Icegram Mailer – Reliable Email Deliverability, No-code SMTP Replacement & Email logs Security & Risk Analysis

wordpress.org/plugins/icegram-mailer

Send free email from your site in a minute. Do not need any complex setup of SMTP or API's

1K active installs v1.0.8 PHP 7.0+ WP 4.7+ Updated Jan 27, 2026

email-deliveryemail-logemail-marketingemail-sendingsmtp

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Icegram Mailer – Reliable Email Deliverability, No-code SMTP Replacement & Email logs Safe to Use in 2026?

Generally Safe

Score 100/100

Icegram Mailer – Reliable Email Deliverability, No-code SMTP Replacement & Email logs has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The "icegram-mailer" v1.0.8 plugin demonstrates a generally strong security posture, particularly in its handling of entry points and SQL queries. The absence of unpatched CVEs and the secure implementation of SQL queries using prepared statements are significant strengths. Furthermore, the plugin utilizes nonce and capability checks for its AJAX handlers, indicating an awareness of common web vulnerabilities.

However, there are areas for improvement. While the majority of output is properly escaped, a notable percentage (17%) is not, presenting a potential risk for cross-site scripting (XSS) vulnerabilities if user-controlled data is involved in these unescaped outputs. The presence of file operations and external HTTP requests, while not inherently insecure, are areas that require diligent scrutiny to ensure they do not introduce vulnerabilities.

The plugin's historical lack of vulnerabilities is a positive indicator of past development practices. Coupled with the static analysis results showing no critical or high severity taint flows and a clean attack surface regarding unprotected entry points, the overall risk is assessed as low. The primary concern stems from the unescaped output, which warrants careful review.

Key Concerns

Unescaped output found

Vulnerabilities

None known

Icegram Mailer – Reliable Email Deliverability, No-code SMTP Replacement & Email logs Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Icegram Mailer – Reliable Email Deliverability, No-code SMTP Replacement & Email logs Code Analysis

Dangerous Functions

Raw SQL Queries

3 prepared

Unescaped Output

403 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared3 total queries

Output Escaping

83% escaped485 total outputs

Data Flows

All sanitized

Data Flow Analysis

6 flows

handle_ajax_action (admin\class-icegram-mailer-admin-ajax-handler.php:16)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Icegram Mailer – Reliable Email Deliverability, No-code SMTP Replacement & Email logs Attack Surface

Entry Points3

Unprotected0

AJAX Handlers 3

authwp_ajax_icegram_maileradmin\class-icegram-mailer-admin-ajax-handler.php:13

authwp_ajax_icegram_mailer_setup_email_sending_serviceincludes\class-icegram-mailer-account.php:129

authwp_ajax_icegram-mailerincludes\class-icegram-mailer-router.php:21

WordPress Hooks 30

actionadmin_noticesadmin\class-icegram-mailer-admin-notice.php:37

actionadmin_enqueue_scriptsadmin\class-icegram-mailer-admin-notice.php:38

actionadmin_enqueue_scriptsadmin\class-icegram-mailer-admin.php:62

actionadmin_enqueue_scriptsadmin\class-icegram-mailer-admin.php:63

actionadmin_menuadmin\class-icegram-mailer-admin.php:64

actionadmin_initadmin\class-icegram-mailer-settings.php:13

actioninitadmin\notices\class-icegram-mailer-plugin-review-notice.php:11

actionadmin_initadmin\notices\class-icegram-mailer-plugin-review-notice.php:15

actioninitincludes\class-icegram-mailer-account.php:124

actionadmin_enqueue_scriptsincludes\class-icegram-mailer-account.php:128

actionadmin_initincludes\class-icegram-mailer-account.php:130

actionplugins_loadedincludes\class-icegram-mailer-client.php:31

filterpre_wp_mailincludes\class-icegram-mailer-client.php:32

actionicegram_mailer_after_email_processedincludes\class-icegram-mailer-client.php:33

actioninitincludes\class-icegram-mailer-client.php:36

filterig_es_ess_data_optionincludes\class-icegram-mailer-express-integration.php:14

filterig_es_current_mailer_classincludes\class-icegram-mailer-express-integration.php:15

actionicegram_mailer_plugin_activatedincludes\class-icegram-mailer-express-integration.php:16

actioninitincludes\class-icegram-mailer.php:198

actioninitincludes\controllers\class-icegram-mailer-onboarding-controller.php:99

actionadmin_enqueue_scriptsincludes\controllers\class-icegram-mailer-onboarding-controller.php:103

actionadmin_enqueue_scriptsincludes\feedback\class-ig-feedback.php:112

actionadmin_enqueue_scriptsincludes\feedback\class-ig-feedback.php:113

actionadmin_noticesincludes\feedback\class-ig-feedback.php:120

actionadmin_print_footer_scriptsincludes\feedback\class-ig-feedback.php:348

actionadmin_print_scriptsincludes\feedback\class-ig-feedback.php:349

actionadmin_footerincludes\feedback\class-ig-feedback.php:350

filterig_mailer_deactivation_reasonsincludes\feedback.php:37

filterig_mailer_additional_feedback_meta_infoincludes\feedback.php:71

actionig_mailer_deactivation_feedback_submittedincludes\feedback.php:136

Maintenance & Trust

Icegram Mailer – Reliable Email Deliverability, No-code SMTP Replacement & Email logs Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 27, 2026

PHP min version7.0

Downloads9K

Community Trust

Rating100/100

Number of ratings10

Active installs1K

Alternatives

Icegram Mailer – Reliable Email Deliverability, No-code SMTP Replacement & Email logs Alternatives

WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin

wp-mail-smtp

Make email delivery easy for WordPress. Connect with SMTP, Gmail, Outlook, SendGrid, Mailgun, SES, Zoho, + more. Rated #1 WordPress SMTP Email plugin.

4.0M 2 CVEs

Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more

easy-wp-smtp

Make SMTP email sending and delivery easy. Configure Gmail, Outlook, Brevo, SendGrid, Mailgun, SendLayer or connect to any SMTP server.

500K 8 CVEs

Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App

post-smtp

Improve WordPress email deliverability. Connect Gmail SMTP, Microsoft 365, Brevo, SendGrid, Mailgun, Zoho, Amazon SES, etc. #1 WordPress SMTP Plugin.

400K 21 CVEs

WP Mail Logging

wp-mail-logging

Log, view, and resend all emails sent from your WordPress site. Great for resolving email sending issues or keeping a copy for auditing.

300K 6 CVEs

Site Mailer – SMTP Replacement, Email API Deliverability & Email Log

site-mailer

Effortlessly manage transactional emails with Site Mailer. High deliverability, logs and statistics, and no SMTP plugins needed.

200K 1 CVE

Developer Profile

Icegram Mailer – Reliable Email Deliverability, No-code SMTP Replacement & Email logs Developer Profile

Icegram

8 plugins · 84K total installs

trust score

Avg Security Score

94/100

Avg Patch Time

571 days

View full developer profile

Detection Fingerprints

How We Detect Icegram Mailer – Reliable Email Deliverability, No-code SMTP Replacement & Email logs

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/icegram-mailer/admin/css/admin.css/wp-content/plugins/icegram-mailer/assets/css/tailwind.css

Script Paths

/wp-content/plugins/icegram-mailer/admin/js/admin.js

Version Parameters

icegram-mailer/admin/css/admin.css?ver=icegram-mailer/assets/css/tailwind.css?ver=icegram-mailer/admin/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

icegram-mailer-dashboard-wrapicegram-mailer-settings-wrap

Data Attributes

data-icegram-mailer-nonce

JS Globals

icegram_mailer_admin_js_data

FAQ