WP-Safety

GoSMTP – SMTP for WordPress Security & Risk Analysis

wordpress.org/plugins/gosmtp

Send emails from your WordPress site using your preferred SMTP provider like Gmail, Outlook, AWS, Zoho, SMTP.com, Brevo (formerly Sendinblue), Mailgun …

500K active installs v1.1.9 PHP 5.5+ WP 5.5+ Updated Feb 25, 2026
aws-smtpgmail-smtpsendgrid-smtpsmtpwordpress-smtp
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is GoSMTP – SMTP for WordPress Safe to Use in 2026?

Generally Safe

Score 100/100

GoSMTP – SMTP for WordPress has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The goSMTP plugin v1.1.9 exhibits a generally strong security posture based on the provided static analysis. The absence of any known CVEs or vulnerabilities in its history is a significant positive indicator. Furthermore, the code analysis reveals a commendable practice of using prepared statements for all SQL queries and a high percentage of properly escaped outputs, mitigating common risks like SQL injection and XSS. The presence of nonce and capability checks on its entry points, along with no raw SQL queries or critical taint flows, further strengthens its security.

However, there are minor areas for improvement. The existence of two AJAX handlers, while currently protected by authentication checks, represents potential attack vectors that require ongoing vigilance. The file operations and external HTTP requests, while not explicitly flagged as dangerous, warrant review to ensure they do not introduce indirect vulnerabilities. Overall, goSMTP appears to be a well-developed plugin with a strong commitment to security, but continuous monitoring and adherence to best practices for its remaining entry points are recommended.

Key Concerns

  • AJAX handlers present
  • File operations present
  • External HTTP requests present
Vulnerabilities
None known

GoSMTP – SMTP for WordPress Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

GoSMTP – SMTP for WordPress Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
14
68 escaped
Nonce Checks
7
Capability Checks
3
File Operations
11
External Requests
7
Bundled Libraries
0

Output Escaping

83% escaped82 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
gosmtp_settings_page (main\settings.php:132)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

GoSMTP – SMTP for WordPress Attack Surface

Entry Points2
Unprotected0

AJAX Handlers 2

authwp_ajax_gosmtp_test_mailmain\ajax.php:12
authwp_ajax_gosmtp_close_update_noticemain\ajax.php:90
WordPress Hooks 8
actionplugins_loadedinit.php:92
actionwp_mailinit.php:108
filterwp_mail_frominit.php:232
actionadmin_menuinit.php:240
actionadmin_initinit.php:317
actionadmin_noticesmain\admin.php:24
filtersoftaculous_plugin_update_noticemain\admin.php:25
actionwp_mail_failedmain\ajax.php:32

Scheduled Events 2

gosmtp_log_retention_cron
gosmtp_weekly_email_reports_cron
Maintenance & Trust

GoSMTP – SMTP for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 25, 2026
PHP min version5.5
Downloads2.1M

Community Trust

Rating82/100
Number of ratings8
Active installs500K
Alternatives

GoSMTP – SMTP for WordPress Alternatives

Kingmailer WordPress SMTP

Kingmailer WordPress SMTP

kingmailer-smtp

A
100

SMTP for sending user registration emails, order emails, contact form emails.

70 No CVEs
SMTP for SendGrid – YaySMTP

SMTP for SendGrid – YaySMTP

smtp-sendgrid

A
97

Send emails from WordPress through SendGrid using SMTP by YayCommerce

1K 2 CVEs
Super Duper SMTP

Super Duper SMTP

super-duper-smtp

A
85

A crazy simple SMTP plugin.

10 No CVEs
Authority Mailer SMTP – WordPress SMTP Plugin with Email Logs

Authority Mailer SMTP – WordPress SMTP Plugin with Email Logs

authority-mailer-smtp

A
100

Fix WordPress emails not sending. SMTP plugin with Email Logs for Gmail, Outlook, SendGrid, Mailgun. Easy Setup, reliable delivery.

0 No CVEs
Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App

Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App

post-smtp

B
76

Improve WordPress email deliverability. Connect Gmail SMTP, Microsoft 365, Brevo, SendGrid, Mailgun, Zoho, Amazon SES, etc. #1 WordPress SMTP Plugin.

400K 21 CVEs
Developer Profile

GoSMTP – SMTP for WordPress Developer Profile

Softaculous

10 plugins · 4.1M total installs

76
trust score
Avg Security Score
95/100
Avg Patch Time
333 days
View full developer profile
Detection Fingerprints

How We Detect GoSMTP – SMTP for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/gosmtp/main/settings.css/wp-content/plugins/gosmtp/main/admin.css
Script Paths
/wp-content/plugins/gosmtp/main/settings.js/wp-content/plugins/gosmtp/main/admin.js
Version Parameters
gosmtp/main/settings.css?ver=gosmtp/main/admin.css?ver=gosmtp/main/settings.js?ver=gosmtp/main/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
gosmtp-box-containergosmtp-promotiongosmtp-promotion-contentgosmtp-promotion-logo
HTML Comments
<!--GoSMTP's Mailer API connecters are derived from Fluent SMTP:<!--Main Table-->
Data Attributes
id="gosmtp-plugin-update-notice"
JS Globals
GOSMTP_URLSOFTACULOUS_PLUGIN_UPDATE_NOTICE
FAQ

Frequently Asked Questions about GoSMTP – SMTP for WordPress