WP-Safety

Custom SMTP: Email Deliverability – FREE & Easy-to-use Security & Risk Analysis

wordpress.org/plugins/custom-smtp

Effortlessly configure WordPress SMTP and monitor all sent emails. Built-in email logging with preview, error debugging, and WooCommerce support.

90 active installs v2.1.0 PHP 7.4+ WP 6.0+ Updated Feb 4, 2026
emailemail-logmail-logsmtpwoocommerce-email
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Custom SMTP: Email Deliverability – FREE & Easy-to-use Safe to Use in 2026?

Generally Safe

Score 100/100

Custom SMTP: Email Deliverability – FREE & Easy-to-use has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The 'custom-smtp' plugin v2.1.0 exhibits a generally good security posture, with no known past vulnerabilities and a strong emphasis on protective measures in its code. The plugin implements nonce checks and capability checks on all its identified entry points, including AJAX handlers. The SQL query usage is also promising, with a high percentage utilizing prepared statements, mitigating risks of SQL injection. File operations are present but limited to one instance, and external HTTP requests are absent, further reducing the attack surface. However, the taint analysis reveals two flows with unsanitized paths, both flagged with high severity. While these might not have led to critical vulnerabilities, they represent a significant concern as they indicate potential for data manipulation or unintended execution if exploited. The lack of past CVEs is a positive indicator of mature development, but the presence of high-severity taint flows in the current analysis suggests that the plugin is not entirely risk-free and requires careful scrutiny of these specific code paths.

Key Concerns

  • High severity taint flow with unsanitized paths
  • High severity taint flow with unsanitized paths
  • 29% of SQL queries not using prepared statements
  • 29% of output escaping not properly handled
Vulnerabilities
None known

Custom SMTP: Email Deliverability – FREE & Easy-to-use Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Custom SMTP: Email Deliverability – FREE & Easy-to-use Code Analysis

Dangerous Functions
0
Raw SQL Queries
3
10 prepared
Unescaped Output
39
97 escaped
Nonce Checks
7
Capability Checks
8
File Operations
1
External Requests
0
Bundled Libraries
0

SQL Query Safety

77% prepared13 total queries

Output Escaping

71% escaped136 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
ajax_get_log_preview (src\Admin\AdminPage.php:540)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Custom SMTP: Email Deliverability – FREE & Easy-to-use Attack Surface

Entry Points7
Unprotected0

AJAX Handlers 7

authwp_ajax_send_test_emailincludes\smtp\test-email.php:2
authwp_ajax_test_smtp_connectionincludes\smtp\test-email.php:3
authwp_ajax_custom_smtp_test_connectionsrc\Admin\AdminPage.php:53
authwp_ajax_custom_smtp_send_test_emailsrc\Admin\AdminPage.php:54
authwp_ajax_custom_smtp_export_logssrc\Admin\AdminPage.php:55
authwp_ajax_custom_smtp_delete_logsrc\Admin\AdminPage.php:56
authwp_ajax_custom_smtp_get_log_previewsrc\Admin\AdminPage.php:57
WordPress Hooks 22
actionplugins_loadedcustom-smtp.php:31
filteradmin_footer_textincludes\admin\FooterMessage.php:19
actionadmin_enqueue_scriptsincludes\admin\load-assets.php:7
actionadmin_enqueue_scriptsincludes\admin\load-assets.php:14
actionadmin_menuincludes\admin\menu.php:2
actionadmin_noticesincludes\admin\notices.php:23
actionadmin_initincludes\admin\settings.php:3
filterwp_mail_fromincludes\smtp\smtp.php:6
filterwp_mail_from_nameincludes\smtp\smtp.php:18
actionphpmailer_initincludes\smtp\smtp.php:30
actionadmin_menusrc\Admin\AdminPage.php:47
actionadmin_menusrc\Admin\AdminPage.php:48
actionadmin_initsrc\Admin\AdminPage.php:49
actionadmin_enqueue_scriptssrc\Admin\AdminPage.php:50
filterwp_mailsrc\Log\Logger.php:50
actionwp_mail_succeededsrc\Log\Logger.php:53
actionwp_mail_failedsrc\Log\Logger.php:54
actioncustom_smtp_purge_logssrc\Log\Logger.php:60
filterwp_mail_fromsrc\Mail\Mailer.php:37
filterwp_mail_from_namesrc\Mail\Mailer.php:38
actionphpmailer_initsrc\Mail\Mailer.php:39
actionplugins_loadedsrc\Plugin.php:78

Scheduled Events 1

custom_smtp_purge_logs
Maintenance & Trust

Custom SMTP: Email Deliverability – FREE & Easy-to-use Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 4, 2026
PHP min version7.4
Downloads3K

Community Trust

Rating100/100
Number of ratings1
Active installs90
Alternatives

Custom SMTP: Email Deliverability – FREE & Easy-to-use Alternatives

WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin

WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin

wp-mail-smtp

A
99

Make email delivery easy for WordPress. Connect with SMTP, Gmail, Outlook, SendGrid, Mailgun, SES, Zoho, + more. Rated #1 WordPress SMTP Email plugin.

4.0M 2 CVEs
Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more

Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more

easy-wp-smtp

A
91

Make SMTP email sending and delivery easy. Configure Gmail, Outlook, Brevo, SendGrid, Mailgun, SendLayer or connect to any SMTP server.

500K 8 CVEs
Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App

Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App

post-smtp

B
76

Improve WordPress email deliverability. Connect Gmail SMTP, Microsoft 365, Brevo, SendGrid, Mailgun, Zoho, Amazon SES, etc. #1 WordPress SMTP Plugin.

400K 21 CVEs
WP Mail Logging

WP Mail Logging

wp-mail-logging

A
89

Log, view, and resend all emails sent from your WordPress site. Great for resolving email sending issues or keeping a copy for auditing.

300K 6 CVEs
Site Mailer – SMTP Replacement, Email API Deliverability & Email Log

Site Mailer – SMTP Replacement, Email API Deliverability & Email Log

site-mailer

A
98

Effortlessly manage transactional emails with Site Mailer. High deliverability, logs and statistics, and no SMTP plugins needed.

200K 1 CVE
Developer Profile

Custom SMTP: Email Deliverability – FREE & Easy-to-use Developer Profile

Nicolas Verlhiac

1 plugin · 90 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Custom SMTP: Email Deliverability – FREE & Easy-to-use

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/custom-smtp/assets/css/custom-smtp.min.css/wp-content/plugins/custom-smtp/assets/js/custom-smtp.min.js
Script Paths
/wp-content/plugins/custom-smtp/assets/js/custom-smtp.min.js
Version Parameters
custom-smtp/assets/css/custom-smtp.min.css?ver=custom-smtp/assets/js/custom-smtp.min.js?ver=

HTML / DOM Fingerprints

JS Globals
custom_smtp
REST Endpoints
/wp-json/custom-smtp/v1/test-connection/wp-json/custom-smtp/v1/send-test-email/wp-json/custom-smtp/v1/export-logs/wp-json/custom-smtp/v1/delete-log/wp-json/custom-smtp/v1/get-log-preview
FAQ

Frequently Asked Questions about Custom SMTP: Email Deliverability – FREE & Easy-to-use