Does WP SendFox have any unpatched vulnerabilities?

Yes — WP SendFox currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is WP SendFox compatible with WordPress 6.4.8?

According to WordPress.org data, WP SendFox 1.3.1 has been tested up to WordPress 6.4.8. Check the plugin's changelog for the latest compatibility information.

Is WP SendFox compatible with PHP 5.2.4+?

WP SendFox requires PHP 5.2.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WP SendFox updated?

WP SendFox was last updated on Mar 7, 2024. Frequent updates are generally a positive security signal.

What is WP SendFox's security score?

WP SendFox has a WP-Safety security score of 63/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP SendFox Security & Risk Analysis

wordpress.org/plugins/wp-sendfox

Capture emails and add them to your SendFox list via comments, registration, WooCommerce checkout, Gutenberg page or Divi Builder page.

1K active installs v1.3.1 PHP 5.2.4+ WP 4.6+ Updated Mar 7, 2024

exportintegrationsendfoxwoocommercewp

C · Use Caution

CVEs total2

Unpatched1

Last CVEOct 15, 2024

Plugin page Download

Safety Verdict

Is WP SendFox Safe to Use in 2026?

Use With Caution

Score 63/100

WP SendFox has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

2 known CVEs 1 unpatched Last CVE: Oct 15, 2024Updated 2yr ago

Risk Assessment

The wp-sendfox plugin exhibits a mixed security posture. While it avoids using dangerous functions and has some rudimentary checks in place like nonce and capability checks, significant concerns arise from its attack surface and data handling practices. The presence of multiple AJAX handlers without authentication is a major vulnerability, potentially allowing unauthorized users to interact with sensitive plugin functionalities. Furthermore, the lack of prepared statements for SQL queries and the low percentage of properly escaped output suggest a high risk of SQL injection and cross-site scripting (XSS) vulnerabilities, respectively. The vulnerability history, with two medium-severity CVEs including an unpatched one, reinforces these concerns. The repeated exposure of sensitive information and missing authorization vulnerabilities in its past indicate a recurring pattern of security weaknesses in how the plugin handles user access and data. Despite a relatively small attack surface in terms of entry points, the lack of robust security measures on those entry points, coupled with historical issues, elevates the overall risk of this plugin.

Key Concerns

Unpatched CVE
Multiple AJAX handlers without auth checks
Raw SQL queries without prepared statements
Low percentage of properly escaped output
One unsanitized taint flow
Missing authorization vulnerabilities in history
Exposure of sensitive information vulnerabilities in history

Vulnerabilities

WP SendFox Security Vulnerabilities

CVEs by Year

2 CVEs in 2024 · unpatched

2024

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2024-49284medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

WP SendFox <= 1.3.1 - Unauthenticated Information Disclosure

Oct 15, 2024Unpatched

CVE-2024-27970medium · 4.3Missing Authorization

WP SendFox <= 1.3.0 - Missing Authorization

Mar 13, 2024 Patched in 1.3.1 (8d)

Code Analysis

Analyzed Mar 16, 2026

WP SendFox Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

26 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared2 total queries

Output Escaping

33% escaped78 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

<wp-sendfox-admin> (wp-sendfox-admin.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

WP SendFox Attack Surface

Entry Points5

Unprotected4

AJAX Handlers 5

authwp_ajax_sf4wp_gutenberg_get_listsincludes\gutenberg\gutenberg-email-optin.php:178

noprivwp_ajax_sf4wp_gutenberg_get_listsincludes\gutenberg\gutenberg-email-optin.php:179

authwp_ajax_sf4wp_gutenberg_subscribeincludes\gutenberg\gutenberg-email-optin.php:224

noprivwp_ajax_sf4wp_gutenberg_subscribeincludes\gutenberg\gutenberg-email-optin.php:225

authwp_ajax_sf4wp_process_syncwp-sendfox.php:1211

WordPress Hooks 24

actionenqueue_block_assetsincludes\gutenberg\gutenberg-email-optin.php:162

actionwp_enqueue_scriptsincludes\gutenberg\gutenberg-email-optin.php:196

actioncomment_form_after_fieldswp-sendfox.php:36

actionregister_formwp-sendfox.php:40

actionwoocommerce_after_checkout_billing_formwp-sendfox.php:61

actionwoocommerce_after_checkout_shipping_formwp-sendfox.php:65

actionwoocommerce_checkout_after_customer_detailswp-sendfox.php:69

actionwoocommerce_review_order_before_submitwp-sendfox.php:73

actionwoocommerce_after_order_noteswp-sendfox.php:77

actioninitwp-sendfox.php:82

actionbefore_woocommerce_initwp-sendfox.php:86

actionplugins_loadedwp-sendfox.php:102

actionadmin_menuwp-sendfox.php:122

actionadmin_initwp-sendfox.php:154

actionactivated_pluginwp-sendfox.php:177

actionadmin_headwp-sendfox.php:413

filterpre_update_option_gb_sf4wp_optionswp-sendfox.php:454

actioncomment_postwp-sendfox.php:577

actiontransition_comment_statuswp-sendfox.php:633

actionuser_registerwp-sendfox.php:738

actionwoocommerce_checkout_order_processedwp-sendfox.php:855

actionlearndash_update_course_accesswp-sendfox.php:898

filteret_core_get_third_party_componentswp-sendfox.php:1256

actionafter_setup_themewp-sendfox.php:1276

Maintenance & Trust

WP SendFox Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8

Last updatedMar 7, 2024

PHP min version5.2.4

Downloads17K

Community Trust

Rating100/100

Number of ratings8

Active installs1K

Alternatives

WP SendFox Alternatives

W2P: Pipedrive CRM Integration for WooCommerce

w2p-pipedrive-crm-integration-for-woocommerce

100

Sync your WooCommerce store with Pipedrive to effortlessly manage customer activity and orders in one place.

40 No CVEs

SA Integrations For Google Sheets

sa-integrations-for-google-sheets

100

This plugin connects your WordPress website with Google Sheets, enabling automatic synchronization of form submissions and WooCommerce order data.

0 No CVEs

WP Crontrol

wp-crontrol

WP Crontrol enables you to take control of the cron events on your WordPress website.

300K 3 CVEs

Advanced Order Export For WooCommerce

woo-order-export-lite

Export WooCommerce orders to Excel, CSV, XML, JSON, PDF and HTML. Best free order export plugin for WooCommerce.

100K 8 CVEs

WPC Smart Quick View for WooCommerce

woo-smart-quick-view

WPC Smart Quick View allows users to get a quick look at products without opening the product page.

100K 3 CVEs

Developer Profile

WP SendFox Developer Profile

BogdanFix

2 plugins · 1K total installs

trust score

Avg Security Score

78/100

Avg Patch Time

8 days

View full developer profile

Detection Fingerprints

How We Detect WP SendFox

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-sendfox/assets/css/sf-frontend.css/wp-content/plugins/wp-sendfox/assets/js/sf-frontend.js/wp-content/plugins/wp-sendfox/assets/js/gb-sf4wp.js

Script Paths

/wp-content/plugins/wp-sendfox/assets/js/sf-frontend.js/wp-content/plugins/wp-sendfox/assets/js/gb-sf4wp.js

Version Parameters

wp-sendfox/assets/css/sf-frontend.css?ver=wp-sendfox/assets/js/sf-frontend.js?ver=wp-sendfox/assets/js/gb-sf4wp.js?ver=

HTML / DOM Fingerprints

CSS Classes

sf-inputsf-labelsf-submitgb_sf4wp_form

Data Attributes

data-sf4wp-id

JS Globals

gb_sf4wp_vars

FAQ