WP-Safety

Email not required Security & Risk Analysis

wordpress.org/plugins/email-not-required

Disable email requirement for user registering/editing.

20 active installs v0.4 PHP + WP 3.1+ Updated Unknown
e-mailemailmailnot-requiredrequired
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Email not required Safe to Use in 2026?

Generally Safe

Score 100/100

Email not required has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The "email-not-required" plugin version 0.4 exhibits a generally positive security posture based on the provided static analysis. The absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits the plugin's attack surface, and all identified entry points appear to be protected. The code further demonstrates good practice by exclusively using prepared statements for SQL queries and avoiding dangerous functions, file operations, and external HTTP requests. Furthermore, the plugin has no recorded vulnerability history, suggesting a consistent track record of security. However, a significant concern arises from the output escaping. With one total output and 0% properly escaped, any dynamic content rendered by this plugin is vulnerable to Cross-Site Scripting (XSS) attacks. This lack of sanitization represents a critical weakness that could be exploited to inject malicious scripts into the WordPress dashboard or user-facing content.

Key Concerns

  • Output escaping is not implemented
Vulnerabilities
None known

Email not required Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Email not required Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
1
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

0% escaped1 total outputs
Attack Surface

Email not required Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 4
actionuser_profile_update_errorsemail-not-required.php:33
actionadmin_footeremail-not-required.php:61
actionadmin_initemail-not-required.php:62
filterwpmu_validate_user_signupemail-not-required.php:77
Maintenance & Trust

Email not required Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29
Last updatedUnknown
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs20
Alternatives

Email not required Alternatives

Change Mail Sender

Change Mail Sender

cb-change-mail-sender

A
92

Easily change the default WordPress from email name and from email address.

20K No CVEs
Postie

Postie

postie

A
92

Postie allows you to create posts via email, including many advanced features not found in WordPress's default Post by Email feature.

10K 5 CVEs
ShopMagic – email automation

ShopMagic – email automation

shopmagic-for-woocommerce

A
96

Flexible email automation and workflows triggered by customer and site events.

10K 2 CVEs
MailUp for WordPress – Email and Newsletter Subscription Form

MailUp for WordPress – Email and Newsletter Subscription Form

mailup-email-and-newsletter-subscription-form

A
100

Il plugin permette di inserire sul proprio sito WordPress un form per l’iscrizione degli utenti a newsletter, campagne email e SMS.

2K No CVEs
WP-EMail

WP-EMail

wp-email

A
88

Allows people to recommend/send your WordPress blog's post/page to a friend.

2K 5 CVEs
Developer Profile

Email not required Developer Profile

ircf

5 plugins · 310 total installs

75
trust score
Avg Security Score
94/100
Avg Patch Time
282 days
View full developer profile
Detection Fingerprints

How We Detect Email not required

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes
form-fieldform-required
HTML Comments
FIXME and remove str_replace
FAQ

Frequently Asked Questions about Email not required