Who maintains the Sparkpost plugin? Is it abandoned?

  • Carl Rozema

    (@carlrozemaaxcintnl)


    2 years, 1 month ago

    Hi, We use Sparkpost in a lot of (WordPress) websites and are very happy with it. But now WordFence reports the Sparkpost plugin as possibly abandoned because it hasn’t been updated for over two years.

    I asked Sparkpost if they could not just make a small update e.g. to just confirm it is tested up to WP6.1.1, but they answered that they do not maintain the plugin. So my question is who does?

    As far as I’m concerned everything works great, but I don’t like WordFence complaining.

    Regards,
    Carl

Viewing 8 replies - 1 through 8 (of 8 total)

  • The repository on GitHub lists a few people: https://github.com/SparkPost/wordpress-sparkpost/graphs/contributors

    rajumsys seems to have maintained it in the past but hasn’t committed anything in the last year.

    As a paying SparkPost customer, I opened a support ticket to ask them when they will provide an update for the plugin and their response was:

    “We have looked into this with our Product and Engineering teams, and have confirmed that we are no longer maintaining this plugin. It was made to be open-source a few years ago to re-focus development efforts on other projects.”

    Which is very disappointing considering a Cross-Site Scripting (XSS) vulnerability was reported on May 15, 2023 for this last version 3.2.5 – https://www.cve.org/CVERecord?id=CVE-2023-23654

    Guess it’s time to move to MailGun, which has a fully supported WordPress plugin – https://www.ads-software.com/plugins/mailgun/

    Its sad. especially since its around a month ago I created a pull request for the github repo https://github.com/SparkPost/wordpress-sparkpost/pull/165 which fixes one of the XSS.

    If they had merged it, we would properbly have gone though the plugin and contributed. But without anyone to merge and release the versions, it has no value.

    Thread Starter Carl Rozema

    (@carlrozemaaxcintnl)

    Hi Jesper, since it is open source now, can’t you just publish a new plugin?

    @carlrozemaaxcintnl Technically we could.
    But that would involve us taking ownership of it.

    And fixing all the XSS’ vulnerbillitites.

    We are talking about doing that, but then we will keep in our gitlab, and just mirror to github. we properbly wont bother to setup releases to wp.org.

    I will write in here, if/when we release a forked fixed version.


    We have around 100 clients running sparkpost, so making a switch away is not something we just do.
    So its fair sparkpost says their plugin is open-source, but with no one accepting contributions, its missing a major part of it.

    This is very disappointing. We use sparkpost for hundreds of clients. I contacted them via support a few months ago and this was their response:

    “We apologize for any inconvenience this may cause due to the WordPress Plugin has not been actively maintained. While the plugin itself may not be actively updated, please rest assured that the SparkPost email-sending service is fully functional and reliable.

    We recommend using the SparkPost API directly in your WordPress environment to integrate and send emails seamlessly.”

    Flint

    (@flintstoned)

    Any update on this?

    I see they updated the plugin 3 weeks ago but still not available to download.

    Flint

    (@flintstoned)

    Update: I just tested WP Mail SMTP, this has also an integration with SparkPost.

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘Who maintains the Sparkpost plugin? Is it abandoned?’ is closed to new replies.