Does Just SMTP have any unpatched vulnerabilities?

No. All known vulnerabilities in Just SMTP have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Just SMTP compatible with WordPress 6.9.4?

According to WordPress.org data, Just SMTP 1.0.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Just SMTP compatible with PHP 7.4+?

Just SMTP requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Just SMTP updated?

Just SMTP was last updated on Jan 24, 2026. Frequent updates are generally a positive security signal.

What is Just SMTP's security score?

Just SMTP has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Just SMTP Security & Risk Analysis

wordpress.org/plugins/just-smtp

Set up mail delivery via SMTP.

40 active installs v1.0.1 PHP 7.4+ WP 6.4+ Updated Jan 24, 2026

deliveremailmailsendingsmtp

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Just SMTP Safe to Use in 2026?

Generally Safe

Score 100/100

Just SMTP has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

Based on the provided static analysis and vulnerability history, the 'just-smtp' plugin version 1.0.1 exhibits a strong security posture. The absence of any identified vulnerabilities in its history, coupled with code signals indicating good practices such as 100% use of prepared statements for SQL queries and 95% proper output escaping, suggests a well-developed and security-conscious plugin. The minimal attack surface is also a positive indicator, with no AJAX handlers, REST API routes, shortcodes, or cron events exposed without checks.

However, a notable concern arises from the complete lack of nonce checks and the sole capability check. While there are no direct indications of critical security flaws from the taint analysis or dangerous function usage, the reliance on only one capability check for all operations and the absence of nonces on potential entry points (even if currently zero) leaves room for potential privilege escalation or unauthorized actions if the attack surface were to expand in future versions or if the single capability check is not robust enough for all potential administrative functions.

In conclusion, 'just-smtp' v1.0.1 appears to be a secure plugin with a clean history and good coding practices in place for data handling and output. The primary area for potential improvement lies in strengthening authentication and authorization mechanisms, particularly by implementing nonce checks on any future AJAX or similar actions, and ensuring the existing capability check is comprehensive. The current lack of historical vulnerabilities is a significant strength.

Key Concerns

No nonce checks found
Only one capability check found

Vulnerabilities

None known

Just SMTP Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Just SMTP Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

74 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

95% escaped78 total outputs

Attack Surface

Just SMTP Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 10

actioninitincludes\class-jsmtp-admin.php:17

actionadmin_noticesincludes\class-jsmtp-admin.php:18

actionpre_update_optionincludes\class-jsmtp-admin.php:19

actionpre_update_optionincludes\class-jsmtp-admin.php:20

actionadmin_menuincludes\class-jsmtp-admin.php:35

actionphpmailer_initincludes\class-jsmtp-admin.php:193

filterplugin_action_linksincludes\class-jsmtp-admin.php:217

actionphpmailer_initincludes\class-jsmtp-mailer.php:17

actioninitincludes\class-jsmtp-settings.php:23

actionadmin_initincludes\class-jsmtp-settings.php:26

Maintenance & Trust

Just SMTP Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 24, 2026

PHP min version7.4

Downloads498

Community Trust

Rating0/100

Number of ratings0

Active installs40

Alternatives

Just SMTP Alternatives

Icegram Mailer – Reliable Email Deliverability, No-code SMTP Replacement & Email logs

icegram-mailer

100

Send free email from your site in a minute. Do not need any complex setup of SMTP or API's

1K No CVEs

WP Mail Logging

wp-mail-logging

Log, view, and resend all emails sent from your WordPress site. Great for resolving email sending issues or keeping a copy for auditing.

300K 6 CVEs

SMTP2GO for WordPress – Email Made Easy

smtp2go

Resolve email delivery issues, increase inbox placement, track sent email, get 24/7 support, and real-time reporting.

30K 2 CVEs

WP Offload SES Lite

wp-ses

100

Fix your email delivery problems by sending your WordPress emails through Amazon SES's powerful email sending infrastructure.

10K 1 CVE

SmartSMTP

smart-smtp

100

Reliable Email Delivery with SmartSMTP

2K No CVEs

Developer Profile

Just SMTP Developer Profile

christophrado

3 plugins · 6K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

72 days

View full developer profile

Detection Fingerprints

How We Detect Just SMTP

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/just-smtp/assets/css/admin.css/wp-content/plugins/just-smtp/assets/js/admin.js

Script Paths

/wp-content/plugins/just-smtp/assets/js/admin.js

Version Parameters

just-smtp/assets/css/admin.css?ver=just-smtp/assets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

jsmtp-admin-wrap

Data Attributes

data-jsmtp-settings

JS Globals

JustSMTPAdmin

FAQ