WP-Safety

Birthday Emails Security & Risk Analysis

wordpress.org/plugins/birthday-emails

Automatically send an email to WordPress or BuddyPress users on their birthday.

300 active installs v1.2.3 PHP + WP 4.5+ Updated Dec 9, 2019
birthdayemailmembermembershipuser
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Birthday Emails Safe to Use in 2026?

Generally Safe

Score 85/100

Birthday Emails has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago
Risk Assessment

The "birthday-emails" plugin v1.2.3 presents a mixed security posture. On the positive side, it has no known historical vulnerabilities and implements nonces and capability checks for its code. The absence of dangerous functions, file operations, and external HTTP requests is also reassuring. However, the static analysis reveals several areas of concern. A significant portion of SQL queries are not using prepared statements, which could lead to SQL injection vulnerabilities if the inputs are not properly sanitized. Additionally, the taint analysis identified a flow with an unsanitized path, which is a critical risk, even if it's not classified as critical severity, as it indicates a potential for data manipulation or unauthorized access. The output escaping is also notably low, with less than half of outputs properly escaped, increasing the risk of cross-site scripting (XSS) vulnerabilities.

Key Concerns

  • Flows with unsanitized paths
  • SQL queries without prepared statements
  • Low percentage of properly escaped output
Vulnerabilities
None known

Birthday Emails Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Birthday Emails Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
6 prepared
Unescaped Output
21
18 escaped
Nonce Checks
3
Capability Checks
8
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

75% prepared8 total queries

Output Escaping

46% escaped39 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

5 flows1 with unsanitized paths
cjlbdedit_admin_action (birthday-emails.php:911)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Birthday Emails Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 15
actionplugins_loadedbirthday-emails.php:90
actioncjl_dbemail_hourly_eventbirthday-emails.php:355
actionadmin_menubirthday-emails.php:491
filterplugin_action_linksbirthday-emails.php:512
filterplugin_row_metabirthday-emails.php:530
actionadmin_initbirthday-emails.php:766
actionadmin_action_cjlbdeditbirthday-emails.php:924
actionadmin_action_cjlbdtestbirthday-emails.php:942
actionadmin_action_cjlbddohourlybirthday-emails.php:963
filteruser_contactmethodsbirthday-emails.php:987
actioninitbirthday-emails.php:1060
actioninitbirthday-emails.php:1151
actionedit_form_after_editorbirthday-emails.php:1173
actionadmin_head-post.phpbirthday-emails.php:1197
actionplugins_loadedunsubscribe.php:12

Scheduled Events 1

cjl_dbemail_hourly_event
Maintenance & Trust

Birthday Emails Maintenance & Trust

Maintenance Signals

WordPress version tested5.3.21
Last updatedDec 9, 2019
PHP min version
Downloads10K

Community Trust

Rating100/100
Number of ratings6
Active installs300
Alternatives

Birthday Emails Alternatives

Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin

Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin

ultimate-member

B
76

Membership & community plugin with user profiles, registration & login, member directories, content restriction, user roles and much more.

200K 70 CVEs
Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress

Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress

wp-user-avatar

B
76

Setup paid membership, accept payment, sell subscription & digital product, paywall, create login & registration form, user profile & member directory

100K 41 CVEs
User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder

User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder

user-registration

B
76

Build membership sites with tiered plans, content restriction, drag-&-drop custom registration & login form builder, and built-in payment system.

60K 30 CVEs
Kit (formerly ConvertKit) – Email Newsletter, Email Marketing, Membership, Subscribers and Landing Pages

Kit (formerly ConvertKit) – Email Newsletter, Email Marketing, Membership, Subscribers and Landing Pages

convertkit

A
97

Build your email subscriber lists, send email marketing newsletters, sell more products and build your membership site with Kit (formerly ConvertKit).

40K 4 CVEs
Ultimate Member – reCAPTCHA

Ultimate Member – reCAPTCHA

um-recaptcha

A
92

Stop bots on your registration & login forms with Google reCAPTCHA

20K No CVEs
Developer Profile

Birthday Emails Developer Profile

carman23

1 plugin · 300 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Birthday Emails

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/birthday-emails/css/style.css/wp-content/plugins/birthday-emails/js/birthday_emails.js
Script Paths
/wp-content/plugins/birthday-emails/js/birthday_emails.js
Version Parameters
birthday-emails/css/style.css?ver=birthday-emails/js/birthday_emails.js?ver=

HTML / DOM Fingerprints

CSS Classes
cjl_bdemail_settings_wrap
Data Attributes
data-cjl-bdemail-iddata-cjl-bdemail-date
JS Globals
cjl_bdemails_settings
FAQ

Frequently Asked Questions about Birthday Emails