WP-Safety

WP Advanced newsletter Security & Risk Analysis

wordpress.org/plugins/wp-advanced-newsletter

Subscribe newsletter to receive new updates using email subscribers Mailchimp, Constant Contact, Active campaign and Campaign Monitor.

10 active installs v1.0.5 PHP + WP 4.0+ Updated Jun 29, 2021
email-marketingemail-newsletterpopup-newsletterwoocommerce-newsletterwordpress-newsletter
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WP Advanced newsletter Safe to Use in 2026?

Generally Safe

Score 85/100

WP Advanced newsletter has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago
Risk Assessment

The wp-advanced-newsletter plugin exhibits a concerning security posture primarily due to its extensive unprotected attack surface. All 26 identified AJAX handlers lack authentication checks, presenting a significant risk for unauthorized actions if any functionality can be triggered by unauthenticated users. Compounding this, the presence of the `unserialize` function, particularly without evident sanitization or strict input validation controls, is a critical red flag. While the plugin shows good practices in its SQL queries by exclusively using prepared statements and no known CVEs are recorded, these strengths are overshadowed by the lack of fundamental security measures like nonce and capability checks on its numerous entry points.

Key Concerns

  • All AJAX handlers lack authentication checks
  • Dangerous function 'unserialize' found
  • Zero Nonce checks on entry points
  • Zero Capability checks on entry points
  • Low percentage of properly escaped output
  • 10 unsanitized taint flows
Vulnerabilities
None known

WP Advanced newsletter Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

WP Advanced newsletter Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
169
20 escaped
Nonce Checks
0
Capability Checks
0
File Operations
4
External Requests
3
Bundled Libraries
0

Dangerous Functions Found

unserialize$serial = unserialize($response);email-service\mailchimp-api\src\Mailchimp\MAPI.class.php:2465

Output Escaping

11% escaped189 total outputs
Data Flows
10 unsanitized

Data Flow Analysis

10 flows10 with unsanitized paths
<mailchimp-campaign-detail> (admin\mailchimp-campaign-detail.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
26 unprotected

WP Advanced newsletter Attack Surface

Entry Points26
Unprotected26

AJAX Handlers 26

authwp_ajax_ced_email_serviceincludes\wpanl-class.php:51
authwp_ajax_mailchimp_get_apiincludes\wpanl-class.php:55
authwp_ajax_mailchimp_add_dataincludes\wpanl-class.php:56
authwp_ajax_mailchimp_send_mailincludes\wpanl-class.php:57
noprivwp_ajax_mailchimp_send_mailincludes\wpanl-class.php:58
authwp_ajax_mailchimp_delete_campaignincludes\wpanl-class.php:59
noprivwp_ajax_mailchimp_delete_campaignincludes\wpanl-class.php:60
authwp_ajax_mailchimp_unsubscribe_mailincludes\wpanl-class.php:61
noprivwp_ajax_mailchimp_unsubscribe_mailincludes\wpanl-class.php:62
authwp_ajax_constant_contact_api_funcincludes\wpanl-class.php:67
authwp_ajax_const_cont_update_listincludes\wpanl-class.php:68
authwp_ajax_constant_contact_unsubscribe_mailincludes\wpanl-class.php:69
noprivwp_ajax_constant_contact_unsubscribe_mailincludes\wpanl-class.php:70
authwp_ajax_constant_contact_delete_campaignincludes\wpanl-class.php:71
noprivwp_ajax_constant_contact_delete_campaignincludes\wpanl-class.php:72
authwp_ajax_active_campaign_funcincludes\wpanl-class.php:77
authwp_ajax_activecampaign_update_listincludes\wpanl-class.php:78
authwp_ajax_active_camp_delete_campaignincludes\wpanl-class.php:79
noprivwp_ajax_active_camp_delete_campaignincludes\wpanl-class.php:80
authwp_ajax_active_camp_unsubscribe_mailincludes\wpanl-class.php:81
noprivwp_ajax_active_camp_unsubscribe_mailincludes\wpanl-class.php:82
authwp_ajax_activecamp_send_mailincludes\wpanl-class.php:83
noprivwp_ajax_activecamp_send_mailincludes\wpanl-class.php:84
authwp_ajax_newsletter_popup_contentincludes\wpanl-class.php:88
noprivwp_ajax_newsletter_popup_contentincludes\wpanl-class.php:89
authwp_ajax_add_new_subscriberincludes\wpanl-class.php:90
WordPress Hooks 7
actionadmin_initincludes\wpanl-class.php:43
actionwp_enqueue_scriptsincludes\wpanl-class.php:44
actionwp_enqueue_scriptsincludes\wpanl-class.php:45
actionadmin_menuincludes\wpanl-class.php:46
actionadmin_enqueue_scriptsincludes\wpanl-class.php:47
actioninitwp-advanced-newsletter.php:38
actionadmin_enqueue_scriptswp-advanced-newsletter.php:41
Maintenance & Trust

WP Advanced newsletter Maintenance & Trust

Maintenance Signals

WordPress version tested5.6.17
Last updatedJun 29, 2021
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

WP Advanced newsletter Alternatives

FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution

FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution

fluent-crm

A
96

The easiest and fastest Email Marketing, Newsletter, Marketing Automation Plugin & CRM Solution for WordPress

70K 3 CVEs
Kit (formerly ConvertKit) – Email Newsletter, Email Marketing, Membership, Subscribers and Landing Pages

Kit (formerly ConvertKit) – Email Newsletter, Email Marketing, Membership, Subscribers and Landing Pages

convertkit

A
97

Build your email subscriber lists, send email marketing newsletters, sell more products and build your membership site with Kit (formerly ConvertKit).

40K 4 CVEs
weMail: Email Marketing, Email Automation, Newsletters, Subscribers & eCommerce Email Optins

weMail: Email Marketing, Email Automation, Newsletters, Subscribers & eCommerce Email Optins

wemail

A
95

Send email newsletters, automate email marketing with email automation, manage subscribers, eCommerce emails, post notifications & optins with ease

10K 6 CVEs
Mailster WordPress Newsletter Plugin

Mailster WordPress Newsletter Plugin

mailster

B
79

Send beautiful newsletters from WordPress. Collect subscribers with signup forms, automate your emails for WooCommerce, blog post notifications & &hellip;

9K 5 CVEs
Drip for WordPress

Drip for WordPress

email-marketing

A
85

Do you sell online? If so you need our new Drip for WooCommerce Plugin instead of this one. It includes your entire product catalog, order history int &hellip;

2K No CVEs
Developer Profile

WP Advanced newsletter Developer Profile

cedcommerce

21 plugins · 5K total installs

67
trust score
Avg Security Score
83/100
Avg Patch Time
204 days
View full developer profile
Detection Fingerprints

How We Detect WP Advanced newsletter

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-advanced-newsletter/colorbox/jquery.colorbox.js/wp-content/plugins/wp-advanced-newsletter/colorbox/colorbox.css/wp-content/plugins/wp-advanced-newsletter/assets/images/mail.png/wp-content/plugins/wp-advanced-newsletter/assets/images/ajax-loader.gif
Version Parameters
wp-advanced-newsletter/colorbox/jquery.colorbox.js?ver=wp-advanced-newsletter/colorbox/colorbox.css?ver=

HTML / DOM Fingerprints

CSS Classes
advanced_newsletter_signupsubscribe_divadvanced_newsletter_titleadvanced_newsletter_subuser_email_addresswp_news_inputwp_news_btnadvanced_newsletter_sumit_data+4 more
Data Attributes
id="advanced_newsletter_signup"name="advanced_newsletter_signup"id="user_email_address"class="wp_news_input"type="email"name="advanced_newsletter_email"+10 more
JS Globals
advanced_newsletter_cookiewanl_data
REST Endpoints
/wp-json/wp-advanced-newsletter/v1/?
FAQ

Frequently Asked Questions about WP Advanced newsletter