PLUGIN SECURITY
Is Mailchimp For Wp safe?
Known vulnerabilities, PHP compatibility and safer alternatives for the Mailchimp For Wp WordPress plugin — checked against WP Clinic's local security database.
Plugin details
- Slug:
mailchimp-for-wp - Requires PHP: 7.4+
- Max supported PHP (analyzed): 8.4
Known vulnerabilities
- MC4WP: Mailchimp for WordPress [mailchimp-for-wp] < 4.1.8 [CVE-2017-18577, Mailchimp For WP <= 4.1.7 - Cross-Site Scripting, Mailchimp For WP < 4.1.8 - XSS]
- MC4WP: Mailchimp for WordPress [mailchimp-for-wp] < 4.0.11 [CVE-2016-10871, MailChimp for WordPress <= 4.0.10 - Reflected Cross-Site Scripting, MailChimp for WordPress <= 4.0.10 - Authenticated Cross-Site Scripting (XSS)]
- MC4WP: Mailchimp for WordPress [mailchimp-for-wp] < 4.8.5 [WordPress MC4WP plugin <= 4.8.4 - Unauthorised Actions via Cross-Site Request Forgery (CSRF) vulnerability]
- MC4WP: Mailchimp for WordPress [mailchimp-for-wp] < 4.8.5 [WordPress MC4WP plugin <= 4.8.4 - Authenticated Arbitrary Redirect vulnerability]
- MC4WP: Mailchimp for WordPress [mailchimp-for-wp] < 4.8.7 [CVE-2021-36833, MC4WP: Mailchimp for WordPress <= 4.8.6 - Authenticated (Admin+) Stored Cross-Site Scripting, MC4WP < 4.8.7 - Admin+ Stored Cross-Site Scripting, WordPress MC4WP Plugin <= 4.8.6 is vulnerable to Cross Site Scripting (XSS)]
+ 13 more known vulnerabilities
- MC4WP: Mailchimp for WordPress [mailchimp-for-wp] < 4.0.11 [WordPress MailChimp Plugin <= 4.0.10 - Cross Site Scripting]
- MC4WP: Mailchimp for WordPress [mailchimp-for-wp] < 4.8.7 [MC4WP: Mailchimp for WordPress < 4.8.7 - Cross-Site Scripting]
- MC4WP: Mailchimp for WordPress [mailchimp-for-wp] < 4.8.5 [MC4WP: Mailchimp for WordPress <= 4.8.4 - Cross-Site Request Forgery]
- MC4WP: Mailchimp for WordPress [mailchimp-for-wp] < 4.8.5 [MC4WP: Mailchimp for WordPress <= 4.8.4 - Open Redirect]
- MC4WP: Mailchimp for WordPress [mailchimp-for-wp] < 4.1.7 [MC4WP: Mailchimp for WordPress <= 4.1.6 - Reflected Cross-Site Scripting]
- MC4WP: Mailchimp for WordPress [mailchimp-for-wp] < 4.8.7 [MC4WP < 4.8.7 - Admin+ Stored Cross-Site Scripting]
- MC4WP: Mailchimp for WordPress [mailchimp-for-wp] < 4.8.5 [MC4WP: Mailchimp for WordPress < 4.8.5 - Authenticated Arbitrary Redirect]
- MC4WP: Mailchimp for WordPress [mailchimp-for-wp] < 4.8.5 [MC4WP: Mailchimp for WordPress < 4.8.5 - Unauthorised Actions via CSRF]
- MC4WP: Mailchimp for WordPress [mailchimp-for-wp] < 4.1.7 [MailChimp for WordPress <= 4.1.6 - Authenticated Cross-Site Scripting (XSS)]
- MC4WP: Mailchimp for WordPress [mailchimp-for-wp] < 4.9.10 [CVE-2023-51682, WordPress MC4WP Plugin <= 4.9.9 is vulnerable to Broken Access Control, MC4WP <= 4.9.9 - Missing Authorization via listen, MC4WP < 4.9.10 - Unauthenticated Unpublished Form Preview]
- MC4WP: Mailchimp for WordPress [mailchimp-for-wp] >= 4.9.9 - <= 4.9.16 [CVE-2024-8850, MC4WP: Mailchimp for WordPress 4.9.9 - 4.9.16 - Reflected Cross-Site Scripting, WordPress MC4WP Plugin 4.9.9 - 4.9.16 is vulnerable to Cross Site Scripting (XSS)]
- MC4WP: Mailchimp for WordPress [mailchimp-for-wp] < 4.9.17 [CVE-2024-8680, MailChimp for Wordpress <= 4.9.16 - Authenticated (Administrator+) Stored Cross-Site Scripting, WordPress MC4WP Plugin <= 4.9.16 is vulnerable to Cross Site Scripting (XSS)]
- MC4WP: Mailchimp for WordPress [mailchimp-for-wp] < 4.12.0 [CVE-2026-1781, MC4WP: Mailchimp for WordPress <= 4.11.1 - Missing Authorization to Unauthenticated Arbitrary Subscription Deletion]
Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.
Safer / more established alternatives
- WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin — 4000000+ active installs — max PHP 8.4
- Easy WP SMTP – WordPress SMTP and Email Logs: Gmail SMTP, Office 365, Outlook, Custom SMTP, and more — 500000+ active installs — max PHP 8.4
- Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App — 300000+ active installs — max PHP 8.4
- WP Mail Logging — 300000+ active installs
- Mailchimp for WooCommerce — 200000+ active installs — max PHP 8.4
Check your own WordPress site
Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.