WP-Safety

Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more Security & Risk Analysis

wordpress.org/plugins/easy-wp-smtp

Make SMTP email sending and delivery easy. Configure Gmail, Outlook, Brevo, SendGrid, Mailgun, SendLayer or connect to any SMTP server.

500K active installs v2.13.1 PHP 7.4+ WP 5.2+ Updated Nov 27, 2025
emailemail-logsgmailoutlooksmtp
91
A · Safe
CVEs total8
Unpatched0
Last CVEJun 12, 2024
Plugin page Download
Safety Verdict

Is Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more Safe to Use in 2026?

Generally Safe

Score 91/100

Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more has a strong security track record. Known vulnerabilities have been patched promptly.

8 known CVEsLast CVE: Jun 12, 2024Updated 4mo ago
Risk Assessment

The easy-wp-smtp plugin version 2.13.1 presents a mixed security posture. While it demonstrates good practices in areas like output escaping (98% properly escaped) and a high percentage of SQL queries using prepared statements (62%), there are significant concerns. The presence of 3 AJAX handlers without any authentication checks exposes a direct attack surface that could be exploited by unauthenticated users. Furthermore, the plugin has a history of 8 known CVEs, including one critical and three high-severity vulnerabilities, even though none are currently unpatched. This past indicates recurring security weaknesses in areas such as password storage, path traversal, code injection, deserialization, information disclosure, missing authorization, and cross-site scripting. The single unsanitized path flow in the taint analysis, though not critical or high severity, adds to the existing concerns regarding input sanitization.

Despite the lack of currently unpatched critical or high vulnerabilities and the generally good output escaping, the unprotected AJAX endpoints and the historical pattern of severe vulnerabilities warrant caution. The plugin's attack surface, while not excessively large, has a notable unprotected component. The vulnerability history suggests a tendency for security flaws to emerge, even if they are patched promptly. Users should be aware that while this version might not have immediate critical threats, the underlying code may have recurring issues that require diligent patching and monitoring. The overall assessment suggests a moderately risky plugin, with the primary immediate risk stemming from the unprotected AJAX handlers, and the historical data indicating a higher likelihood of future vulnerabilities.

Key Concerns

  • AJAX handlers without auth checks
  • Unsanitized path flow
  • History of 1 critical CVE
  • History of 3 high CVEs
Vulnerabilities
8

Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more Security Vulnerabilities

CVEs by Year

1 CVE in 2017
2017
1 CVE in 2019
2019
1 CVE in 2020
2020
4 CVEs in 2022
2022
1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Critical
1
High
3
Medium
2
Low
2

8 total CVEs

CVE-2024-3073low · 2.7Storing Passwords in a Recoverable Format

Easy WP SMTP by SendLayer <= 2.3.0 - Exposure of Sensitive Information via the UI

Jun 12, 2024 Patched in 2.3.1 (28d)
CVE-2022-45829medium · 6.5Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Easy WP SMTP <= 1.5.1 - Authenticated (Admin+) Arbitrary File Deletion

Nov 30, 2022 Patched in 1.5.2 (419d)
CVE-2022-42699high · 7.2Improper Control of Generation of Code ('Code Injection')

Easy WP SMTP <= 1.5.1 - Authenticated (Admin+) Remote Code Execution

Nov 30, 2022 Patched in 1.5.2 (419d)
CVE-2022-45833low · 2.7Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Easy WP SMTP <= 1.5.1 - Authenticated (Admin+) Directory Traversal

Nov 30, 2022 Patched in 1.5.2 (419d)
CVE-2022-3334high · 7.2Deserialization of Untrusted Data

Easy WP SMTP <= 1.4.9 - Authenticated (Administrator+) PHP Object Injection

Oct 10, 2022 Patched in 1.5.0 (470d)
CVE-2020-35234high · 8.1Insertion of Sensitive Information into Log File

Easy WP SMTP <= 1.4.2 - Sensitive Information Disclosure

Dec 7, 2020 Patched in 1.4.3 (1142d)
CVE-2019-25141critical · 9.8Missing Authorization

Easy WP SMTP <= 1.3.9 - Missing Authorization to Arbitrary Options Update

Mar 17, 2019 Patched in 1.3.9.1 (1773d)
CVE-2017-7723medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Easy WP SMTP <= 1.2.4 - Cross-Site Scripting

Apr 14, 2017 Patched in 1.2.5 (2475d)
Code Analysis
Analyzed Mar 16, 2026

Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more Code Analysis

Dangerous Functions
0
Raw SQL Queries
35
56 prepared
Unescaped Output
17
1067 escaped
Nonce Checks
29
Capability Checks
31
File Operations
10
External Requests
12
Bundled Libraries
0

SQL Query Safety

62% prepared91 total queries

Output Escaping

98% escaped1084 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

6 flows1 with unsanitized paths
search_box (src\Admin\DebugEvents\Table.php:436)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more Attack Surface

Entry Points21
Unprotected3

AJAX Handlers 21

authwp_ajax_swpsmtp_clear_loginc\deprecated\class-easywpsmtp.php:326
authwp_ajax_easy_wp_smtp_ajaxsrc\Admin\Area.php:115
authwp_ajax_easy_wp_smtp_debug_event_previewsrc\Admin\DebugEvents\DebugEvents.php:35
authwp_ajax_easy_wp_smtp_delete_all_debug_eventssrc\Admin\DebugEvents\DebugEvents.php:36
authwp_ajax_easy_wp_smtp_notification_dismisssrc\Admin\Notifications.php:62
authwp_ajax_easy_wp_smtp_vue_wizard_steps_startedsrc\Admin\SetupWizard.php:42
authwp_ajax_easy_wp_smtp_vue_get_settingssrc\Admin\SetupWizard.php:43
authwp_ajax_easy_wp_smtp_vue_update_settingssrc\Admin\SetupWizard.php:44
authwp_ajax_easy_wp_smtp_vue_get_oauth_urlsrc\Admin\SetupWizard.php:45
authwp_ajax_easy_wp_smtp_vue_remove_oauth_connectionsrc\Admin\SetupWizard.php:46
authwp_ajax_easy_wp_smtp_vue_install_pluginsrc\Admin\SetupWizard.php:47
authwp_ajax_easy_wp_smtp_vue_get_partner_plugins_infosrc\Admin\SetupWizard.php:48
authwp_ajax_easy_wp_smtp_vue_subscribe_to_newslettersrc\Admin\SetupWizard.php:49
authwp_ajax_easy_wp_smtp_vue_upgrade_pluginsrc\Admin\SetupWizard.php:50
authwp_ajax_easy_wp_smtp_vue_check_mailer_configurationsrc\Admin\SetupWizard.php:51
authwp_ajax_easy_wp_smtp_vue_send_feedbacksrc\Admin\SetupWizard.php:52
authwp_ajax_easy_wp_smtp_feedback_notice_dismisssrc\Admin\UserFeedback.php:36
authwp_ajax_easy_wp_smtp_connect_urlsrc\Connect.php:28
noprivwp_ajax_easy_wp_smtp_connect_processsrc\Connect.php:29
noprivwp_ajax_easy_wp_smtp_init_migrationssrc\Migrations\Migrations.php:32
authwp_ajax_health-check-email-domain_check_testsrc\SiteHealth.php:60
WordPress Hooks 122
actionactivate_easy-wp-smtp-pro/easy-wp-smtp.phpeasy-wp-smtp.php:56
actionadmin_initeasy-wp-smtp.php:63
actionactivate_easy-wp-smtp/easy-wp-smtp.phpeasy-wp-smtp.php:82
actiondeactivate_easy-wp-smtp/easy-wp-smtp.phpeasy-wp-smtp.php:102
actionadmin_noticeseasy-wp-smtp.php:139
actionadmin_noticeseasy-wp-smtp.php:262
actionadmin_noticeseasy-wp-smtp.php:273
actionadmin_noticesinc\deprecated\class-easywpsmtp-utils.php:109
actionplugins_loadedinc\deprecated\class-easywpsmtp.php:30
filterwp_mailinc\deprecated\class-easywpsmtp.php:43
actionwp_mail_failedinc\deprecated\class-easywpsmtp.php:44
actionadmin_initinc\deprecated\class-easywpsmtp.php:45
actionadmin_menusrc\Admin\Area.php:76
actionadmin_headsrc\Admin\Area.php:79
actionnetwork_admin_menusrc\Admin\Area.php:82
actionadmin_enqueue_scriptssrc\Admin\Area.php:88
actionadmin_initsrc\Admin\Area.php:91
actionadmin_initsrc\Admin\Area.php:94
actionadmin_initsrc\Admin\Area.php:97
actionin_admin_headersrc\Admin\Area.php:100
filteradmin_footer_textsrc\Admin\Area.php:103
actionin_admin_footersrc\Admin\Area.php:106
filterupdate_footersrc\Admin\Area.php:109
actionadmin_print_scriptssrc\Admin\Area.php:112
actioninitsrc\Admin\Area.php:119
actionadmin_initsrc\Admin\Area.php:123
filtersubmenu_filesrc\Admin\Area.php:158
actionadmin_headsrc\Admin\Area.php:164
filteradmin_body_classsrc\Admin\Area.php:379
actionadmin_initsrc\Admin\DashboardWidget.php:47
actionadmin_enqueue_scriptssrc\Admin\DashboardWidget.php:78
actionwp_dashboard_setupsrc\Admin\DashboardWidget.php:79
filterset-screen-optionsrc\Admin\DebugEvents\DebugEvents.php:40
filterset_screen_option_easy_wp_smtp_debug_events_per_pagesrc\Admin\DebugEvents\DebugEvents.php:41
filtereasy_wp_smtp_options_setsrc\Admin\DebugEvents\DebugEvents.php:44
actionadmin_initsrc\Admin\DebugEvents\DebugEvents.php:48
actionadmin_enqueue_scriptssrc\Admin\Notifications.php:60
actioneasy_wp_smtp_admin_pages_before_contentsrc\Admin\Notifications.php:61
actioncurrent_screensrc\Admin\Pages\ActionSchedulerTab.php:75
actioneasy_wp_smtp_admin_area_enqueue_assetssrc\Admin\Pages\AdditionalConnectionsTab.php:59
actioneasy_wp_smtp_admin_area_enqueue_assetssrc\Admin\Pages\DebugEventsTab.php:105
actioneasy_wp_smtp_admin_area_enqueue_assetssrc\Admin\Pages\EmailReportsTab.php:64
actioneasy_wp_smtp_admin_area_enqueue_assetssrc\Admin\Pages\LogsTab.php:73
actioneasy_wp_smtp_admin_pages_settings_license_keysrc\Admin\Pages\SettingsTab.php:70
actioneasy_wp_smtp_admin_area_enqueue_assetssrc\Admin\Pages\SettingsTab.php:72
actioneasy_wp_smtp_admin_area_enqueue_assetssrc\Admin\Pages\SmartRoutingTab.php:59
filterwp_mail_content_typesrc\Admin\Pages\TestTab.php:349
actionadmin_initsrc\Admin\ParentPageAbstract.php:76
actionadmin_initsrc\Admin\SetupWizard.php:36
actionadmin_initsrc\Admin\SetupWizard.php:37
actionadmin_menusrc\Admin\SetupWizard.php:38
filterremovable_query_argssrc\Admin\SetupWizard.php:39
actionadmin_initsrc\Admin\UserFeedback.php:35
actionnetwork_admin_noticessrc\Admin\UserFeedback.php:50
actionadmin_noticessrc\Admin\UserFeedback.php:52
actioneasy_wp_smtp_admin_setup_wizard_load_setup_wizard_beforesrc\Compatibility\Plugin\Admin2020.php:57
actioninitsrc\Compatibility\Plugin\PluginAbstract.php:21
actioninitsrc\Compatibility\Plugin\PluginAbstract.php:24
actionpll_initsrc\Compatibility\Plugin\Polylang.php:19
filtereasy_wp_smtp_wp_get_site_url_unfilteredsrc\Compatibility\Plugin\Polylang.php:63
filterwoocommerce_defer_transactional_emailssrc\Compatibility\Plugin\WooCommerce.php:44
filterwpforms_tasks_entry_emails_trigger_send_same_processsrc\Compatibility\Plugin\WPFormsLite.php:44
actionwpml_loadedsrc\Compatibility\Plugin\WPML.php:21
filtereasy_wp_smtp_wp_get_site_url_unfilteredsrc\Compatibility\Plugin\WPML.php:67
actioneasy_wp_smtp_admin_area_enqueue_assetssrc\Connect.php:27
actionadmin_noticessrc\Core.php:76
actionnetwork_admin_noticessrc\Core.php:79
actionplugins_loadedsrc\Core.php:122
actionplugins_loadedsrc\Core.php:125
actionplugins_loadedsrc\Core.php:128
actionplugins_loadedsrc\Core.php:129
actionadmin_initsrc\Core.php:132
actioninitsrc\Core.php:134
actioninitsrc\Core.php:137
actionplugins_loadedsrc\Core.php:139
actionplugins_loadedsrc\Core.php:140
actionplugins_loadedsrc\Core.php:141
actionplugins_loadedsrc\Core.php:142
actionplugins_loadedsrc\Core.php:143
actionplugins_loadedsrc\Core.php:144
actionplugins_loadedsrc\Core.php:145
actionplugins_loadedsrc\Core.php:146
actionplugins_loadedsrc\Core.php:147
actionplugins_loadedsrc\Core.php:148
actionplugins_loadedsrc\Core.php:149
actionadmin_noticessrc\Core.php:189
actionadmin_noticessrc\Core.php:190
actionnetwork_admin_noticessrc\Core.php:193
actionnetwork_admin_noticessrc\Core.php:194
actionafter_setup_themesrc\Core.php:968
actionadmin_initsrc\DBRepair.php:27
actionadmin_initsrc\DBRepair.php:28
actionadmin_initsrc\Migrations\Migrations.php:25
actionadmin_initsrc\Migrations\Migrations.php:28
actionupgrader_process_completesrc\Migrations\Migrations.php:31
filtereasy_wp_smtp_queue_is_enabledsrc\OptimizedEmailSending.php:28
filtereasy_wp_smtp_mail_catcher_send_enqueue_emailsrc\OptimizedEmailSending.php:42
filtereasy_wp_smtp_options_is_const_enabledsrc\Options.php:1715
actionphpmailer_initsrc\Processor.php:103
filterwp_mail_fromsrc\Processor.php:106
filterwp_mail_from_namesrc\Processor.php:107
actionwp_mailsrc\Processor.php:109
actionwp_mailsrc\Processor.php:110
actionadmin_initsrc\Providers\Outlook\Provider.php:22
filtereasy_wp_smtp_mail_catcher_send_enqueue_emailsrc\Queue\Queue.php:192
actionphpmailer_initsrc\Queue\Queue.php:199
filtereasy_wp_smtp_wp_mail_initiator_set_initiatorsrc\Queue\Queue.php:209
filterwp_mail_content_typesrc\Reports\Emails\Summary.php:110
actioneasy_wp_smtp_mailcatcher_smtp_send_aftersrc\Reports\Reports.php:67
actioneasy_wp_smtp_mailcatcher_send_aftersrc\Reports\Reports.php:70
actionadmin_initsrc\Reports\Reports.php:87
actionadmin_enqueue_scriptssrc\SiteHealth.php:54
filtersite_status_testssrc\SiteHealth.php:56
filterdebug_informationsrc\SiteHealth.php:57
actionaction_scheduler_after_process_queuesrc\Tasks\Queue\ProcessQueueTask.php:43
actionaction_scheduler_after_process_queuesrc\Tasks\Queue\SendEnqueuedEmailTask.php:43
actionshutdownsrc\Tasks\Task.php:360
actionadmin_menusrc\Tasks\Tasks.php:44
actionaction_scheduler_after_executesrc\Tasks\Tasks.php:66
actioneasy_wp_smtp_options_set_aftersrc\UsageTracking\UsageTracking.php:64
filtereasy_wp_smtp_tasks_get_taskssrc\UsageTracking\UsageTracking.php:76
actioneasy_wp_smtp_processor_capture_wp_mail_callsrc\WPMailInitiator.php:83
Maintenance & Trust

Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedNov 27, 2025
PHP min version7.4
Downloads13.7M

Community Trust

Rating92/100
Number of ratings698
Active installs500K
Alternatives

Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more Alternatives

WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin

WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin

wp-mail-smtp

A
99

Make email delivery easy for WordPress. Connect with SMTP, Gmail, Outlook, SendGrid, Mailgun, SES, Zoho, + more. Rated #1 WordPress SMTP Email plugin.

4.0M 2 CVEs
SureMail – SMTP and Email Logs Plugin with Amazon SES, Postmark, and Other Providers

SureMail – SMTP and Email Logs Plugin with Amazon SES, Postmark, and Other Providers

suremails

A
97

SureMail – SMTP and Email Logs Plugin with Amazon SES, Postmark, and Other Providers

200K 1 CVE
Alternate SMTP By Brainvire

Alternate SMTP By Brainvire

alternate-smtp

A
92

Make email delivery easy for WordPress. Connect with SMTP, Gmail, Outlook, SendGrid, Mailgun, SES, Zoho, + more. Rated #1 WordPress SMTP Email plugin.

0 No CVEs
Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App

Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App

post-smtp

B
76

Improve WordPress email deliverability. Connect Gmail SMTP, Microsoft 365, Brevo, SendGrid, Mailgun, Zoho, Amazon SES, etc. #1 WordPress SMTP Plugin.

400K 23 CVEs
Bit SMTP – Easy SMTP Solution with Email Logs

Bit SMTP – Easy SMTP Solution with Email Logs

bit-smtp

A
99

Short Description

2K 1 CVE
Developer Profile

Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more Developer Profile

Syed Balkhi

94 plugins · 23.5M total installs

73
trust score
Avg Security Score
92/100
Avg Patch Time
784 days
View full developer profile
Detection Fingerprints

How We Detect Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/easy-wp-smtp/assets/css/smtp-global.css/wp-content/plugins/easy-wp-smtp/assets/css/smtp-settings.css/wp-content/plugins/easy-wp-smtp/assets/css/smtp-wizard.css/wp-content/plugins/easy-wp-smtp/assets/js/smtp-wizard.js
Script Paths
/wp-content/plugins/easy-wp-smtp/assets/js/smtp-wizard.js
Version Parameters
easy-wp-smtp/assets/css/smtp-global.css?ver=easy-wp-smtp/assets/css/smtp-settings.css?ver=easy-wp-smtp/assets/css/smtp-wizard.css?ver=easy-wp-smtp/assets/js/smtp-wizard.js?ver=

HTML / DOM Fingerprints

CSS Classes
easy-wp-smtp-notice
FAQ

Frequently Asked Questions about Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more