Does Email to Image have any unpatched vulnerabilities?

No. All known vulnerabilities in Email to Image have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Email to Image compatible with WordPress 3.9.40?

According to WordPress.org data, Email to Image 4.1 has been tested up to WordPress 3.9.40. Check the plugin's changelog for the latest compatibility information.

How often is Email to Image updated?

Email to Image was last updated on Aug 31, 2014. Frequent updates are generally a positive security signal.

What is Email to Image's security score?

Email to Image has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Email to Image Security & Risk Analysis

wordpress.org/plugins/email-2-image

Avoid to get the email addresses in your blog to be indexed by spambots in a fancy and very efective way.

10 active installs v4.1 PHP + WP 2.8+ Updated Aug 31, 2014

emailemail-imageemail-spamimagespam

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Email to Image Safe to Use in 2026?

Generally Safe

Score 85/100

Email to Image has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago

Risk Assessment

The 'email-2-image' plugin v4.1 exhibits a mixed security posture. On the positive side, it demonstrates good practices regarding database interactions by exclusively using prepared statements and appears to have no known historical vulnerabilities, suggesting a generally stable and secure past. The absence of a large attack surface through AJAX, REST API, shortcodes, or cron events is also a significant strength.

However, several concerns arise from the static analysis. The presence of 'create_function' is a notable risk, as this function is deprecated and can lead to severe security vulnerabilities if used with untrusted input. Additionally, a substantial portion of output (38%) is not properly escaped, creating a potential for cross-site scripting (XSS) vulnerabilities, especially if dynamic content is involved. The taint analysis also revealed flows with unsanitized paths, indicating potential issues with file handling or directory traversal if these paths are derived from user input.

While the plugin has no recorded CVEs, the identified code signals like 'create_function' and unescaped output, coupled with unsanitized path flows, represent inherent risks that could be exploited. The lack of nonce and capability checks, though seemingly mitigated by a limited attack surface, still represents a weakness in general security hardening. In conclusion, while the plugin has a clean vulnerability history and good database practices, the identified code signals and taint analysis findings introduce specific risks that require attention.

Key Concerns

Dangerous function 'create_function' used
Significant unescaped output detected
Taint flows with unsanitized paths
Missing nonce checks
Missing capability checks

Vulnerabilities

None known

Email to Image Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Email to Image Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

8 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_functioncreate_function(emailtoimage.php:109

create_function$xx = create_function(emailtoimage.php:117

create_functioncreate_function(emailtoimage.php:127

Output Escaping

62% escaped13 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

opt (emailtoimage.php:51)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Email to Image Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 9

actionadmin_menuemailtoimage.php:34

actionadmin_noticesemailtoimage.php:39

filterthe_contentemailtoimage.php:272

filterthe_excerptemailtoimage.php:273

filtercomment_textemailtoimage.php:274

filterwidget_textemailtoimage.php:275

filterauthor_emailemailtoimage.php:276

filtercomment_emailemailtoimage.php:277

filterthe_content_rssemailtoimage.php:278

Maintenance & Trust

Email to Image Maintenance & Trust

Maintenance Signals

WordPress version tested3.9.40

Last updatedAug 31, 2014

PHP min version

Downloads5K

Community Trust

Rating20/100

Number of ratings1

Active installs10

Alternatives

Email to Image Alternatives

WP Mail Logging

wp-mail-logging

Log, view, and resend all emails sent from your WordPress site. Great for resolving email sending issues or keeping a copy for auditing.

300K 6 CVEs

CryptX

cryptx

No more SPAM by spiders scanning your site for email addresses!

10K 1 CVE

Stop WP Emails Going to Spam

stop-wp-emails-going-to-spam

100

Fixes WordPress emails going to spam/junk folders. The default settings often resolve the issue.

10K No CVEs

WP Mailto Links – Protect Email Addresses

wp-mailto-links

Protect & encode email addresses safely from spambots & spamming. Easy to use - encodes emails out-of-the-box.

9K 1 unpatched

bbPress Notify (No-Spam)

bbpress-notify-nospam

Powerful, customizable email notifications for bbPress and BuddyBoss forums — without the spam.

3K 2 CVEs

Developer Profile

Email to Image Developer Profile

andur

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Email to Image

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/email-2-image/select.jpg

HTML / DOM Fingerprints

CSS Classes

colorpicker301

HTML Comments

Data Attributes

onclick="showColorGrid3('txtcl','none');"

JS Globals

getScrollYgett6op6getLeft6nocol1clos1tt6+5 more

FAQ