WP-Safety

Yeloni Customizable Popup for Mailchimp Security & Risk Analysis

wordpress.org/plugins/yeloni-customizable-popup-for-mailchimp

This plugin lets you create Email Subscription Popups using Mailchimp. You can customize the design and configure behavior of the popup.

10 active installs v1.0.3 PHP + WP 3.0.1+ Updated Sep 26, 2016
custom-mailchimpmailchimpmailchimp-subscriptionpopupsubscription
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Yeloni Customizable Popup for Mailchimp Safe to Use in 2026?

Generally Safe

Score 85/100

Yeloni Customizable Popup for Mailchimp has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago
Risk Assessment

The plugin "yeloni-customizable-popup-for-mailchimp" v1.0.3 exhibits a mixed security posture. On one hand, the static analysis indicates a strong adherence to secure coding practices regarding database interactions and a lack of known vulnerabilities in its history. The absence of critical taint flows and the exclusive use of prepared statements for SQL queries are positive signs. However, a significant concern arises from the complete lack of output escaping, meaning that any data processed by the plugin could potentially be rendered directly into the browser without proper sanitization, opening the door for Cross-Site Scripting (XSS) vulnerabilities. Furthermore, the absence of nonce checks and capability checks across all identified entry points (though currently zero) suggests a potential risk if new entry points are introduced or if current ones are not properly secured in future updates.

While the plugin currently presents a very small attack surface and has no recorded historical vulnerabilities, the critical weakness in output escaping poses a substantial risk. This oversight, combined with the lack of explicit capability checks, means that even if no direct vulnerabilities are present in v1.0.3, a simple misconfiguration or future development oversight could lead to security issues. The plugin demonstrates good practices in data handling but fails critically in output sanitization, which is a fundamental security requirement.

Key Concerns

  • No output escaping
  • No nonce checks
  • No capability checks
Vulnerabilities
None known

Yeloni Customizable Popup for Mailchimp Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Yeloni Customizable Popup for Mailchimp Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
20
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
5
External Requests
1
Bundled Libraries
0

Output Escaping

0% escaped20 total outputs
Attack Surface

Yeloni Customizable Popup for Mailchimp Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 3
actionadmin_menuwordpress\yetience-class.php:26
actionwp_footerwordpress\yetience-class.php:29
actionadmin_initwordpress\yetience-class.php:120
Maintenance & Trust

Yeloni Customizable Popup for Mailchimp Maintenance & Trust

Maintenance Signals

WordPress version tested4.5.33
Last updatedSep 26, 2016
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Yeloni Customizable Popup for Mailchimp Alternatives

Yeloni Exit Popup | (Free) GDPR Compliance

Yeloni Exit Popup | (Free) GDPR Compliance

yeloni-free-exit-popup

A
92

Powerful lead generation plugin that converts abandoning visitors into subscribers using exit intent, page level targeting & custom designs.

900 No CVEs
Social Subscribe Box

Social Subscribe Box

social-subscribe-box

A
85

Simple Mailchimp newsletter subscription slide-out box with social profile links.

10 No CVEs
CB MailChimp Popup Subscriber

CB MailChimp Popup Subscriber

cb-popup-subscriber

A
100

You can show popup email subscription message for your website with Mailchimp

0 No CVEs
Choyal Subscription Popup – MailChimp Support

Choyal Subscription Popup – MailChimp Support

choyal-subscription-popup

A
85

Choyal Subscription Popup fully customizable popup. Full control over popup heading, text, popup background overlay and background image.

0 No CVEs
Email Subscription Form Widget

Email Subscription Form Widget

email-subscription-form-widget

A
92

A simple plugin to collect users email to mailchimp

0 No CVEs
Developer Profile

Yeloni Customizable Popup for Mailchimp Developer Profile

shardulgaikwad

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Yeloni Customizable Popup for Mailchimp

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/yeloni-customizable-popup-for-mailchimp/assets/css/yetience-style.css/wp-content/plugins/yeloni-customizable-popup-for-mailchimp/assets/js/yetience-functions.js/wp-content/plugins/yeloni-customizable-popup-for-mailchimp/assets/js/yetience-admin.js/wp-content/plugins/yeloni-customizable-popup-for-mailchimp/assets/js/yetience-client.js/wp-content/plugins/yeloni-customizable-popup-for-mailchimp/admin-interface/src/css/bootstrap.min.css/wp-content/plugins/yeloni-customizable-popup-for-mailchimp/admin-interface/src/css/yetience-admin-style.css/wp-content/plugins/yeloni-customizable-popup-for-mailchimp/admin-interface/src/js/bootstrap.min.js/wp-content/plugins/yeloni-customizable-popup-for-mailchimp/admin-interface/src/js/yetience-admin-interface.js
Script Paths
/wp-content/plugins/yeloni-customizable-popup-for-mailchimp/wordpress/yetience-class.php
Version Parameters
yeloni-customizable-popup-for-mailchimp/assets/css/yetience-style.css?ver=yeloni-customizable-popup-for-mailchimp/assets/js/yetience-functions.js?ver=yeloni-customizable-popup-for-mailchimp/assets/js/yetience-admin.js?ver=yeloni-customizable-popup-for-mailchimp/assets/js/yetience-client.js?ver=

HTML / DOM Fingerprints

CSS Classes
yetience-containeryel-last-screen
HTML Comments
this file is called when the admin side of yeloni is loadedbelow part contains a hidden textbox and a submit buttonwhich loads the setup data into the wordpress settings textbox
Data Attributes
id="yetience_setup"id="yetience_submit_button"id="autience-save-message"id="autience-undo-message"
JS Globals
yetiencewindow.yetienceyetience.wordpress_versionyetience.pathyetience.adminPathyetience.pageList+17 more
FAQ

Frequently Asked Questions about Yeloni Customizable Popup for Mailchimp