DMARCREPORT Domain Auth Checker Security & Risk Analysis
wordpress.org/plugins/dmarcreport-domain-auth-checkerCheck SPF, DMARC, BIMI, MTA-STS and TLS-RPT records for any domain. Embed email authentication checkers with a shortcode.
Is DMARCREPORT Domain Auth Checker Safe to Use in 2026?
Generally Safe
Score 100/100DMARCREPORT Domain Auth Checker has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The 'dmarcreport-domain-auth-checker' plugin v1.7.2 exhibits a concerning security posture due to a significant number of unprotected entry points, particularly within its REST API routes. While the plugin demonstrates good practices by utilizing prepared statements for all SQL queries and properly escaping all its output, the lack of permission callbacks on five REST API routes creates a substantial attack surface. This means that any user, regardless of their role or capabilities, could potentially interact with these API endpoints, leading to unintended consequences or information disclosure. The absence of nonce checks on AJAX handlers, though there are none recorded, further contributes to this concern, as it represents a potential avenue for CSRF attacks if AJAX functionality were to be introduced or expanded without proper security measures. The plugin's vulnerability history is clean, with no recorded CVEs, which is a positive indicator of its past security, but this should not overshadow the immediate risks identified in the current code analysis.
Key Concerns
- 5 REST API routes without permission callbacks
- 0 Nonce checks on AJAX handlers
DMARCREPORT Domain Auth Checker Security Vulnerabilities
DMARCREPORT Domain Auth Checker Code Analysis
Output Escaping
DMARCREPORT Domain Auth Checker Attack Surface
REST API Routes 5
Shortcodes 1
WordPress Hooks 4
Maintenance & Trust
DMARCREPORT Domain Auth Checker Maintenance & Trust
Maintenance Signals
Community Trust
DMARCREPORT Domain Auth Checker Alternatives
Deliverability – pass DKIM, SPF, DMARC & more
deliverability
Check and improve your Email Deliverability. Pass DMARC by DKIM-signing your emails without an external SMTP. Comply with Google & Yahoo requirements!
Mailsure
mailsure
Test email sending, SPF, DKIM & DMARC
RFS Email Verification for Gravity Forms
rfs-email-verification-for-gravity-forms
OTP (One Time Password) Email Verification for Gravity Forms. Verify or authenticate your users. It’s also great way to avoid spam.
OLS 2FA
ols-2fa
OLS 2FA is a lightweight plugin that enhances your website's security by adding email two-factor authentication (2FA).
Password Less Login
password-less-login
A powerful and easy-to-use WordPress plugin for passwordless and OTP-based login.
DMARCREPORT Domain Auth Checker Developer Profile
1 plugin · 0 total installs
How We Detect DMARCREPORT Domain Auth Checker
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/dmarcreport-domain-auth-checker/dist/js/app.js/wp-content/plugins/dmarcreport-domain-auth-checker/dist/css/app.css/wp-content/plugins/dmarcreport-domain-auth-checker/dist/js/app.js/wp-content/plugins/dmarcreport-domain-auth-checker/dist/js/app.js?ver=/wp-content/plugins/dmarcreport-domain-auth-checker/dist/css/app.css?ver=HTML / DOM Fingerprints
data-typedrdauthcConfig/wp-json/dmarcreport-domain-auth-checker/v1/spf/analyze/wp-json/dmarcreport-domain-auth-checker/v1/dmarc/analyze/wp-json/dmarcreport-domain-auth-checker/v1/tlsrpt/analyze/wp-json/dmarcreport-domain-auth-checker/v1/bimi/analyze/wp-json/dmarcreport-domain-auth-checker/v1/mta-sts/analyze<div id="dmarcreport-domain-auth-checker-app"