Does BCC All Emails have any unpatched vulnerabilities?

No. All known vulnerabilities in BCC All Emails have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is BCC All Emails compatible with WordPress 6.4.8?

According to WordPress.org data, BCC All Emails 1.1.1 has been tested up to WordPress 6.4.8. Check the plugin's changelog for the latest compatibility information.

Is BCC All Emails compatible with PHP 7.4+?

BCC All Emails requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is BCC All Emails updated?

BCC All Emails was last updated on Nov 30, 2023. Frequent updates are generally a positive security signal.

What is BCC All Emails's security score?

BCC All Emails has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

BCC All Emails Security & Risk Analysis

wordpress.org/plugins/bcc-all-emails

A quick plugin to create an audit trail of emails sent from your site to another email address.

100 active installs v1.1.1 PHP 7.4+ WP 5.2+ Updated Nov 30, 2023

auditbccemails

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is BCC All Emails Safe to Use in 2026?

Generally Safe

Score 85/100

BCC All Emails has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The "bcc-all-emails" v1.1.1 plugin exhibits a strong security posture based on the provided static analysis. The absence of dangerous functions, proper usage of prepared statements for SQL queries, and complete output escaping indicate that developers have followed good coding practices to prevent common vulnerabilities. Furthermore, the plugin has no recorded CVEs, suggesting a history of responsible development and maintenance.

However, the analysis does highlight a critical absence of security checks. Specifically, the lack of nonce checks and capability checks across all identified entry points (even though there are none in this version) is a significant concern. While there are currently no direct vulnerabilities identified, this oversight creates a potential weakness. If future versions introduce any entry points, they would be exposed to attacks like Cross-Site Request Forgery (CSRF) or unauthorized access without proper authorization mechanisms in place. The plugin's current minimal attack surface is a strength, but the underlying lack of authorization implementation represents a latent risk.

In conclusion, while "bcc-all-emails" v1.1.1 appears secure in its current iteration due to the absence of exploitable code patterns and a clean vulnerability history, the lack of any authorization checks is a concerning omission. It's a well-coded plugin in terms of data handling and output, but it relies on an absence of attack vectors rather than proactive defense against them.

Key Concerns

No nonce checks on entry points
No capability checks on entry points

Vulnerabilities

None known

BCC All Emails Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

BCC All Emails Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

5 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped5 total outputs

Attack Surface

BCC All Emails Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 4

actioninitbcc-emails.php:120

actionadmin_initbcc-emails.php:121

filterplugin_row_metabcc-emails.php:122

filterwp_mailbcc-emails.php:126

Maintenance & Trust

BCC All Emails Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8

Last updatedNov 30, 2023

PHP min version7.4

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs100

Alternatives

BCC All Emails Alternatives

WC Multiple Email Recipients

wc-multiple-email-recipients

This plugin lets you add up to five additional email addresses to be used with WooCommerce notification mails.

4K No CVEs

Multiple email recipient for woo orders

multiple-email-recipient-woocommerce-orders

"Multiple email recipient for woo orders" helps Customer to add additional email address that can be used as extra email recipient for WooCo …

10 No CVEs

MailPoet – Newsletters, Email Marketing, and Automation

mailpoet

Send beautiful newsletters from WordPress. Collect subscribers with signup forms, automate your emails for WooCommerce, blog post notifications & more

500K 3 CVEs

Simple History – Track, Log, and Audit WordPress Changes

simple-history

Track changes and user activities on your WordPress site. See who created a page, uploaded an attachment, and more, for a complete audit trail.

300K 4 CVEs

Activity Log – Monitor & Record User Changes

aryo-activity-log

This top rated Activity Log plugin helps you monitor & log all changes and actions on your WordPress site, so you can remain secure and organized.

200K 9 CVEs

Developer Profile

BCC All Emails Developer Profile

wphelpdeskuk

4 plugins · 540 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect BCC All Emails

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/bcc-all-emails/assets/

HTML / DOM Fingerprints

FAQ