WP-Safety

Check & Log Email – Easy Email Testing & Mail logging Security & Risk Analysis

wordpress.org/plugins/check-email

Check & Log email allows you to test if your website is correctly sending emails . Overriding of email headers and carbon copying to another address.

100K active installs v2.0.13.2 PHP 5.6+ WP 5.0+ Updated Apr 13, 2026
emailemail-loglogloggingsmtp
89
A · Safe
CVEs total6
Unpatched0
Last CVEApr 28, 2026
Plugin page Download
Safety Verdict

Is Check & Log Email – Easy Email Testing & Mail logging Safe to Use in 2026?

Generally Safe

Score 89/100

Check & Log Email – Easy Email Testing & Mail logging has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

6 known CVEsLast CVE: Apr 28, 2026Updated 1mo ago
Risk Assessment

The "check-email" plugin v2.0.12 exhibits a mixed security posture. While it demonstrates good practices in its use of prepared statements for SQL queries and proper output escaping, suggesting a general effort towards secure coding, several concerning areas warrant attention. The presence of 2 AJAX handlers without authentication checks is a significant risk, potentially allowing unauthorized actions. Furthermore, taint analysis revealed 2 high-severity flows with unsanitized paths, indicating potential vulnerabilities that could be exploited.

The plugin's vulnerability history, with 5 known CVEs including 2 high and 3 medium severity, is a significant red flag. The common vulnerability types (Code Injection, SQL Injection, XSS) found in its past, coupled with the recent discovery of vulnerabilities (last one on 2024-03-25), suggest a recurring pattern of security weaknesses that attackers have successfully exploited. While there are currently no unpatched CVEs, the historical trend implies a persistent need for vigilance and rigorous security testing.

In conclusion, the "check-email" plugin has strengths in its data handling and output sanitization but suffers from critical weaknesses in access control for its AJAX endpoints and has a concerning track record of vulnerabilities. The identified taint flows and past CVEs highlight a need for deeper code auditing and a robust patch management process to mitigate the risks.

Key Concerns

  • AJAX handlers without auth checks
  • High severity taint flows
  • Total known CVEs (5)
  • High severity CVEs (2)
  • Medium severity CVEs (3)
  • Flows with unsanitized paths
Vulnerabilities
6 published

Check & Log Email – Easy Email Testing & Mail logging Security Vulnerabilities

CVEs by Year

1 CVE in 2016
2016
2 CVEs in 2021
2021
1 CVE in 2022
2022
1 CVE in 2024
2024
1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

High
3
Medium
3

6 total CVEs

CVE-2026-5306high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Check & Log Email – Easy Email Testing & Mail logging < 2.0.13 - Unauthenticated Stored Cross-Site Scripting

Apr 28, 2026 Patched in 2.0.13 (3d)
CVE-2024-0866high · 8.1Improper Control of Generation of Code ('Code Injection')

Check & Log Email <= 1.0.9 - Unauthenticated Hook Injection

Mar 25, 2024 Patched in 1.0.10 (1d)
CVE-2022-1547medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Check & Log email <= 1.0.5 - Reflected Cross-Site Scripting

May 2, 2022 Patched in 1.0.6 (631d)
CVE-2021-24908medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Check & Log Email <= 1.0.3 - Reflected Cross-Site Scripting

Nov 1, 2021 Patched in 1.0.4 (813d)
CVE-2021-24774high · 7.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Check & Log Email <= 1.0.2 - Admin+ SQL Injection via Order and OrderBy parameters

Sep 27, 2021 Patched in 1.0.3 (848d)
CVE-2016-10934medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Check & Log Email <= 0.5.1 - Reflected Cross-Site Scripting

Nov 12, 2016 Patched in 0.5.2 (2628d)
Version History

Check & Log Email – Easy Email Testing & Mail logging Release Timeline

v2.0.13.2Current
v2.0.13.1
v2.0.1311 files changed
v2.0.121 CVE29 files changed
CVE-2026-5306
v2.0.111 CVE10 files changed
CVE-2026-5306
v2.0.101 CVE402 files changed
CVE-2026-5306
v2.0.91 CVE11 files changed
CVE-2026-5306
v2.0.81 CVE8 files changed
CVE-2026-5306
v2.0.71 CVE397 files changed
CVE-2026-5306
v2.0.61 CVE8 files changed
CVE-2026-5306
v2.0.5.11 CVE4 files changed
CVE-2026-5306
v2.0.51 CVE191 files changed
CVE-2026-5306
v2.0.41 CVE194 files changed
CVE-2026-5306
v2.0.31 CVE215 files changed
CVE-2026-5306
v2.0.21 CVE221 files changed
CVE-2026-5306
v2.0.11 CVE11 files changed
CVE-2026-5306
v2.01 CVE56 files changed
CVE-2026-5306
v1.0.13.11 CVE4 files changed
CVE-2026-5306
v1.0.131 CVE18 files changed
CVE-2026-5306
v1.0.12.11 CVE5 files changed
CVE-2026-5306
Code Analysis
Analyzed Mar 16, 2026

Check & Log Email – Easy Email Testing & Mail logging Code Analysis

Dangerous Functions
0
Raw SQL Queries
7
70 prepared
Unescaped Output
115
755 escaped
Nonce Checks
27
Capability Checks
25
File Operations
2
External Requests
9
Bundled Libraries
1

Bundled Libraries

Guzzle

SQL Query Safety

91% prepared77 total queries

Output Escaping

87% escaped870 total outputs
Data Flows · Security
6 unsanitized

Data Flow Analysis

22 flows6 with unsanitized paths
search_box (include\Core\UI\list_table\Check_Email_Error_Tracker.php:202)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Check & Log Email – Easy Email Testing & Mail logging Attack Surface

Entry Points22
Unprotected2

AJAX Handlers 21

authwp_ajax_check_email_remove_outlookinclude\Check_Email_SMTP_Tab.php:18
authwp_ajax_ck_mail_subscribe_to_news_letterinclude\class-check-email-newsletter.php:20
authwp_ajax_ck_mail_export_logsinclude\Core\Check_Email_Export_Log.php:17
authwp_ajax_ck_email_export_filter_popupinclude\Core\Check_Email_Export_Log.php:18
authwp_ajax_epsilon_check-email_reviewinclude\Core\Check_Email_Review.php:30
authwp_ajax_check-email-log-list-view-messageinclude\Core\Request\Check_Email_Log_List_Action.php:12
authwp_ajax_check-email-error-tracker-detailinclude\Core\Request\Check_Email_Log_List_Action.php:13
authwp_ajax_check-email-log-list-view-resend-messageinclude\Core\Request\Check_Email_Log_List_Action.php:14
authwp_ajax_check_mail_resend_submitinclude\Core\Request\Check_Email_Log_List_Action.php:15
authwp_ajax_check_mail_import_plugin_datainclude\Core\Request\Check_Email_Log_List_Action.php:16
authwp_ajax_oneclick_smtp_installinclude\Core\UI\Page\Check_Email_Settings_Page.php:17
authwp_ajax_oneclick_smtp_activateinclude\Core\UI\Page\Check_Email_Settings_Page.php:18
authwp_ajax_ce_send_query_messageinclude\Core\UI\Page\Check_Email_Settings_Page.php:19
authwp_ajax_check_mail_save_wizard_datainclude\Core\UI\Page\Check_Email_Wizard_Page.php:26
authwp_ajax_ck_mail_send_feedbackinclude\helper-function.php:116
authwp_ajax_ck_mail_subscribe_newsletterinclude\helper-function.php:143
authwp_ajax_update_network_settingsinclude\helper-function.php:603
authwp_ajax_check_dnsinclude\helper-function.php:665
authwp_ajax_check_email_analyzeinclude\helper-function.php:807
authwp_ajax_checkmail_save_admin_fcm_tokeninclude\helper-function.php:809
authwp_ajax_get_email_analyticsinclude\helper-function.php:1318

Shortcodes 1

[checkmail-encode] include\helper-function.php:942
WordPress Hooks 83
actionadmin_noticescheck-email.php:67
actionadmin_initcheck-email.php:78
filtercheck_mail_pro_upgrade_bannercheck-email.php:85
actionplugins_loadedcheck-email.php:192
actioninitinclude\Check_Email_Encode_Tab.php:17
actioncheck_mail_email_encodeinclude\Check_Email_Encode_Tab.php:26
actionadmin_initinclude\Check_Email_Encode_Tab.php:27
actioninitinclude\Check_Email_Notify_Tab.php:20
actionadmin_enqueue_scriptsinclude\Check_Email_Notify_Tab.php:21
actionwp_mail_failedinclude\Check_Email_Notify_Tab.php:22
actioncheck_mail_email_notifyinclude\Check_Email_Notify_Tab.php:78
actionadmin_initinclude\Check_Email_Notify_Tab.php:79
actioninitinclude\Check_Email_Notify_Tab.php:82
actioncheck_mail_smtp_forminclude\Check_Email_SMTP_Tab.php:16
actionadmin_initinclude\Check_Email_SMTP_Tab.php:17
actionphpmailer_initinclude\Check_Email_SMTP_Tab.php:21
actioncheck_mail_smtp_admin_updateinclude\Check_Email_SMTP_Tab.php:22
actionadmin_noticesinclude\Check_Email_SMTP_Tab.php:23
actionadmin_noticesinclude\Check_Email_SMTP_Tab.php:94
filterck_mail_localize_filterinclude\class-check-email-newsletter.php:18
actionadmin_enqueue_scriptsinclude\class-check-email-newsletter.php:19
filteruser_has_capinclude\Core\Check_Email_Admin_Capability_Giver.php:10
filterwp_mailinclude\Core\Check_Email_From_Handler.php:22
filterwp_mail_frominclude\Core\Check_Email_From_Handler.php:23
filterwp_mail_from_nameinclude\Core\Check_Email_From_Handler.php:24
filterwp_mailinclude\Core\Check_Email_Logger.php:10
actionwp_mail_failedinclude\Core\Check_Email_Logger.php:11
actionbp_send_email_successinclude\Core\Check_Email_Logger.php:17
actionbp_send_email_failureinclude\Core\Check_Email_Logger.php:18
actioninitinclude\Core\Check_Email_Multisite.php:11
actioninitinclude\Core\Check_Email_Multisite.php:12
actionnetwork_admin_menuinclude\Core\Check_Email_Multisite.php:20
actionadmin_enqueue_scriptsinclude\Core\Check_Email_Multisite.php:21
actioninitinclude\Core\Check_Email_Review.php:17
actionadmin_noticesinclude\Core\Check_Email_Review.php:29
actionadmin_enqueue_scriptsinclude\Core\Check_Email_Review.php:31
actionadmin_print_footer_scriptsinclude\Core\Check_Email_Review.php:32
actionwpmu_new_bloginclude\Core\DB\Check_Email_Table_Manager.php:30
filterwpmu_drop_tablesinclude\Core\DB\Check_Email_Table_Manager.php:32
filteradmin_initinclude\Core\DB\Check_Email_Table_Manager.php:34
filteradmin_initinclude\Core\DB\Check_Email_Table_Manager.php:35
actionadmin_initinclude\Core\DB\Check_Email_Table_Manager.php:39
actioncheck_mail_cron_hookinclude\Core\DB\Check_Email_Table_Manager.php:40
actioncheck-email-log-list-deleteinclude\Core\Request\Check_Email_Log_List_Action.php:18
actioncheck-email-log-list-delete-allinclude\Core\Request\Check_Email_Log_List_Action.php:19
actioncheck-email-error-tracker-deleteinclude\Core\Request\Check_Email_Log_List_Action.php:20
actioncheck-email-error-tracker-delete-allinclude\Core\Request\Check_Email_Log_List_Action.php:21
actioncheck-email-log-list-manage-user-roles-changedinclude\Core\Request\Check_Email_Log_List_Action.php:22
actionadmin_initinclude\Core\Request\Check_Email_Log_List_Action.php:23
actionadmin_initinclude\Core\Request\Check_Email_Nonce_Checker.php:14
actionadmin_initinclude\Core\Request\Check_Email_Override_PluginAPI.php:16
filterplugins_api_resultinclude\Core\Request\Check_Email_Override_PluginAPI.php:18
actionwp_dashboard_setupinclude\Core\UI\Component\Check_Email_Dashboard_Widget.php:9
actionadmin_enqueue_scriptsinclude\Core\UI\Page\Check_Email_Analyzer.php:25
actioninitinclude\Core\UI\Page\Check_Email_Analyzer.php:26
actionadmin_headinclude\Core\UI\Page\Check_Email_Analyzer.php:27
actionadmin_menuinclude\Core\UI\Page\Check_Email_BasePage.php:40
actionadmin_enqueue_scriptsinclude\Core\UI\Page\Check_Email_Dashboard.php:27
filterset-screen-optioninclude\Core\UI\Page\Check_Email_Error_Tracker_list.php:33
actionadmin_enqueue_scriptsinclude\Core\UI\Page\Check_Email_Error_Tracker_list.php:35
filterset-screen-optioninclude\Core\UI\Page\Check_Email_Log_List_Page.php:23
actionadmin_enqueue_scriptsinclude\Core\UI\Page\Check_Email_Log_List_Page.php:25
actioninitinclude\Core\UI\Page\Check_Email_Settings_Page.php:8
actionadmin_initinclude\Core\UI\Page\Check_Email_Settings_Page.php:16
actionadmin_noticesinclude\Core\UI\Page\Check_Email_Settings_Page.php:738
actionadmin_enqueue_scriptsinclude\Core\UI\Page\Check_Email_Status_Page.php:28
actionadmin_enqueue_scriptsinclude\Core\UI\Page\Check_Email_Wizard_Page.php:25
filtercheck_email_setting_sectionsinclude\Core\UI\Setting\Check_Email_Core_Setting.php:89
actioncheck_email_log_insertedinclude\Core\UI\Setting\Check_Email_Core_Setting.php:94
actioncheck_email_trigger_notify_email_when_log_threshold_metinclude\Core\UI\Setting\Check_Email_Core_Setting.php:95
actionadmin_noticesinclude\Core\UI\Setting\Check_Email_Core_Setting.php:407
filtercheck_email_setting_sectionsinclude\Core\UI\Setting\Check_Email_Setting.php:23
actionadmin_enqueue_scriptsinclude\Core\UI\Setting\Check_Email_Tools_Tab.php:13
filteradmin_footerinclude\helper-function.php:44
actionadmin_enqueue_scriptsinclude\helper-function.php:140
actionwpinclude\helper-function.php:935
actioninitinclude\helper-function.php:938
actionwp_enqueue_scriptsinclude\helper-function.php:1101
actioninitinclude\helper-function.php:1172
actionwp_dashboard_setupinclude\helper-function.php:1240
actionadmin_enqueue_scriptsinclude\helper-function.php:1261
actionwpmu_new_bloginclude\install.php:74
filterwpmu_drop_tablesinclude\install.php:77

Scheduled Events 1

check_mail_cron_hook
Maintenance & Trust

Check & Log Email – Easy Email Testing & Mail logging Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 13, 2026
PHP min version5.6
Downloads2.7M

Community Trust

Rating96/100
Number of ratings285
Active installs100K
Alternatives

Check & Log Email – Easy Email Testing & Mail logging Alternatives

Mail via Resend

Mail via Resend

mail-via-resend

A
100

Send WordPress emails via Resend. Includes email logging and management.

0 No CVEs
Ninja Test Email

Ninja Test Email

ninja-test-email

A
100

Test your WordPress email configuration with detailed logging, statistics, and a modern React-powered interface.

0 No CVEs
WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin

WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin

wp-mail-smtp

A
99

Make email delivery easy for WordPress. Connect with SMTP, Gmail, Outlook, SendGrid, Mailgun, SES, Zoho, + more. Rated #1 WordPress SMTP Email plugin.

4.0M 2 CVEs
Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more

Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more

easy-wp-smtp

A
91

Make SMTP email sending and delivery easy. Configure Gmail, Outlook, Brevo, SendGrid, Mailgun, SendLayer or connect to any SMTP server.

500K 8 CVEs
Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App

Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App

post-smtp

B
76

Improve WordPress email deliverability. Connect Gmail SMTP, Microsoft 365, Brevo, SendGrid, Mailgun, Zoho, Amazon SES, etc. #1 WordPress SMTP Plugin.

400K 23 CVEs
Developer Profile

Check & Log Email – Easy Email Testing & Mail logging Developer Profile

checkemail

1 plugin · 100K total installs

71
trust score
Avg Security Score
89/100
Avg Patch Time
821 days
View full developer profile
Detection Fingerprints

How We Detect Check & Log Email – Easy Email Testing & Mail logging

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/check-email/assets/css/main.css/wp-content/plugins/check-email/assets/css/vendor.css/wp-content/plugins/check-email/assets/js/bundle.js/wp-content/plugins/check-email/assets/js/main.js
Script Paths
/wp-content/plugins/check-email/assets/js/main.js/wp-content/plugins/check-email/assets/js/bundle.js
Version Parameters
check-email/assets/css/main.css?ver=check-email/assets/css/vendor.css?ver=check-email/assets/js/bundle.js?ver=check-email/assets/js/main.js?ver=

HTML / DOM Fingerprints

CSS Classes
celog-bannercelog-banner--yellowcheck-mail-premium-btncelog-banner__iconcelog-banner__bodycelog-banner__titlecelog-banner__close
HTML Comments
NOTE:Chris Taylor transferred ownership rights on: The MachoThemes ownership period started on: MachoThemes sold the plugin to WPOmnia on: +4 more
Data Attributes
data-dismiss-key
JS Globals
wpchill_check_email
FAQ

Frequently Asked Questions about Check & Log Email – Easy Email Testing & Mail logging