WP-Safety

YeeMail — Email Template Builder & Customizer Security & Risk Analysis

wordpress.org/plugins/yeemail

Make an impression with your customers and represent your brand well by customizing the design and content of your email

600 active installs v2.1.5 PHP + WP 2.5+ Updated Nov 28, 2025
emailemail-builderemail-designemail-templatewp-email
99
A · Safe
CVEs total1
Unpatched0
Last CVEJan 7, 2025
Plugin page Download
Safety Verdict

Is YeeMail — Email Template Builder & Customizer Safe to Use in 2026?

Generally Safe

Score 99/100

YeeMail — Email Template Builder & Customizer has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jan 7, 2025Updated 4mo ago
Risk Assessment

The "yeemail" plugin version 2.1.5 presents a mixed security posture. On the positive side, it demonstrates good practices with a high percentage of properly escaped outputs and a solid number of capability checks. The absence of unpatched CVEs and the presence of nonce checks on all identified AJAX handlers are also favorable indicators. However, several concerns warrant attention. The static analysis reveals a notable attack surface with six AJAX handlers, one of which lacks proper authentication checks, representing a direct entry point for potential attacks. The use of the `unserialize` function is a significant risk, as it can lead to arbitrary object injection vulnerabilities if not handled with extreme caution and validation. While the taint analysis did not reveal critical or high-severity issues in this version, the presence of a flow with unsanitized paths is concerning. The vulnerability history indicates a past medium-severity Cross-Site Scripting (XSS) vulnerability, suggesting a potential recurring pattern of input sanitization weaknesses. This, combined with the identified unprotected AJAX handler and the dangerous `unserialize` function, elevates the overall risk profile.

Key Concerns

  • Unprotected AJAX handler
  • Use of dangerous function (unserialize)
  • Flow with unsanitized paths
  • Past medium vulnerability (XSS)
Vulnerabilities
1

YeeMail — Email Template Builder & Customizer Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-22802medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Email Templates Customizer for WordPress – Drag And Drop Email Templates Builder – YeeMail <= 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jan 7, 2025 Patched in 2.1.5 (8d)
Code Analysis
Analyzed Mar 16, 2026

YeeMail — Email Template Builder & Customizer Code Analysis

Dangerous Functions
3
Raw SQL Queries
1
1 prepared
Unescaped Output
34
259 escaped
Nonce Checks
6
Capability Checks
10
File Operations
17
External Requests
1
Bundled Libraries
1

Dangerous Functions Found

unserialize$key_info = unserialize( trim( $raw_response['body'] ) );includes-overwrite\gravityforms-common.php:2338
unserialize$terms_copy = unserialize( serialize( $terms ) ); // deep copy the terms to avoid repeating GFCategoincludes-overwrite\gravityforms-common.php:4037
unserialize$data = is_string( $string ) ? @unserialize( $string ) : $string;includes-overwrite\gravityforms-common.php:6115

Bundled Libraries

TinyMCE

SQL Query Safety

50% prepared2 total queries

Output Escaping

88% escaped293 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

10 flows1 with unsanitized paths
get_hooks_javascript_code (includes-overwrite\gravityforms-common.php:4774)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

YeeMail — Email Template Builder & Customizer Attack Surface

Entry Points6
Unprotected1

AJAX Handlers 6

authwp_ajax_yeemail_builder_textbackend\ajax.php:5
authwp_ajax_yeemail_builder_save_videobackend\ajax.php:6
authwp_ajax_yeemail_builder_send_email_testingbackend\ajax.php:7
authwp_ajax_yeemail_update_settings_templatebackend\ajax.php:8
authwp_ajax_yeemail_builder_reset_templatebackend\ajax.php:9
noprivwp_ajax_booknow_load_timebackend\index.php:18
WordPress Hooks 93
actionyeemail_builder_templatesbackend\demo\templates_demo.php:5
actionadmin_enqueue_scriptsbackend\index.php:8
actioninitbackend\index.php:9
actionadd_meta_boxesbackend\index.php:10
filterget_sample_permalink_htmlbackend\index.php:11
actionsave_post_yeemail_templatebackend\index.php:12
filteradmin_body_classbackend\index.php:13
actionadmin_footerbackend\index.php:14
actionadmin_action_rednumber_duplicatebackend\index.php:15
filterparse_querybackend\index.php:16
filterviews_edit-yeemail_templatebackend\index.php:17
filtermanage_yeemail_template_posts_columnsbackend\index.php:19
filtermanage_yeemail_template_posts_custom_columnbackend\index.php:20
actionadmin_menubackend\index.php:21
actionyeemail_builder_beforebackend\index.php:22
filteryeemail_builder_shortcodebackend\shortcode.php:17
actionyeemail_builder_tab_block_addonsbackend\templates\block_templates.php:3
actionyeemail_builder_tab_blockbackend\templates\button.php:3
filteryeemail_builder_block_htmlbackend\templates\button.php:14
actionyeemail_builder_tab_block_rowbackend\templates\columns.php:3
filteryeemail_builder_block_htmlbackend\templates\columns.php:34
actionyeemail_builder_tab_blockbackend\templates\content.php:3
filteryeemail_builder_block_htmlbackend\templates\content.php:14
actionyeemail_builder_tab_blockbackend\templates\divider.php:3
filteryeemail_builder_block_htmlbackend\templates\divider.php:14
actionyeemail_builder_tab__editorbackend\templates\editor.php:5
actionyeemail_builder_tab_block_templatebackend\templates\footer.php:3
filteryeemail_builder_block_htmlbackend\templates\footer.php:14
actionyeemail_builder_tab_block_templatebackend\templates\header.php:3
filteryeemail_builder_block_htmlbackend\templates\header.php:14
actionyeemail_builder_tab_blockbackend\templates\html.php:3
filteryeemail_builder_block_htmlbackend\templates\html.php:14
actionyeemail_builder_tab_block_templatebackend\templates\image-box.php:3
filteryeemail_builder_block_htmlbackend\templates\image-box.php:14
actionyeemail_builder_tab_block_templatebackend\templates\image-list.php:3
filteryeemail_builder_block_htmlbackend\templates\image-list.php:14
actionyeemail_builder_tab_blockbackend\templates\image.php:3
actionyeemail_builder_block_htmlbackend\templates\image.php:14
actionyeemail_builder_block_htmlbackend\templates\index.php:3
actionyeemail_builder_tab_blockbackend\templates\menu.php:3
filteryeemail_builder_block_htmlbackend\templates\menu.php:14
actionyeemail_builder_tab_blockbackend\templates\social.php:3
actionyeemail_builder_block_htmlbackend\templates\social.php:14
actionyeemail_builder_tab_blockbackend\templates\spacer.php:3
filteryeemail_builder_block_htmlbackend\templates\spacer.php:14
actionyeemail_builder_tab_block_templatebackend\templates\text-list.php:3
filteryeemail_builder_block_htmlbackend\templates\text-list.php:14
actionyeemail_builder_tab_blockbackend\templates\text.php:3
filteryeemail_builder_block_htmlbackend\templates\text.php:14
actionyeemail_builder_tab_block_templatebackend\templates\title.php:3
filteryeemail_builder_block_htmlbackend\templates\title.php:14
actionyeemail_builder_tab_blockbackend\templates\video.php:3
filteryeemail_builder_block_htmlbackend\templates\video.php:14
filtertemplate_includefrontend\index.php:5
filterwp_mailfrontend\index.php:6
filterwp_mail_content_typefrontend\index.php:7
filterupload_mimesfrontend\index.php:8
filteryeemail_email_idfrontend\index.php:9
filterwpcf7_editor_panelsincludes\add_ons\contact_form_7.php:5
actionedd_purchase_receipt_email_settingsincludes\add_ons\easy-digital-downloads.php:6
actionedd_email_settingsincludes\add_ons\easy-digital-downloads.php:7
filteredd_email_templatesincludes\add_ons\easy-digital-downloads.php:8
filteript_fsqm_admin_emailincludes\add_ons\eform.php:5
filteript_fsqm_user_emailincludes\add_ons\eform.php:6
filteript_fsqm_user_payment_emailincludes\add_ons\eform.php:7
filteript_fsqm_admin_payment_emailincludes\add_ons\eform.php:8
filtereverest_forms_email_messageincludes\add_ons\everest-forms.php:9
filtereverest_forms_entry_email__messageincludes\add_ons\everest-forms.php:10
filterfluentform/email_bodyincludes\add_ons\fluentform.php:5
filterformcraft_filter_yeemail_templateincludes\add_ons\formcraft3.php:5
filterfrm_email_messageincludes\add_ons\formidable.php:5
filtergform_notification_settings_fieldsincludes\add_ons\gravityfoms.php:7
filtergform_pre_send_emailincludes\add_ons\gravityfoms.php:8
filtergform_notificationincludes\add_ons\gravityfoms.php:9
filterwoocommerce_email_setting_columnsincludes\add_ons\woocommerce.php:6
actionwoocommerce_email_setting_column_yeemail_templateincludes\add_ons\woocommerce.php:7
filterwc_get_templateincludes\add_ons\woocommerce.php:8
filterwpforms_emails_mailer_messageincludes\add_ons\wpforms.php:10
filterwpforms_emails_notifications_get_content_typeincludes\add_ons\wpforms.php:11
filterwpforms_emails_notifications_messageincludes\add_ons\wpforms.php:12
filterwpforms_lite_admin_education_builder_notifications_advanced_settings_contentincludes\add_ons\wpforms.php:13
filterwpforms_pro_admin_builder_notifications_advanced_settings_contentincludes\add_ons\wpforms.php:14
filterwp_new_user_notification_emailincludes\core\notifications.php:6
filterwp_new_user_notification_email_adminincludes\core\notifications.php:8
filterpassword_change_emailincludes\core\notifications.php:10
filterwp_password_change_notification_emailincludes\core\notifications.php:12
filterretrieve_password_messageincludes\core\notifications.php:14
filterretrieve_password_titleincludes\core\notifications.php:15
filtercomment_notification_textincludes\core\notifications.php:19
filtercomment_notification_subjectincludes\core\notifications.php:20
filtercomment_notification_notify_authorincludes\core\notifications.php:21
filterwp_mail_content_typeincludes-overwrite\gravityforms-common.php:1899
filterwp_mail_charsetincludes-overwrite\gravityforms-common.php:1900
Maintenance & Trust

YeeMail — Email Template Builder & Customizer Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedNov 28, 2025
PHP min version
Downloads5K

Community Trust

Rating100/100
Number of ratings3
Active installs600
Alternatives

YeeMail — Email Template Builder & Customizer Alternatives

Email customizer and designer for woocommerce

Email customizer and designer for woocommerce

email-customizer-and-designer-for-woocommerce

A
100

If you tired of default email templates of WooCommerce and you are looking for a way to customize WooCommerce emails. Email Customizer for WooCommerce &hellip;

100 No CVEs
EmailKit – Email Customizer for WooCommerce & WP

EmailKit – Email Customizer for WooCommerce & WP

emailkit

A
95

EmailKit is a powerful WordPress and WooCommerce email customizer tool, free for everyone! It allows users to customize and design templates that show &hellip;

70K 4 CVEs
YayMail – WooCommerce Email Customizer

YayMail – WooCommerce Email Customizer

yaymail

A
94

Customize WooCommerce email templates with an advanced drag-and-drop email builder. Works great with 80+ WooCommerce Email Customizer Addons.

50K 4 CVEs
Email Templates Customizer and Designer for WordPress and WooCommerce

Email Templates Customizer and Designer for WordPress and WooCommerce

email-templates

A
99

Design and send custom emails with Email Templates plugin for WordPress and WooCommerce

20K 2 CVEs
Email Template Designer – WP HTML Mail

Email Template Designer – WP HTML Mail

wp-html-mail

A
89

All in one email template designer for WooCommerce, Ninja Forms, Elementor Forms, Gravity Forms, CF7, Support Plus, EDD, ...

20K 4 CVEs
Developer Profile

YeeMail — Email Template Builder & Customizer Developer Profile

add-ons.org

55 plugins · 26K total installs

87
trust score
Avg Security Score
99/100
Avg Patch Time
50 days
View full developer profile
Detection Fingerprints

How We Detect YeeMail — Email Template Builder & Customizer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/yeemail/frontend/css/yeemail-admin.css/wp-content/plugins/yeemail/frontend/css/yeemail-frontend.css/wp-content/plugins/yeemail/frontend/css/yeemail-main.css/wp-content/plugins/yeemail/frontend/js/yeemail-main.js/wp-content/plugins/yeemail/frontend/js/yeemail-script.js/wp-content/plugins/yeemail/backend/css/css/font-awesome.css/wp-content/plugins/yeemail/backend/css/yeemail-customizer.css/wp-content/plugins/yeemail/backend/js/yeemail-customizer.js+2 more
Script Paths
/wp-content/plugins/yeemail/frontend/js/yeemail-main.js/wp-content/plugins/yeemail/frontend/js/yeemail-script.js/wp-content/plugins/yeemail/libs/js/jquery.min.js/wp-content/plugins/yeemail/backend/js/yeemail-customizer.js/wp-content/plugins/yeemail/backend/js/yeemail-editor.js
Version Parameters
yeemail/style.css?ver=yeemail/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
yeemail-message-notice-contentyeemail-message-notice-content-inneryeemail-editor-containeryeemail-main-wrapperyeemail-customizer-controlsyeemail-preview-area
HTML Comments
<!-- Start YeeMail template --><!-- End YeeMail template --><!-- YeeMail Pro Notification -->
Data Attributes
data-yeemail-editordata-yeemail-id
JS Globals
yeemail_dataYeeMailyeemail_editor_datayeemail_customizer_data
FAQ

Frequently Asked Questions about YeeMail — Email Template Builder & Customizer