I like WP-Email Capture in the sidebar for newsletter subscription. I also want to put it in the body of the page as well. Since there is no shortcode for this, I simply copy and pasted the HTML output from the one in the sidebar, and pasted it in the HTML editor of the page I want. The form seems to work fine this way. I just want to know if there is any security risk (i.e. - email injection or SQL injection)??
I was told,
If the plugin is inserting the form into a database then you should check to ensure that the values submitted in the form are escaped before being processed
but this is a little over my head. how does one know/check if the values are being escaped?