WP Clinic
Log in Sign up

PLUGIN SECURITY

Is Mailchimp For Wp safe?

Known vulnerabilities, PHP compatibility and safer alternatives for the Mailchimp For Wp WordPress plugin — checked against WP Clinic's local security database.

Plugin details

  • Slug: mailchimp-for-wp
  • Requires PHP: 7.4+
  • Max supported PHP (analyzed): 8.4

Known vulnerabilities

  • MC4WP: Mailchimp for WordPress [mailchimp-for-wp] < 4.1.8 [CVE-2017-18577, Mailchimp For WP <= 4.1.7 - Cross-Site Scripting, Mailchimp For WP &lt; 4.1.8 - XSS]
  • MC4WP: Mailchimp for WordPress [mailchimp-for-wp] < 4.0.11 [CVE-2016-10871, MailChimp for WordPress <= 4.0.10 - Reflected Cross-Site Scripting, MailChimp for WordPress &lt;= 4.0.10 - Authenticated Cross-Site Scripting (XSS)]
  • MC4WP: Mailchimp for WordPress [mailchimp-for-wp] < 4.8.5 [WordPress MC4WP plugin <= 4.8.4 - Unauthorised Actions via Cross-Site Request Forgery (CSRF) vulnerability]
  • MC4WP: Mailchimp for WordPress [mailchimp-for-wp] < 4.8.5 [WordPress MC4WP plugin <= 4.8.4 - Authenticated Arbitrary Redirect vulnerability]
  • MC4WP: Mailchimp for WordPress [mailchimp-for-wp] < 4.8.7 [CVE-2021-36833, MC4WP: Mailchimp for WordPress <= 4.8.6 - Authenticated (Admin+) Stored Cross-Site Scripting, MC4WP &lt; 4.8.7 - Admin+ Stored Cross-Site Scripting, WordPress MC4WP Plugin <= 4.8.6 is vulnerable to Cross Site Scripting (XSS)]
+ 13 more known vulnerabilities
  • MC4WP: Mailchimp for WordPress [mailchimp-for-wp] < 4.0.11 [WordPress MailChimp Plugin <= 4.0.10 - Cross Site Scripting]
  • MC4WP: Mailchimp for WordPress [mailchimp-for-wp] < 4.8.7 [MC4WP: Mailchimp for WordPress < 4.8.7 - Cross-Site Scripting]
  • MC4WP: Mailchimp for WordPress [mailchimp-for-wp] < 4.8.5 [MC4WP: Mailchimp for WordPress <= 4.8.4 - Cross-Site Request Forgery]
  • MC4WP: Mailchimp for WordPress [mailchimp-for-wp] < 4.8.5 [MC4WP: Mailchimp for WordPress <= 4.8.4 - Open Redirect]
  • MC4WP: Mailchimp for WordPress [mailchimp-for-wp] < 4.1.7 [MC4WP: Mailchimp for WordPress <= 4.1.6 - Reflected Cross-Site Scripting]
  • MC4WP: Mailchimp for WordPress [mailchimp-for-wp] < 4.8.7 [MC4WP &lt; 4.8.7 - Admin+ Stored Cross-Site Scripting]
  • MC4WP: Mailchimp for WordPress [mailchimp-for-wp] < 4.8.5 [MC4WP: Mailchimp for WordPress &lt; 4.8.5 - Authenticated Arbitrary Redirect]
  • MC4WP: Mailchimp for WordPress [mailchimp-for-wp] < 4.8.5 [MC4WP: Mailchimp for WordPress &lt; 4.8.5 - Unauthorised Actions via CSRF]
  • MC4WP: Mailchimp for WordPress [mailchimp-for-wp] < 4.1.7 [MailChimp for WordPress &lt;= 4.1.6 - Authenticated Cross-Site Scripting (XSS)]
  • MC4WP: Mailchimp for WordPress [mailchimp-for-wp] < 4.9.10 [CVE-2023-51682, WordPress MC4WP Plugin <= 4.9.9 is vulnerable to Broken Access Control, MC4WP <= 4.9.9 - Missing Authorization via listen, MC4WP &lt; 4.9.10 - Unauthenticated Unpublished Form Preview]
  • MC4WP: Mailchimp for WordPress [mailchimp-for-wp] >= 4.9.9 - <= 4.9.16 [CVE-2024-8850, MC4WP: Mailchimp for WordPress 4.9.9 - 4.9.16 - Reflected Cross-Site Scripting, WordPress MC4WP Plugin 4.9.9 - 4.9.16 is vulnerable to Cross Site Scripting (XSS)]
  • MC4WP: Mailchimp for WordPress [mailchimp-for-wp] < 4.9.17 [CVE-2024-8680, MailChimp for Wordpress <= 4.9.16 - Authenticated (Administrator+) Stored Cross-Site Scripting, WordPress MC4WP Plugin <= 4.9.16 is vulnerable to Cross Site Scripting (XSS)]
  • MC4WP: Mailchimp for WordPress [mailchimp-for-wp] < 4.12.0 [CVE-2026-1781, MC4WP: Mailchimp for WordPress <= 4.11.1 - Missing Authorization to Unauthenticated Arbitrary Subscription Deletion]

Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.

Safer / more established alternatives

Check your own WordPress site

Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.