WP-Safety

f(x) Email Log Security & Risk Analysis

wordpress.org/plugins/fx-email-log

Simple plugin to log all email sent via WordPress.

300 active installs v1.0.3 PHP + WP 4.5+ Updated Apr 22, 2017
contact-formdatabaseemailemail-loglog
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is f(x) Email Log Safe to Use in 2026?

Generally Safe

Score 85/100

f(x) Email Log has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago
Risk Assessment

The fx-email-log v1.0.3 plugin exhibits a generally good security posture with a limited attack surface, consisting of a single AJAX handler. Notably, the analysis indicates zero unprotected entry points, suggesting a solid understanding of authentication and authorization best practices regarding its primary interaction points. The plugin also demonstrates a reasonable approach to output escaping and uses nonces and capability checks, which are crucial for preventing common web vulnerabilities. However, the static analysis revealed two flows with unsanitized paths during taint analysis, with one classified as high severity. This is a significant concern as it indicates a potential pathway for malicious data to be processed without proper validation, which could lead to unexpected behavior or security exploits. Additionally, while the plugin has no recorded vulnerability history, this absence of past issues should be viewed with caution. It might reflect a lack of discovery or audit rather than inherent invulnerability. Therefore, while the plugin adheres to many security fundamentals, the presence of high-severity taint flows warrants careful attention and remediation.

Key Concerns

  • High severity taint flow found
  • Flows with unsanitized paths found
  • SQL queries not fully prepared
  • Output escaping not fully implemented
Vulnerabilities
None known

f(x) Email Log Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

f(x) Email Log Code Analysis

Dangerous Functions
0
Raw SQL Queries
7
7 prepared
Unescaped Output
25
55 escaped
Nonce Checks
3
Capability Checks
5
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

50% prepared14 total queries

Output Escaping

69% escaped80 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths
search_box (library\list-table-class.php:347)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

f(x) Email Log Attack Surface

Entry Points1
Unprotected0

AJAX Handlers 1

authwp_ajax_fx_email_log_view_contentincludes\settings.php:37
WordPress Hooks 10
actionplugins_loadedfx-email-log.php:39
filterwp_mailincludes\log-email.php:27
actionwpmu_new_blogincludes\multisite.php:6
filterwpmu_drop_tablesincludes\multisite.php:9
actionadmin_menuincludes\settings.php:28
filterset-screen-optionincludes\settings.php:31
actionadmin_enqueue_scriptsincludes\settings.php:34
actionadmin_footerlibrary\list-table-class.php:158
actionadmin_noticeslibrary\system-requirement.php:34
actionadmin_noticeslibrary\welcome-notice.php:31
Maintenance & Trust

f(x) Email Log Maintenance & Trust

Maintenance Signals

WordPress version tested4.7.32
Last updatedApr 22, 2017
PHP min version
Downloads5K

Community Trust

Rating100/100
Number of ratings3
Active installs300
Alternatives

f(x) Email Log Alternatives

Ajax Contact Form

Ajax Contact Form

fws-ajax-contact-form

A
99

An easy to use contact form plugin with multiple inbuilt features to prevent contact form spam.

20 1 CVE
MultiMailer

MultiMailer

scand-multi-mailer

D
49

Send data from one contact form to multiple email addresses or save data into log file.

20 2 unpatched
WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin

WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin

wp-mail-smtp

A
99

Make email delivery easy for WordPress. Connect with SMTP, Gmail, Outlook, SendGrid, Mailgun, SES, Zoho, + more. Rated #1 WordPress SMTP Email plugin.

4.0M 2 CVEs
Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more

Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more

easy-wp-smtp

A
91

Make SMTP email sending and delivery easy. Configure Gmail, Outlook, Brevo, SendGrid, Mailgun, SendLayer or connect to any SMTP server.

500K 8 CVEs
Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App

Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App

post-smtp

B
76

Improve WordPress email deliverability. Connect Gmail SMTP, Microsoft 365, Brevo, SendGrid, Mailgun, Zoho, Amazon SES, etc. #1 WordPress SMTP Plugin.

400K 21 CVEs
Developer Profile

f(x) Email Log Developer Profile

David Chandra Purnama

12 plugins · 2K total installs

82
trust score
Avg Security Score
83/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect f(x) Email Log

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/fx-email-log/assets/settings.css/wp-content/plugins/fx-email-log/assets/settings.js/wp-content/plugins/fx-email-log/assets/reset.css
Script Paths
/wp-content/plugins/fx-email-log/assets/settings.js
Version Parameters
fx-email-log/assets/settings.css?ver=fx-email-log/assets/settings.js?ver=

HTML / DOM Fingerprints

CSS Classes
fx-email-log-settings-wrapfx-email-log-modal-overlayfx-email-log-modalfx-email-log-modal-containerfx-email-log-modal-titlefx-email-log-modal-close
Data Attributes
data-nonce
JS Globals
fx_email_log_settings_paramsFX_EMAIL_LOG_URI
FAQ

Frequently Asked Questions about f(x) Email Log