Does Magic API Email have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Magic API Email compatible with WordPress 6.9.4?

According to WordPress.org data, Magic API Email 1.1.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Magic API Email compatible with PHP 8.0+?

Magic API Email requires PHP 8.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Magic API Email updated?

Magic API Email was last updated on Mar 27, 2026. Frequent updates are generally a positive security signal.

What is Magic API Email's security score?

Magic API Email has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Magic API Email Security & Risk Analysis

wordpress.org/plugins/magic-api-email

Send WordPress emails through a transactional API provider: Resend, Mailgun, Postmark, or Mailtrap. No SMTP needed.

0 active installs v1.1.0 PHP 8.0+ WP 6.0+ Updated Mar 27, 2026

emailmailgunpostmarkresendsmtp

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Magic API Email Safe to Use in 2026?

Generally Safe

Score 100/100

Magic API Email has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The "magic-api-email" plugin version 1.1.0 demonstrates a strong security posture based on the provided static analysis. The plugin has a minimal attack surface with only one AJAX handler, and importantly, this entry point is protected by security checks, indicated by 0 unprotected entry points. The code follows best practices by exclusively using prepared statements for all SQL queries and properly escaping all output. Furthermore, there are no file operations or critical taint analysis findings, suggesting that user input is not being handled in ways that could lead to common web vulnerabilities like directory traversal or SQL injection.

Key Concerns

One AJAX handler is present
5 external HTTP requests

Vulnerabilities

None known

Magic API Email Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Magic API Email Release Timeline

v1.1.0Current

v1.0.12

v1.0.11

v1.0.10

v1.0.9

v1.0.8

Code Analysis

Analyzed Apr 16, 2026

Magic API Email Code Analysis

Dangerous Functions

Raw SQL Queries

9 prepared

Unescaped Output

102 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared9 total queries

Output Escaping

100% escaped102 total outputs

Attack Surface

Magic API Email Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_magic_api_send_test_emailincludes/class-magic-api-email-test.php:21

WordPress Hooks 5

actionadmin_initincludes/class-magic-api-email-logger.php:33

filterpre_wp_mailincludes/class-magic-api-email-sender.php:40

actionadmin_menuincludes/class-magic-api-email-settings.php:44

actionadmin_initincludes/class-magic-api-email-settings.php:45

actionadmin_enqueue_scriptsincludes/class-magic-api-email-settings.php:46

Maintenance & Trust

Magic API Email Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 27, 2026

PHP min version8.0

Downloads396

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Magic API Email Alternatives

ActiveCampaign Postmark for WordPress

postmark-approved-wordpress-plugin

The officially-supported ActiveCampaign Postmark plugin for Wordpress.

50K No CVEs

Send Emails with Resend

send-emails-with-resend

100

Resend for WordPress integrates the Resend.com API, replacing PHPMailer to ensure reliable email delivery through Resend.com's robust service.

500 No CVEs

PostmarkApp Email Integrator

postmarkapp-email-integrator

Enables your WordPress site to send emails via PostMarkApp API.

60 1 unpatched

Surbma | SMTP

surbma-smtp

External SMTP mail configuration via global variables in wp-config.php.

20 No CVEs

Block All Emails

block-all-emails

Prevents all outgoing emails from your WordPress site, ideal for staging environments.

10 No CVEs

Developer Profile

Magic API Email Developer Profile

MagicWP.io

1 plugin · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Magic API Email

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/magic-api-email/assets/css/admin.css

Version Parameters

magic-api-email/assets/css/admin.css?ver=

HTML / DOM Fingerprints

Data Attributes

data-settingdata-provider

FAQ