Does WP Mailster have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Mailster have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Mailster compatible with WordPress 6.8.5?

According to WordPress.org data, WP Mailster 1.8.22.0 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is WP Mailster compatible with PHP 5.6+?

WP Mailster requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WP Mailster updated?

WP Mailster was last updated on Jul 6, 2025. Frequent updates are generally a positive security signal.

What is WP Mailster's security score?

WP Mailster has a WP-Safety security score of 94/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Mailster Security Review — Score 94/100 (safe)

Safety Verdict

Is WP Mailster Safe to Use in 2026?

Generally Safe

Score 94/100

WP Mailster has a strong security track record. Known vulnerabilities have been patched promptly.

13 known CVEsLast CVE: Jan 28, 2025Updated 9mo ago

Risk Assessment

The wp-mailster plugin, version 1.8.22.0, presents a mixed security posture. While it demonstrates good practices in SQL query handling, with 88% using prepared statements, and a significant number of nonce and capability checks, there are notable areas of concern. The presence of 5 AJAX handlers without authentication checks creates a substantial attack surface, particularly when combined with the taint analysis revealing 22 high-severity flows with unsanitized paths. This suggests potential vulnerabilities that could be exploited by unauthenticated users. Furthermore, the plugin's vulnerability history is concerning, with 13 known CVEs, including 2 high-severity issues, and a recent vulnerability in early 2025. The common types of past vulnerabilities, such as SQL Injection and Cross-Site Scripting, echo the concerns raised by the taint analysis. While the plugin has addressed past vulnerabilities, the recurring patterns and the current code signals warrant caution. Overall, the plugin has strengths in its handling of database queries and input validation in many areas, but the unprotected entry points and high-severity taint flows are significant weaknesses that require immediate attention.

Key Concerns

5 AJAX handlers without auth checks
22 high severity taint flows with unsanitized paths
2 high severity CVEs historically
11 medium severity CVEs historically
Only 64% of output properly escaped
Bundled library (Select2) potentially outdated

Vulnerabilities

13

WP Mailster Security Vulnerabilities

CVEs by Year

1 CVE in 2017

2017

10 CVEs in 2024

2024

2 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

High

2

Medium

11

13 total CVEs

CVE-2025-24688medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Mailster <= 1.8.20.0 - Reflected Cross-Site Scripting

Jan 28, 2025 Patched in 1.8.21.0 (24d)

CVE-2025-22303medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

WP Mailster <= 1.8.17.0 - Unauthenticated Sensitive Information Exposure

Jan 6, 2025 Patched in 1.8.18.0 (10d)

CVE-2025-24598medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Mailster <= 1.8.17.0 - Reflected Cross-Site Scripting

Dec 22, 2024 Patched in 1.8.18.0 (61d)

CVE-2024-54355medium · 4.3Cross-Site Request Forgery (CSRF)

WP Mailster <= 1.8.17.0 - Cross-Site Request Forgery

Dec 11, 2024 Patched in 1.8.18.0 (9d)

CVE-2025-24567medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

WP Mailster <= 1.8.16.0 - Unauthenticated Sensitive Information Exposure

Dec 7, 2024 Patched in 1.8.17.0 (76d)

CVE-2024-11782medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Mailster <= 1.8.17.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 2, 2024 Patched in 1.8.18.0 (1d)

CVE-2024-53805high · 7.5Missing Authorization

WP Mailster <= 1.8.16.0 - Missing Authorization

Dec 2, 2024 Patched in 1.8.17.0 (11d)

CVE-2024-53803medium · 6.5Missing Authorization

WP Mailster <= 1.8.16.0 - Missing Authorization

Dec 2, 2024 Patched in 1.8.17.0 (11d)

CVE-2024-53807high · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

WP Mailster <= 1.8.16.0 - Authenticated (Contributor+) SQL Injection via orderby

Dec 2, 2024 Patched in 1.8.17.0 (11d)

CVE-2024-53804medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

WP Mailster <= 1.8.16.0 - Unauthenticated Information Exposure

Dec 2, 2024 Patched in 1.8.17.0 (11d)

CVE-2025-24559medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Mailster <= 1.8.15.0 - Reflected Cross-Site Scripting

Nov 23, 2024 Patched in 1.8.16.0 (90d)

CVE-2024-53737medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Mailster <= 1.8.16.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Nov 23, 2024 Patched in 1.8.17.0 (20d)

CVE-2017-17451medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Mailster < 1.5.5 - Cross-Site Scripting

Dec 5, 2017 Patched in 1.5.5 (2240d)

Code Analysis

Analyzed Mar 16, 2026

WP Mailster Code Analysis

Dangerous Functions

0

Raw SQL Queries

28

211 prepared

Unescaped Output

525

926 escaped

Nonce Checks

40

Capability Checks

12

File Operations

17

External Requests

2

Bundled Libraries

1

Bundled Libraries

Select2

SQL Query Safety

88% prepared239 total queries

Output Escaping

64% escaped1451 total outputs

Data Flows

25 unsanitized

Data Flow Analysis

25 flows25 with unsanitized paths

<export> (view\csv\export.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

5 unprotected

WP Mailster Attack Surface

Entry Points25

Unprotected5

AJAX Handlers 22

authwp_ajax_conncheckconncheck.php:25

authwp_ajax_getInboxStatusconncheck.php:206

authwp_ajax_removeFirstMailFromMailboxconncheck.php:253

authwp_ajax_removeAllMailsFromMailboxconncheck.php:298

authwp_ajax_removeAllMailsInSendQueueconncheck.php:343

authwp_ajax_unlockMailingListconncheck.php:374

authwp_ajax_wpmst_delete_notifywp-mailster.php:88

authwp_ajax_wpmst_subscribe_pluginwp-mailster.php:90

noprivwp_ajax_wpmst_subscribe_pluginwp-mailster.php:91

authwp_ajax_wpmst_unsubscribe_pluginwp-mailster.php:93

noprivwp_ajax_wpmst_unsubscribe_pluginwp-mailster.php:94

authwp_ajax_resetplgtimerwp-mailster.php:1603

authwp_ajax_saveLicChkResultwp-mailster.php:1639

authwp_ajax_wpmst_get_lic_subinfowp-mailster.php:1677

authwp_ajax_wpmst_do_lic_reavulationwp-mailster.php:1712

authwp_ajax_wpmst_get_server_datawp-mailster.php:1747

authwp_ajax_wpmst_checkserialwp-mailster.php:1770

authwp_ajax_wpmst_deleteLogFilewp-mailster.php:1785

authwp_ajax_wpmst_unsubscribewp-mailster.php:2369

noprivwp_ajax_wpmst_unsubscribewp-mailster.php:2370

authwp_ajax_wpmst_subscribewp-mailster.php:2375

noprivwp_ajax_wpmst_subscribewp-mailster.php:2376

Shortcodes 3

[mst_profile] wp-mailster.php:1869

[mst_subscribe] wp-mailster.php:1874

[mst_unsubscribe] wp-mailster.php:1875

WordPress Hooks 13

actionload-edit.phpclasses\mst_archived.php:30

actionadmin_enqueue_scriptsclasses\mst_queued.php:31

actionadmin_footerclasses\mst_wp_list_table.php:35

actionwidgets_initwidget\subscribe-widget.php:28

actionadmin_menuwp-mailster.php:75

actionadmin_enqueue_scriptswp-mailster.php:82

actionwp_enqueue_scriptswp-mailster.php:83

actioninitwp-mailster.php:97

actionadmin_initwp-mailster.php:107

actionshutdownwp-mailster.php:1599

actionplugins_loadedwp-mailster.php:1815

actionplugins_loadedwp-mailster.php:1950

actionplugins_loadedwp-mailster.php:2280

Maintenance & Trust

WP Mailster Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJul 6, 2025

PHP min version5.6

Downloads31K

Community Trust

Rating98/100

Number of ratings32

Active installs400

Alternatives

WP Mailster Alternatives

Mailing Group Listserv

wp-mailing-group

B

74

Creates a Mailing Group on your site to which users can subscribe, messages sent to the group's email address will be forwarded to all members.

100 1 unpatched

Participants Database

participants-database

A

87

Build and maintain a fully customizable database of participants, members or anything with signup forms, admin backend, custom lists, and CSV support.

7K 9 CVEs

Newsletters

newsletters-lite

B

76

Newsletter plugin for WordPress to capture subscribers and send beautiful, bulk newsletter emails.

2K 26 CVEs

Benchmark Email Lite

benchmark-email-lite

A

99

Your Wordpress Site and Email Marketing all in one place!

1K 1 CVE

Contact Form 7 GetResponse Extension

contact-form-7-getresponse-extension

C

63

A very easy plugin to integrate GetResponse campaigns with Contact Form 7.

1K 1 unpatched

Developer Profile

WP Mailster Developer Profile

brandtoss

2 plugins · 1K total installs

77

trust score

Avg Security Score

97/100

Avg Patch Time

198 days

View full developer profile

Detection Fingerprints

How We Detect WP Mailster

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-mailster/assets/css/admin/style.css/wp-content/plugins/wp-mailster/assets/css/frontend/style.css/wp-content/plugins/wp-mailster/assets/css/frontend/wysiwyg.css/wp-content/plugins/wp-mailster/assets/js/admin/app.js/wp-content/plugins/wp-mailster/assets/js/admin/libs/jquery.sortable.js/wp-content/plugins/wp-mailster/assets/js/admin/libs/jquery.validate.js/wp-content/plugins/wp-mailster/assets/js/admin/libs/jquery.nouislider.min.js/wp-content/plugins/wp-mailster/assets/js/admin/libs/select2.js+10 more

Generator Patterns

WP Mailster Free

Script Paths

/wp-content/plugins/wp-mailster/assets/js/admin/app.js/wp-content/plugins/wp-mailster/assets/js/frontend/subscribe.js/wp-content/plugins/wp-mailster/assets/js/frontend/unsubscribe.js/wp-content/plugins/wp-mailster/assets/js/frontend/wysiwyg.js/wp-content/plugins/wp-mailster/assets/js/frontend/tracking.js/wp-content/plugins/wp-mailster/mailster/assets/js/mailster_admin.js

Version Parameters

/wp-content/plugins/wp-mailster/assets/css/admin/style.css?ver=/wp-content/plugins/wp-mailster/assets/css/frontend/style.css?ver=/wp-content/plugins/wp-mailster/assets/css/frontend/wysiwyg.css?ver=/wp-content/plugins/wp-mailster/assets/js/admin/app.js?ver=/wp-content/plugins/wp-mailster/assets/js/admin/libs/jquery.sortable.js?ver=/wp-content/plugins/wp-mailster/assets/js/admin/libs/jquery.validate.js?ver=/wp-content/plugins/wp-mailster/assets/js/admin/libs/jquery.nouislider.min.js?ver=/wp-content/plugins/wp-mailster/assets/js/admin/libs/select2.js?ver=/wp-content/plugins/wp-mailster/assets/js/admin/libs/sortable.min.js?ver=/wp-content/plugins/wp-mailster/assets/js/admin/libs/vue.min.js?ver=/wp-content/plugins/wp-mailster/assets/js/admin/libs/moment.min.js?ver=/wp-content/plugins/wp-mailster/assets/js/admin/libs/chart.min.js?ver=/wp-content/plugins/wp-mailster/assets/js/frontend/subscribe.js?ver=/wp-content/plugins/wp-mailster/assets/js/frontend/unsubscribe.js?ver=/wp-content/plugins/wp-mailster/assets/js/frontend/wysiwyg.js?ver=/wp-content/plugins/wp-mailster/assets/js/frontend/tracking.js?ver=/wp-content/plugins/wp-mailster/mailster/assets/css/mailster_admin.css?ver=/wp-content/plugins/wp-mailster/mailster/assets/js/mailster_admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

mailster_inputmailster_wrapmailster_formmailster_form_wrapmailster_contentmailster_labelsmailster_labelmailster_input_label+11 more

HTML Comments

Data Attributes

data-mailster-form-iddata-mailster-subscribe-noncedata-mailster-unsubscribe-nonce

JS Globals

mailster_subscribe_paramsmailster_unsubscribe_paramsmailster_wysiwyg_paramsmailster_tracking_params

REST Endpoints

/wp-json/mailster/v1/subscribe/wp-json/mailster/v1/unsubscribe

FAQ

WP Mailster Security & Risk Analysis

Is WP Mailster Safe to Use in 2026?

Generally Safe

Key Concerns

WP Mailster Security Vulnerabilities

CVEs by Year

Severity Breakdown

WP Mailster Code Analysis

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

WP Mailster Attack Surface

AJAX Handlers 22

Shortcodes 3

WP Mailster Maintenance & Trust

Maintenance Signals

Community Trust

WP Mailster Alternatives

Mailing Group Listserv

Participants Database

Newsletters

Benchmark Email Lite

Contact Form 7 GetResponse Extension

WP Mailster Developer Profile

How We Detect WP Mailster

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about WP Mailster