WP-Safety

Subscribe Forms – Beautiful Email Forms, Embedded Newsletter Forms & MailChimp Form Security & Risk Analysis

wordpress.org/plugins/wp-subscribe-form

Use Subscribe Forms to grow your email subscriber lists with Subscribe Forms built-in email forms templates and integrations 📧

2K active installs v1.6.2 PHP + WP 4.0+ Updated Mar 11, 2026
contact-formformform-builderformsmailchimp-form
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Subscribe Forms – Beautiful Email Forms, Embedded Newsletter Forms & MailChimp Form Safe to Use in 2026?

Generally Safe

Score 100/100

Subscribe Forms – Beautiful Email Forms, Embedded Newsletter Forms & MailChimp Form has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 23d ago
Risk Assessment

The "wp-subscribe-form" v1.6.2 plugin exhibits a generally good security posture, with a strong emphasis on proper authentication and authorization checks across its defined entry points. The absence of unpatched CVEs and any recorded past vulnerabilities is a significant positive indicator of the plugin's maintenance and developer attention to security. The extensive use of nonce and capability checks, coupled with a high percentage of properly escaped output, further bolsters its defensive measures against common web attacks.

Key Concerns

  • Use of unserialize
  • Flows with unsanitized paths
  • SQL queries not using prepared statements
  • Bundled libraries (Select2)
Vulnerabilities
None known

Subscribe Forms – Beautiful Email Forms, Embedded Newsletter Forms & MailChimp Form Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Subscribe Forms – Beautiful Email Forms, Embedded Newsletter Forms & MailChimp Form Code Analysis

Dangerous Functions
1
Raw SQL Queries
10
14 prepared
Unescaped Output
89
945 escaped
Nonce Checks
9
Capability Checks
21
File Operations
12
External Requests
9
Bundled Libraries
1

Dangerous Functions Found

unserialize$serial = unserialize($response);includes\MCAPI.class.php:2904

Bundled Libraries

Select2

SQL Query Safety

58% prepared24 total queries

Output Escaping

91% escaped1034 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

8 flows1 with unsanitized paths
<sfba_support_process> (includes\sfba_support_process.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Subscribe Forms – Beautiful Email Forms, Embedded Newsletter Forms & MailChimp Form Attack Surface

Entry Points11
Unprotected0

AJAX Handlers 10

authwp_ajax_sfba_ajaxincludes\sfba-ajax-handler.php:168
noprivwp_ajax_sfba_ajaxincludes\sfba-ajax-handler.php:169
authwp_ajax_sfba_delete_db_recordincludes\sfba-ajax-handler.php:171
noprivwp_ajax_sfba_delete_db_recordincludes\sfba-ajax-handler.php:172
authwp_ajax_sfba_delete_db_dataincludes\sfba-ajax-handler.php:175
noprivwp_ajax_sfba_delete_db_dataincludes\sfba-ajax-handler.php:176
noprivwp_ajax_subscribe_form_send_message_to_ownerindex.php:249
authwp_ajax_subscribe_form_send_message_to_ownerindex.php:250
authwp_ajax_subscribe_forms_update_statussubscribe.class.php:8
authwp_ajax_subscribe_form_plugin_deactivatesubscribe.class.php:11

Shortcodes 1

[arrow_forms] includes\sfba-shortcode.php:6
WordPress Hooks 28
actionadmin_enqueue_scriptsclass-review-box.php:85
actionadmin_noticesclass-review-box.php:86
filtermanage_sfba_subscribe_form_posts_columnsincludes\sfba-custom-columns.php:4
actionmanage_sfba_subscribe_form_posts_custom_columnincludes\sfba-custom-columns.php:7
actionadmin_enqueue_scriptsincludes\sfba-enqueue-scripts.php:4
actionadmin_enqueue_scriptsincludes\sfba-enqueue-scripts.php:5
actionwp_print_scriptsincludes\sfba-enqueue-scripts.php:60
actionadd_meta_boxesincludes\sfba-post-meta-boxes.php:4
filtergettextincludes\sfba-post-meta-boxes.php:364
actioninitincludes\sfba-post-type.php:5
actionadmin_menuincludes\sfba-post-type.php:6
actionadmin_initincludes\sfba-post-type.php:7
actionadmin_enqueue_scriptsincludes\sfba-post-type.php:97
filterenter_title_hereincludes\sfba-post-type.php:162
actionsave_postincludes\sfba-save-post-meta.php:4
filterwidget_textincludes\sfba-shortcode.php:5
actionadmin_footerincludes\sfba-subscription-ajax.php:4
actionactivated_pluginindex.php:58
actionadmin_initindex.php:80
actionadmin_initindex.php:105
actionmanage_posts_extra_tablenavindex.php:177
actionadmin_initindex.php:184
actionadmin_footerindex.php:239
actionwp_loadedindex.php:349
actionadmin_initindex.php:438
actionadmin_footerindex.php:487
actionadmin_enqueue_scriptssubscribe.class.php:7
actionadmin_footersubscribe.class.php:10
Maintenance & Trust

Subscribe Forms – Beautiful Email Forms, Embedded Newsletter Forms & MailChimp Form Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 11, 2026
PHP min version
Downloads102K

Community Trust

Rating94/100
Number of ratings60
Active installs2K
Alternatives

Subscribe Forms – Beautiful Email Forms, Embedded Newsletter Forms & MailChimp Form Alternatives

WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More

wpforms-lite

A
90

The best WordPress contact form plugin. Drag & Drop form builder to create beautiful contact forms, payment forms, & other custom forms.

6.0M 13 CVEs
Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder

fluentform

B
82

Get a fast contact form plugin. Create advanced forms using drag and drop form builder with all smart features.

600K 27 CVEs
Ninja Forms – The Contact Form Builder That Grows With You

Ninja Forms – The Contact Form Builder That Grows With You

ninja-forms

B
76

The 100% beginner friendly WordPress form builder. Drag & drop form fields to build beautiful, professional contact forms in minutes.

600K 74 CVEs
SureForms – Contact Form, Payment Form & Other Custom Form Builder

SureForms – Contact Form, Payment Form & Other Custom Form Builder

sureforms

A
88

The most beginner-friendly, AI Form Builder for WordPress to create contact forms, payment forms & other custom forms with advanced features, with &hellip;

400K 15 CVEs
Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder

Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder

everest-forms

B
84

The best WordPress form builder. Create contact forms, payment forms, conversational forms, custom forms, surveys, & quizzes using drag and drop.

100K 12 CVEs
Developer Profile

Subscribe Forms – Beautiful Email Forms, Embedded Newsletter Forms & MailChimp Form Developer Profile

Premio

9 plugins · 651K total installs

76
trust score
Avg Security Score
95/100
Avg Patch Time
168 days
View full developer profile
Detection Fingerprints

How We Detect Subscribe Forms – Beautiful Email Forms, Embedded Newsletter Forms & MailChimp Form

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-subscribe-form/assets/css/admin-style.css/wp-content/plugins/wp-subscribe-form/assets/css/style.css/wp-content/plugins/wp-subscribe-form/assets/css/font-awesome.css/wp-content/plugins/wp-subscribe-form/assets/js/jquery.validate.min.js/wp-content/plugins/wp-subscribe-form/assets/js/admin-script.js/wp-content/plugins/wp-subscribe-form/assets/js/front-script.js
Script Paths
/wp-content/plugins/wp-subscribe-form/assets/js/jquery.validate.min.js/wp-content/plugins/wp-subscribe-form/assets/js/admin-script.js/wp-content/plugins/wp-subscribe-form/assets/js/front-script.js
Version Parameters
/wp-content/plugins/wp-subscribe-form/assets/css/admin-style.css?ver=/wp-content/plugins/wp-subscribe-form/assets/css/style.css?ver=/wp-content/plugins/wp-subscribe-form/assets/css/font-awesome.css?ver=/wp-content/plugins/wp-subscribe-form/assets/js/jquery.validate.min.js?ver=/wp-content/plugins/wp-subscribe-form/assets/js/admin-script.js?ver=/wp-content/plugins/wp-subscribe-form/assets/js/front-script.js?ver=

HTML / DOM Fingerprints

CSS Classes
sfba-list-tablesfba-BlankState-ctasfba-subscribe-form
HTML Comments
/* subscribeform1 *//* subscribeform2 *//* subscribeform5 *//* subscribeform8 */+2 more
Data Attributes
sfba-form1-display-namesfba-form2-display-namesfba-form5-display-namesfba-form8-display-namesfba-form11-display-name
JS Globals
sfba_subscribe_form_params
Shortcode Output
[subscribe-form[subscribe-form
FAQ

Frequently Asked Questions about Subscribe Forms – Beautiful Email Forms, Embedded Newsletter Forms & MailChimp Form