Does Email Me have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Email Me compatible with WordPress 3.5.2?

According to WordPress.org data, Email Me 1.0 has been tested up to WordPress 3.5.2. Check the plugin's changelog for the latest compatibility information.

How often is Email Me updated?

Email Me was last updated on Jan 7, 2013. Frequent updates are generally a positive security signal.

What is Email Me's security score?

Email Me has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Email Me Security & Risk Analysis

wordpress.org/plugins/email-me

Creates an email link from the shortcode [emailme] that spam bots don't find. Has clever parameters for convenience...

30 active installs v1.0 PHP + WP 3.0.1+ Updated Jan 7, 2013

emailjavascriptobfuscateshortlink

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Email Me Safe to Use in 2026?

Generally Safe

Score 85/100

Email Me has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 13yr ago

Risk Assessment

The "email-me" v1.0 plugin exhibits a generally strong security posture based on the provided static analysis. The absence of dangerous functions, reliance on prepared statements for all SQL queries, and proper output escaping are excellent indicators of secure coding practices. Furthermore, the plugin has no recorded vulnerabilities, including CVEs, which suggests a history of secure development or effective patching.

However, the analysis reveals a significant area of concern: the lack of nonce and capability checks across all entry points. While the attack surface is currently small, with only one shortcode and no AJAX handlers or REST API routes, this absence of authentication and authorization checks creates a potential weakness. If the shortcode's functionality were to be expanded or new, unprotected entry points were introduced in future versions without these checks, it could lead to unauthorized actions or data exposure.

In conclusion, while the current version of "email-me" is likely secure due to its limited functionality and lack of known vulnerabilities, its reliance on unchecked entry points presents a latent risk. The developers should prioritize implementing robust nonce and capability checks on all shortcodes and any future additions to the plugin's attack surface to ensure continued security.

Key Concerns

Missing nonce checks on entry points
Missing capability checks on entry points

Vulnerabilities

None known

Email Me Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Email Me Release Timeline

No version history available.

Code Analysis

Analyzed Mar 16, 2026

Email Me Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Attack Surface

Email Me Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[emailme] emailme.php:34

Maintenance & Trust

Email Me Maintenance & Trust

Maintenance Signals

WordPress version tested3.5.2

Last updatedJan 7, 2013

PHP min version

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs30

Alternatives

Email Me Alternatives

Hikari Email & URL Obfuscator

hikari-email-url-obfuscator

Email and normal links are obfuscated, hiding them from spambots. It automatically encodes each link, then uses JavaScript to decode and show them.

50 No CVEs

Email Address Obfuscation

email-address-obfuscation

Email Address Obfuscation prevents email harvesting by hiding email address appearing in your pages, while remaining visible to your site visitors.

2K 1 CVE

Pixeline's Email Protector

pixelines-email-protector

Write email addresses without worrying about spambots and email harvesters.

900 1 CVE

TG Email Protection

tg-email-protection

Protect email addresses from being harvested by spammers and spambots, obfuscating them. Your visitors can still see email addresses.

50 No CVEs

Contact Form 7: Support Deprecated Settings

cf7-support-deprecated-settings

Provide continued support for on_sent_ok and on_submit within Contact Form 7's Additional Settings

10 No CVEs

Developer Profile

Email Me Developer Profile

robertkay

3 plugins · 90 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Email Me

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

HTML Comments

JS Globals

var namevar domainvar disp

Shortcode Output

<script language="JavaScript">document.write("<a href=\"mailto:" + name + "@" + domain + "\">");document.write(disp + "</a>");</script>

FAQ