WP-Safety

Comfort Email SMTP, Logger & Email Api Security & Risk Analysis

wordpress.org/plugins/cbxwpemaillogger

This plugin helps to send email using SMTP and Email Api. It helps to log email and displays in admin panel and more.

10 active installs v2.0.12 PHP 7.4+ WP 5.3+ Updated Jan 16, 2026
smtpwordpress-email-logwordpress-smtp
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Comfort Email SMTP, Logger & Email Api Safe to Use in 2026?

Generally Safe

Score 100/100

Comfort Email SMTP, Logger & Email Api has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

This plugin, cbxwpemaillogger v2.0.12, exhibits a mixed security posture. On the positive side, it has no recorded vulnerabilities (CVEs) and demonstrates good practices in SQL query preparation (86%) and output escaping (83%). It also correctly implements nonce and capability checks in a significant portion of its code.

However, a significant concern is the presence of 3 unprotected AJAX handlers, representing the entire attack surface exposed via AJAX. This lack of authentication on critical entry points is a major security risk, as it could allow unauthenticated users to trigger potentially sensitive actions. The use of `unserialize` is also a potential risk, although the taint analysis shows no unsanitized paths related to it in this instance.

Given the absence of known CVEs, the plugin's security history is clean, which is a positive indicator. However, the static analysis reveals inherent design flaws in how its AJAX endpoints are secured. The plugin's strengths lie in its data handling practices like prepared statements and output escaping, but these are undermined by the unprotected entry points.

Key Concerns

  • Unprotected AJAX handlers (3)
  • Dangerous function: unserialize
Vulnerabilities
None known

Comfort Email SMTP, Logger & Email Api Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Comfort Email SMTP, Logger & Email Api Code Analysis

Dangerous Functions
1
Raw SQL Queries
1
6 prepared
Unescaped Output
41
197 escaped
Nonce Checks
5
Capability Checks
20
File Operations
5
External Requests
0
Bundled Libraries
1

Dangerous Functions Found

unserializereturn unserialize( $this->attributes['email_data'] );includes\Models\SmtpLog.php:61

Bundled Libraries

Select2

SQL Query Safety

86% prepared7 total queries

Output Escaping

83% escaped238 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
download_attachment (includes\ComfortSmtpPublic.php:74)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

Comfort Email SMTP, Logger & Email Api Attack Surface

Entry Points3
Unprotected3

AJAX Handlers 3

authwp_ajax_comfortsmtp_add_new_fieldincludes\ComfortSmtpHooks.php:92
authwp_ajax_comfortsmtp_settings_reset_loadincludes\ComfortSmtpHooks.php:100
authwp_ajax_comfortsmtp_settings_resetincludes\ComfortSmtpHooks.php:101
WordPress Hooks 29
actionadmin_noticesincludes\ComfortSmtp.php:43
filterscript_loader_tagincludes\ComfortSmtpHooks.php:39
actionrest_api_initincludes\ComfortSmtpHooks.php:41
actioninitincludes\ComfortSmtpHooks.php:42
filterrobots_txtincludes\ComfortSmtpHooks.php:43
actionadmin_menuincludes\ComfortSmtpHooks.php:53
actionadmin_initincludes\ComfortSmtpHooks.php:54
actionadmin_enqueue_scriptsincludes\ComfortSmtpHooks.php:56
actionadmin_enqueue_scriptsincludes\ComfortSmtpHooks.php:57
filterwp_mailincludes\ComfortSmtpHooks.php:59
actionwp_mail_failedincludes\ComfortSmtpHooks.php:60
actionbp_send_email_failureincludes\ComfortSmtpHooks.php:61
filterwp_mail_fromincludes\ComfortSmtpHooks.php:64
filterwp_mail_from_nameincludes\ComfortSmtpHooks.php:65
filterphpmailer_initincludes\ComfortSmtpHooks.php:66
filterbp_phpmailer_initincludes\ComfortSmtpHooks.php:67
actioncomfortsmtp_log_delete_afterincludes\ComfortSmtpHooks.php:70
actioncbxwpemaillogger_daily_eventincludes\ComfortSmtpHooks.php:73
actionplugins_loadedincludes\ComfortSmtpHooks.php:81
actionadmin_noticesincludes\ComfortSmtpHooks.php:82
filterplugin_row_metaincludes\ComfortSmtpHooks.php:84
actionwp_dashboard_setupincludes\ComfortSmtpHooks.php:89
actionadmin_menuincludes\ComfortSmtpHooks.php:97
actionadmin_initincludes\ComfortSmtpHooks.php:98
actioncomfortsmtp_before_vuejs_mount_afterincludes\ComfortSmtpHooks.php:102
actiontemplate_redirectincludes\ComfortSmtpHooks.php:111
actiontemplate_redirectincludes\ComfortSmtpHooks.php:112
actionafter_plugin_row_cbxwpemailloggerpro/cbxwpemailloggerpro.phpincludes\ComfortSmtpHooks.php:121
filterwp_mail_content_typeincludes\Controllers\LogController.php:513

Scheduled Events 1

cbxwpemaillogger_daily_event
Maintenance & Trust

Comfort Email SMTP, Logger & Email Api Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 16, 2026
PHP min version7.4
Downloads4K

Community Trust

Rating100/100
Number of ratings2
Active installs10
Alternatives

Comfort Email SMTP, Logger & Email Api Alternatives

GoSMTP – SMTP for WordPress

GoSMTP – SMTP for WordPress

gosmtp

A
100

Send emails from your WordPress site using your preferred SMTP provider like Gmail, Outlook, AWS, Zoho, SMTP.com, Brevo (formerly Sendinblue), Mailgun …

500K No CVEs
Solid Mail – SMTP email and logging made by SolidWP

Solid Mail – SMTP email and logging made by SolidWP

wp-smtp

A
95

Email deliverability made SOLID. Connect to your chosen email provider with an intuitive set-it-and-forget-it SMTP plugin.

70K 2 CVEs
WP SMTP Mailer – SMTP7

WP SMTP Mailer – SMTP7

wp-mail-smtp-mailer

A
100

WP SMTP Mailer Plugin - SMTP7. Make email delivery easy from WordPress. It is easy to configure.

9K No CVEs
SMTP for Amazon SES – YaySMTP

SMTP for Amazon SES – YaySMTP

smtp-amazon-ses

A
94

Send WordPress emails through Amazon SES server using YaySMTP

3K 3 CVEs
SMTP for SendGrid – YaySMTP

SMTP for SendGrid – YaySMTP

smtp-sendgrid

A
97

Send emails from WordPress through SendGrid using SMTP by YayCommerce

1K 2 CVEs
Developer Profile

Comfort Email SMTP, Logger & Email Api Developer Profile

Sabuj Kundu

9 plugins · 3K total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
204 days
View full developer profile
Detection Fingerprints

How We Detect Comfort Email SMTP, Logger & Email Api

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/cbxwpemaillogger/assets/css/comfortsmtp-admin.css/wp-content/plugins/cbxwpemaillogger/assets/js/comfortsmtp-admin.js
Script Paths
/wp-content/plugins/cbxwpemaillogger/assets/js/comfortsmtp-admin.js
Version Parameters
cbxwpemaillogger/assets/css/comfortsmtp-admin.css?ver=cbxwpemaillogger/assets/js/comfortsmtp-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
comfortsmtp-admin-wrapcomfortsmtp-wrap
HTML Comments
<!-- END MAIN CONTENT --><!-- MAIN CONTENT -->
Data Attributes
data-cbx-noncedata-cbx-ajax-urldata-cbx-settings-page
JS Globals
comfortsmtp_admin_params
REST Endpoints
/wp-json/comfortsmtp/v1/email/test
FAQ

Frequently Asked Questions about Comfort Email SMTP, Logger & Email Api