Does Mail Cloak have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Mail Cloak compatible with WordPress 6.8.5?

According to WordPress.org data, Mail Cloak 1.3.2 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Mail Cloak compatible with PHP 7.2+?

Mail Cloak requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Mail Cloak updated?

Mail Cloak was last updated on May 28, 2025. Frequent updates are generally a positive security signal.

What is Mail Cloak's security score?

Mail Cloak has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Mail Cloak Security & Risk Analysis

wordpress.org/plugins/mail-cloak

Advanced email protection with intelligent bot detection and automated security monitoring for WordPress websites.

40 active installs v1.3.2 PHP 7.2+ WP 5.0+ Updated May 28, 2025

anti-spambot-detectionemail-cloakingemail-securityspam-protection

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Mail Cloak Safe to Use in 2026?

Generally Safe

Score 100/100

Mail Cloak has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11mo ago

Risk Assessment

The 'mail-cloak' plugin v1.3.2 demonstrates a strong security posture based on the provided static analysis. It correctly utilizes nonces and capability checks for all identified entry points, which are limited to two AJAX handlers. The absence of SQL injection vulnerabilities, with all queries employing prepared statements, and the 100% rate of proper output escaping are significant strengths. Furthermore, the plugin has no recorded vulnerability history, indicating a consistent focus on security by the developers.

While the attack surface is minimal and well-protected, the lack of taint analysis flows is notable. This could mean that the static analysis tool did not find any data flows to analyze, or that such flows exist but were not flagged as problematic by the tool's heuristics. However, given the other strong security signals (no dangerous functions, no file operations, no external HTTP requests), the absence of taint flow issues is likely a positive indicator. Overall, 'mail-cloak' v1.3.2 appears to be a secure plugin with robust defenses against common web vulnerabilities.

Vulnerabilities

None known

Mail Cloak Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Mail Cloak Release Timeline

v1.3.2Current

v1.3.1

v1.1.1

v1.1.0

Code Analysis

Analyzed Apr 16, 2026

Mail Cloak Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

102 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped102 total outputs

Attack Surface

Mail Cloak Attack Surface

Entry Points2

Unprotected0

AJAX Handlers 2

authwp_ajax_increment_honeypot_triggersmail-cloak.php:786

noprivwp_ajax_increment_honeypot_triggersmail-cloak.php:787

WordPress Hooks 27

actioninitmail-cloak.php:96

actionwp_enqueue_scriptsmail-cloak.php:107

filterthe_contentmail-cloak.php:112

filterwidget_textmail-cloak.php:113

filterwidget_text_contentmail-cloak.php:114

filterwidget_custom_html_contentmail-cloak.php:115

filterwp_nav_menu_itemsmail-cloak.php:116

filterthe_excerptmail-cloak.php:117

filtercomment_textmail-cloak.php:118

filterwidget_block_contentmail-cloak.php:119

filterthe_titlemail-cloak.php:120

filtertheme_mod_custom_htmlmail-cloak.php:123

filterthe_metamail-cloak.php:124

filterelementor/frontend/the_contentmail-cloak.php:128

filterelementor/widget/render_contentmail-cloak.php:129

filteret_builder_render_layoutmail-cloak.php:132

filterfl_builder_render_contentmail-cloak.php:135

filtervc_shortcode_outputmail-cloak.php:138

filterrender_blockmail-cloak.php:141

filteroxygen_after_shortcode_execmail-cloak.php:144

filterbrizy_contentmail-cloak.php:147

actiontemplate_redirectmail-cloak.php:150

actionadmin_menumail-cloak.php:154

actionadmin_initmail-cloak.php:155

actionadmin_enqueue_scriptsmail-cloak.php:156

actionadmin_footermail-cloak.php:157

actioninitmail-cloak.php:163

Maintenance & Trust

Mail Cloak Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedMay 28, 2025

PHP min version7.2

Downloads620

Community Trust

Rating0/100

Number of ratings0

Active installs40

Alternatives

Mail Cloak Alternatives

Antispam Bee

antispam-bee

100

Sophisticated antispam plugin for effective daily comment and trackback spam-fighting. Built with data protection and privacy in mind.

700K 1 CVE

CF7 Apps – Honeypot, Database, Redirection, Webhook, and Addons for Contact Form 7

contact-form-7-honeypot

100

Addons for Contact Form 7 — Honeypot, Database Entries, Redirection, Spam Protection, Webhooks, ACF integration for Contact Form 7, and more.

300K No CVEs

WP Armour – Honeypot Anti Spam

honeypot

Fastest growing Anti Spam plugin. No API calls, subscriptions, captcha or puzzle. Full GDPR complaint. For comments, contact form, login, registration

300K 2 CVEs

Stop Spammers Classic

stop-spammer-registrations-plugin

A simplified, restored, and preserved version of the original Stop Spammers plugin.

30K 8 CVEs

Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant

gdpr-compliant-recaptcha-for-all-forms

Anti-spam - CAPTCHA that protects all forms against spam and brute-force. Invisible and GDPR-compliant.

4K 1 CVE

Developer Profile

Mail Cloak Developer Profile

Rizonepress

1 plugin · 40 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Mail Cloak

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/mail-cloak/assets/js/mail-cloak.js

Script Paths