updated on Oct 27, 2025. Frequent updates are generally a positive security signal.

What is WP WooCommerce Mailchimp's security score?

WP WooCommerce Mailchimp has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP WooCommerce Mailchimp Security & Risk Analysis

wordpress.org/plugins/woocommerce-mailchimp

Simple and flexible Mailchimp integration for WooCommerce.

6K active installs v2.5.1 PHP 5.6+ WP 4.7.0+ Updated Oct 27, 2025

ecommerceemailmailchimpwoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP WooCommerce Mailchimp Safe to Use in 2026?

Generally Safe

Score 100/100

WP WooCommerce Mailchimp has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago

Risk Assessment

The "woocommerce-mailchimp" plugin v2.5.1 demonstrates a generally strong security posture with no reported vulnerabilities and a good set of security checks in place. The static analysis reveals a limited attack surface with all identified AJAX handlers having authentication checks. Furthermore, the plugin utilizes prepared statements for all SQL queries, which is a significant strength against SQL injection. The presence of nonces and capability checks on its entry points is also commendable.

However, the analysis does highlight a few areas for improvement. A notable concern is the presence of five "flows with unsanitized paths" identified during taint analysis. While no critical or high severity issues were flagged, these unsanitized paths represent potential avenues for exploitation if data originating from these flows is not properly handled or validated before use. The plugin also makes an external HTTP request, which, depending on the context and destination, could introduce risks if not secured or if the external service is compromised. Finally, while 80% output escaping is good, it leaves 20% unescaped, which could lead to cross-site scripting (XSS) vulnerabilities in specific scenarios.

Given the absence of known vulnerabilities and the robust implementation of core security features like prepared statements and authentication checks, the plugin is in a relatively good state. However, the identified unsanitized paths and incomplete output escaping are definite areas that require attention to further harden its security. A proactive approach to addressing these findings would ensure continued protection against emerging threats.

Key Concerns

Unsanitized paths found in taint analysis
Partial output escaping (20% unescaped)
External HTTP request

Vulnerabilities

None known

WP WooCommerce Mailchimp Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WP WooCommerce Mailchimp Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

44 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared2 total queries

Output Escaping

80% escaped55 total outputs

Data Flows

5 unsanitized

Data Flow Analysis

5 flows5 with unsanitized paths

ajax_get_account (includes\class-ss-wc-mailchimp-handler.php:177)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WP WooCommerce Mailchimp Attack Surface

Entry Points6

Unprotected0

AJAX Handlers 6

authwp_ajax_ss_wc_mailchimp_get_accountincludes\class-ss-wc-mailchimp-handler.php:125

authwp_ajax_ss_wc_mailchimp_get_listsincludes\class-ss-wc-mailchimp-handler.php:127

authwp_ajax_ss_wc_mailchimp_get_interest_groupsincludes\class-ss-wc-mailchimp-handler.php:129

authwp_ajax_ss_wc_mailchimp_get_tagsincludes\class-ss-wc-mailchimp-handler.php:131

authwp_ajax_ss_wc_mailchimp_get_merge_fieldsincludes\class-ss-wc-mailchimp-handler.php:133

authwp_ajax_ss_wc_mailchimp_clear_cacheincludes\class-ss-wc-mailchimp-plugin.php:487

WordPress Hooks 24

actionnetwork_admin_noticesincludes\class-ss-wc-mailchimp-admin-notices.php:29

actionadmin_noticesincludes\class-ss-wc-mailchimp-admin-notices.php:30

actionadmin_noticesincludes\class-ss-wc-mailchimp-admin-notices.php:31

actionnetwork_admin_noticesincludes\class-ss-wc-mailchimp-admin-notices.php:32

filterss_wc_mailchimp/admin/noticesincludes\class-ss-wc-mailchimp-compatibility.php:58

actionwoocommerce_checkout_update_order_metaincludes\class-ss-wc-mailchimp-handler.php:99

actionwoocommerce_order_status_changedincludes\class-ss-wc-mailchimp-handler.php:102

actionwoocommerce_checkout_update_order_metaincludes\class-ss-wc-mailchimp-handler.php:123

actionqueue_ss_wc_mailchimp_maybe_subscribeincludes\class-ss-wc-mailchimp-handler.php:135

actioninitincludes\class-ss-wc-mailchimp-plugin.php:484

filterplugin_row_metaincludes\class-ss-wc-mailchimp-plugin.php:494

filterwoocommerce_get_settings_pagesincludes\class-ss-wc-mailchimp-plugin.php:496

actionadmin_enqueue_scriptsincludes\class-ss-wc-mailchimp-plugin.php:498

actionadmin_initincludes\class-ss-wc-mailchimp-plugin.php:500

actionbefore_woocommerce_initincludes\class-ss-wc-mailchimp-plugin.php:505

filterwoocommerce_settings_tabs_arrayincludes\class-ss-wc-settings-mailchimp.php:253

actionwoocommerce_settings_savedincludes\class-ss-wc-settings-mailchimp.php:257

actionadmin_noticesincludes\class-ss-wc-settings-mailchimp.php:260

actionwoocommerce_admin_field_sysinfoincludes\class-ss-wc-settings-mailchimp.php:261

actionadmin_noticesincludes\class-ss-wc-settings-mailchimp.php:701

actionnetwork_admin_noticesincludes\class-ss-wc-settings-mailchimp.php:702

actionadmin_noticesincludes\class-ss-wc-settings-mailchimp.php:712

actionsswcmc_logincludes\class-sswcmc-logger.php:75

actionplugins_loadedwoocommerce-mailchimp.php:44

Maintenance & Trust

WP WooCommerce Mailchimp Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedOct 27, 2025

PHP min version5.6

Downloads575K

Community Trust

Rating86/100

Number of ratings35

Active installs6K

Alternatives

WP WooCommerce Mailchimp Alternatives

Mailchimp for WooCommerce

mailchimp-for-woocommerce

Connect your store to your Mailchimp audience to track sales, create targeted emails, send abandoned cart emails, and more.

300K 2 CVEs

MailerLite – WooCommerce integration

woo-mailerlite

Powerful e-commerce email marketing tools that are easy to use. Grow your store with automated emails, pop-ups, product blocks, sales tracking + more.

30K 4 CVEs

ShopMagic – email automation

shopmagic-for-woocommerce

Flexible email automation and workflows triggered by customer and site events.

10K 2 CVEs

ActiveCampaign for WooCommerce

activecampaign-for-woocommerce

100

https://youtu.be/wHPrLFXQTgQ

6K 1 CVE

Drip – Marketing Automation for WooCommerce

drip

100

Build long-lasting relationships with perfectly personalized email and onsite marketing automation.

1K No CVEs

Developer Profile

WP WooCommerce Mailchimp Developer Profile

Saint Systems

2 plugins · 11K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

69 days

View full developer profile

Detection Fingerprints

How We Detect WP WooCommerce Mailchimp

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/woocommerce-mailchimp/assets/css/woocommerce-mailchimp-admin.css/wp-content/plugins/woocommerce-mailchimp/assets/css/woocommerce-mailchimp-frontend.css/wp-content/plugins/woocommerce-mailchimp/assets/js/woocommerce-mailchimp-admin.js/wp-content/plugins/woocommerce-mailchimp/assets/js/woocommerce-mailchimp-frontend.js

Script Paths

/wp-content/plugins/woocommerce-mailchimp/assets/js/woocommerce-mailchimp-admin.js/wp-content/plugins/woocommerce-mailchimp/assets/js/woocommerce-mailchimp-frontend.js

Version Parameters

woocommerce-mailchimp/assets/css/woocommerce-mailchimp-admin.css?ver=woocommerce-mailchimp/assets/css/woocommerce-mailchimp-frontend.css?ver=woocommerce-mailchimp/assets/js/woocommerce-mailchimp-admin.js?ver=woocommerce-mailchimp/assets/js/woocommerce-mailchimp-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

ss-wc-mailchimp-checkboxss-wc-mailchimp-opt-in-wrapper

HTML Comments

Data Attributes

data-ss-wc-mailchimp-list-iddata-ss-wc-mailchimp-opt-in-checkbox-display-locationdata-ss-wc-mailchimp-opt-in-checkbox-default-statusdata-ss-wc-mailchimp-opt-in-label

JS Globals

ss_wc_mailchimp_frontend_paramsSSWCMC

REST Endpoints

/wp-json/ss-wc-mailchimp/v1/subscribe

FAQ