Does wpCJ Chimp have any unpatched vulnerabilities?

No. All known vulnerabilities in wpCJ Chimp have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is wpCJ Chimp compatible with WordPress 2.9.2?

According to WordPress.org data, wpCJ Chimp 1.2 has been tested up to WordPress 2.9.2. Check the plugin's changelog for the latest compatibility information.

How often is wpCJ Chimp updated?

wpCJ Chimp was last updated on Apr 9, 2010. Frequent updates are generally a positive security signal.

What is wpCJ Chimp's security score?

wpCJ Chimp has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

wpCJ Chimp Security & Risk Analysis

wordpress.org/plugins/wpcj-chimp

wpCJ Chimp allows you to automatically add a new registered user to your MailChimp list once they registered with your blog depending on his/her selec …

10 active installs v1.2 PHP + WP 2.9+ Updated Apr 9, 2010

maichimp

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is wpCJ Chimp Safe to Use in 2026?

Generally Safe

Score 85/100

wpCJ Chimp has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 16yr ago

Risk Assessment

The WPCJ-Chimp plugin v1.2 exhibits a mixed security posture. On the positive side, the plugin has a very small attack surface with no apparent AJAX handlers, REST API routes, shortcodes, or cron events exposed. Furthermore, all SQL queries are correctly using prepared statements, and there are no recorded vulnerabilities or CVEs. This indicates a conscientious effort by the developers to avoid common security pitfalls.

However, several significant concerns arise from the static analysis. The presence of the `unserialize` function is a red flag, as it can be a direct vector for code injection if the unserialized data originates from an untrusted source. Compounding this, a concerning 100% of output functions are not properly escaped, leaving the plugin vulnerable to cross-site scripting (XSS) attacks. The lack of nonce checks and capability checks on any potential entry points (though none are explicitly found) also weakens its overall security. While taint analysis showed no issues, this may be due to the limited scope of analysis or the absence of clear taint sources.

In conclusion, while the plugin boasts a clean vulnerability history and good practices in database interactions and attack surface minimization, the critical risks associated with unsanitized `unserialize` usage and widespread unescaped output cannot be ignored. These issues create significant potential for remote code execution and XSS vulnerabilities, respectively, despite the absence of readily identifiable external attack vectors.

Key Concerns

Unescaped output detected
Dangerous function 'unserialize' used
Lack of nonce checks
Lack of capability checks

Vulnerabilities

None known

wpCJ Chimp Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

wpCJ Chimp Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$serial = unserialize($response);MCAPI.class.php:1456

Output Escaping

0% escaped11 total outputs

Attack Surface

wpCJ Chimp Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 9

actionregister_formindex.php:241

actionregister_postindex.php:242

actionuser_registerindex.php:243

actionadmin_initindex.php:246

actionadmin_menuindex.php:247

actionadmin_print_scriptsindex.php:248

actionadmin_print_stylesindex.php:249

filterplugin_action_linksindex.php:250

filtercontextual_helpindex.php:254

Maintenance & Trust

wpCJ Chimp Maintenance & Trust

Maintenance Signals

WordPress version tested2.9.2

Last updatedApr 9, 2010

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

wpCJ Chimp Alternatives

No alternatives data available yet.

Developer Profile

wpCJ Chimp Developer Profile

willcast

3 plugins · 30 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect wpCJ Chimp

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wpcj-chimp/wpcjchimp-admin.css/wp-content/plugins/wpcj-chimp/wpcjchimp-frontend.css/wp-content/plugins/wpcj-chimp/wpcjchimp-frontend.js/wp-content/plugins/wpcj-chimp/MCAPI.class.php

Version Parameters

wpcj-chimp/wpcjchimp-admin.css?ver=wpcj-chimp/wpcjchimp-frontend.css?ver=wpcj-chimp/wpcjchimp-frontend.js?ver=

HTML / DOM Fingerprints

JS Globals

SISTEMACONTEXTVERSIONwpcjChimp_pluginwpcjChimp_first_modulewpcjChimp_message+4 more

Shortcode Output

 ERROR: is mandatory.Contextual Help for wpcjChimp<hr/>

FAQ