Does Custom Email Sender have any unpatched vulnerabilities?

No. All known vulnerabilities in Custom Email Sender have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Custom Email Sender compatible with WordPress 6.8.5?

According to WordPress.org data, Custom Email Sender 2.5.9 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is Custom Email Sender updated?

Custom Email Sender was last updated on Apr 25, 2025. Frequent updates are generally a positive security signal.

What is Custom Email Sender's security score?

Custom Email Sender has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Custom Email Sender Security & Risk Analysis

wordpress.org/plugins/custom-email-sender

Change the default email address and sender name output for all message sent from your WP dashboard.

100 active installs v2.5.9 PHP + WP 4.9+ Updated Apr 25, 2025

sender-emailsender-namewordpress-default-email-senderwordpress-sender-emailwordpress-sender-name

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Custom Email Sender Safe to Use in 2026?

Generally Safe

Score 100/100

Custom Email Sender has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11mo ago

Risk Assessment

The plugin 'custom-email-sender' v2.5.9 demonstrates a generally good security posture based on the provided static analysis. The absence of any known CVEs, critical taint flows, raw SQL queries, or exposed AJAX/REST API endpoints is a strong indicator of diligent security practices. The presence of a nonce check further reinforces this. However, a significant area of concern is the output escaping, with only 56% of outputs being properly escaped. This means a substantial portion of dynamic content displayed by the plugin could be vulnerable to Cross-Site Scripting (XSS) attacks if user-supplied data is not handled securely before being outputted to the browser. While the attack surface appears minimal, the lack of capability checks on the few entry points that *do* exist (though none are explicitly listed as unprotected in this analysis) could represent an oversight. The vulnerability history being entirely clean is a positive sign, suggesting the developers are responsive or have historically produced secure code, but the output escaping issue remains the primary actionable item for improvement.

Key Concerns

Improper output escaping (44% unescaped)

Vulnerabilities

None known

Custom Email Sender Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Custom Email Sender Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

14 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

56% escaped25 total outputs

Attack Surface

Custom Email Sender Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 7

actionplugins_loadedincludes\class-custom-email-sender-core.php:104

actionadmin_enqueue_scriptsincludes\class-custom-email-sender-core.php:118

actionadmin_enqueue_scriptsincludes\class-custom-email-sender-core.php:119

actionadmin_menuincludes\class-custom-email-sender-core.php:122

actioninitincludes\class-custom-email-sender-core.php:123

filterwp_mail_fromincludes\class-custom-email-sender-core.php:124

filterwp_mail_from_nameincludes\class-custom-email-sender-core.php:125

Maintenance & Trust

Custom Email Sender Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedApr 25, 2025

PHP min version

Downloads9K

Community Trust

Rating100/100

Number of ratings1

Active installs100

Alternatives

Custom Email Sender Alternatives

WP Change Email Sender

wp-change-email-sender

100

Easily change WordPress default mail sender name and email address

10K 1 CVE

Change Default Mail Sender Email and Name

change-mail-sender-email-and-name

Changing the mail sender name and email from the WordPress default name and email is easy.

30 No CVEs

Barbas – Default wp mail sender

barbas-default-wp-mail-sender

Simple way to change the default wordpress sender\'s name and email.

10 No CVEs

LH Personalised Content

lh-personalised-content

This plugin allows one to personalise wordpress emails, or content for a logged in user.

10 No CVEs

Wp Default Sender Email by IT Pixelz

wp-default-sender-email-by-it-pixelz

Elevate your email image: replace default sender email (e.g. wordpress@domain.com) with brand name. Customize sender & from email to avoid spam.

500 No CVEs

Developer Profile

Custom Email Sender Developer Profile

neoslab

7 plugins · 920 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Custom Email Sender

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/custom-email-sender/admin/assets/styles/fontawesome.min.css/wp-content/plugins/custom-email-sender/admin/assets/styles/custom-email-sender-admin.min.css/wp-content/plugins/custom-email-sender/admin/assets/javascripts/custom-email-sender-admin.min.js

Script Paths

assets/javascripts/custom-email-sender-admin.min.js

Version Parameters

custom-email-sender-fontawesomecustom-email-sender-dashboardcustom-email-sender-script

HTML / DOM Fingerprints

CSS Classes

wpbnd-header-pluginheader-iconheader-texttab-label

Data Attributes

data-icon

FAQ