Does FS Email Tools have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is FS Email Tools compatible with WordPress 6.2.9?

According to WordPress.org data, FS Email Tools 1.2.4 has been tested up to WordPress 6.2.9. Check the plugin's changelog for the latest compatibility information.

Is FS Email Tools compatible with PHP 7.3+?

FS Email Tools requires PHP 7.3 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is FS Email Tools updated?

FS Email Tools was last updated on Apr 2, 2023. Frequent updates are generally a positive security signal.

What is FS Email Tools's security score?

FS Email Tools has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

FS Email Tools Security & Risk Analysis

wordpress.org/plugins/email-tools

Collection of tools to interact with emails in WordPress including email rerouting, outgoing email logging to the database, and automatic BCC to speci …

0 active installs v1.2.4 PHP 7.3+ WP 5.6+ Updated Apr 2, 2023

developer-toolemailmail

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is FS Email Tools Safe to Use in 2026?

Generally Safe

Score 85/100

FS Email Tools has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago

Risk Assessment

The "email-tools" v1.2.4 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices in output escaping and SQL query preparedness, with 98% of outputs properly escaped and 82% of SQL queries using prepared statements. The absence of known CVEs and a clean vulnerability history are also strong indicators of a well-maintained and secure plugin. However, significant concerns arise from the static analysis. The presence of an unprotected AJAX handler presents a direct attack vector. Furthermore, two high-severity taint flows with unsanitized paths indicate potential risks of data injection or manipulation, especially when combined with the use of the `unserialize` function, which is known for its potential security pitfalls if used with untrusted data. The limited capability checks also suggest that access control might be insufficient for certain functionalities.

Key Concerns

Unprotected AJAX handler
High severity taint flows with unsanitized paths
Dangerous function unserialize used
Limited capability checks found

Vulnerabilities

None known

FS Email Tools Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

FS Email Tools Release Timeline

v1.2.4Current

v1.2.3

v1.2.2

v1.2.1

v1.2.0

v1.1.3

v1.1.2

v1.1.1

v1.1.0

v1.0.0

Code Analysis

Analyzed Mar 17, 2026

FS Email Tools Code Analysis

Dangerous Functions

Raw SQL Queries

9 prepared

Unescaped Output

79 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserializereturn implode('<br>', unserialize($item[$column_name]));src\WP\Admin\ListTables\EmailLogsListTable.php:86

SQL Query Safety

82% prepared11 total queries

Output Escaping

98% escaped81 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

5 flows2 with unsanitized paths

extra_tablenav (src\WP\Admin\ListTables\EmailLogsListTable.php:109)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

FS Email Tools Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_fs_email_tools_get_email_logsrc\WP\Ajax.php:12

WordPress Hooks 10

actionadmin_menusrc\WP\Admin\Page.php:17

actionadmin_post_fs_email_tools_send_test_emailsrc\WP\Admin\Page.php:18

actionadmin_post_fs_email_tools_delete_email_logsrc\WP\Admin\Page.php:19

actionadmin_noticessrc\WP\Admin\Page.php:20

filterset-screen-optionsrc\WP\Admin\Page.php:21

actionadmin_action_fs_email_tools_download_attachmentsrc\WP\Admin\Page.php:22

actionadmin_initsrc\WP\Admin\Settings.php:23

actionadmin_enqueue_scriptssrc\WP\Asset.php:14

actionphpmailer_initsrc\WP\Mail.php:13

filterwp_mailsrc\WP\Mail.php:14

Maintenance & Trust

FS Email Tools Maintenance & Trust

Maintenance Signals

WordPress version tested6.2.9

Last updatedApr 2, 2023

PHP min version7.3

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

FS Email Tools Alternatives

WP Reroute Email

wp-reroute-email

This plugin reroutes all outgoing emails from a WordPress site (sent using the wp_mail() function) to a predefined configurable email address.

1K 3 CVEs

Change Administration Email

change-administration-email

Change the Site's Administration Email Address on the General Settings page without the confirmation email.

0 No CVEs

WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin

wp-mail-smtp

Make email delivery easy for WordPress. Connect with SMTP, Gmail, Outlook, SendGrid, Mailgun, SES, Zoho, + more. Rated #1 WordPress SMTP Email plugin.

4.0M 2 CVEs

Hostinger Reach – AI-Powered Email Marketing for WordPress

hostinger-reach

Launch and grow your email marketing effortlessly with Hostinger Reach. Collect contacts, sync subscribers, and send emails – all in one, AI powered.

1.0M 1 CVE

MC4WP: Mailchimp for WordPress

mailchimp-for-wp

The #1 Mailchimp plugin for WordPress. Allows you to add a multitude of newsletter sign-up methods to your site.

1.0M 11 CVEs

Developer Profile

FS Email Tools Developer Profile

Firdaus Zahari

4 plugins · 110 total installs

trust score

Avg Security Score

87/100

Avg Patch Time

1 days

View full developer profile

Detection Fingerprints

How We Detect FS Email Tools

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/email-tools/assets/dist/js/admin.js/wp-content/plugins/email-tools/assets/dist/css/admin.css

Script Paths

/wp-content/plugins/email-tools/assets/dist/js/admin.js

Version Parameters

email-tools/assets/dist/js/admin.js?ver=email-tools/assets/dist/css/admin.css?ver=

HTML / DOM Fingerprints

CSS Classes

js-view-email-logjs-delete-email-log

Data Attributes

data-id

FAQ