WP-Safety

Mail Queues by PBCI Security & Risk Analysis

wordpress.org/plugins/mail-queues

Queue, Throttle, Send SMTP email through multiple providers. Automatic re-send when non-delivery received.

30 active installs v1.6 PHP + WP 3.0+ Updated Jul 14, 2013
gmailqueuespamthrottleuce
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Mail Queues by PBCI Safe to Use in 2026?

Generally Safe

Score 85/100

Mail Queues by PBCI has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 12yr ago
Risk Assessment

The "mail-queues" v1.6 plugin exhibits a generally good security posture with no known CVEs or critical taint flows. The absence of external HTTP requests and the use of prepared statements for all SQL queries are significant strengths. The plugin also demonstrates an effort towards security by including nonce checks and some output escaping.

However, several concerns warrant attention. The presence of two instances of the `unserialize` function, without clear sanitization controls identified in the static analysis, presents a significant risk. If the data being unserialized originates from an untrusted source, this could lead to remote code execution vulnerabilities. Additionally, the low percentage of properly escaped output (56%) indicates a potential for cross-site scripting (XSS) vulnerabilities, especially given that the plugin has several file operations which could interact with user-supplied data.

The plugin's vulnerability history being clean is a positive indicator, suggesting a history of secure development. However, this does not negate the risks identified in the current code. The overall assessment is that while the plugin has strong foundations, the identified risks associated with `unserialize` and insufficient output escaping require immediate remediation.

Key Concerns

  • Dangerous function: unserialize used
  • Low percentage of properly escaped output
Vulnerabilities
None known

Mail Queues by PBCI Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Mail Queues by PBCI Code Analysis

Dangerous Functions
2
Raw SQL Queries
0
27 prepared
Unescaped Output
40
51 escaped
Nonce Checks
2
Capability Checks
0
File Operations
2
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$headers = unserialize( $row['headers'] );pbci-mail.php:298
unserialize$attachments = unserialize( $row['attachments'] );pbci-mail.php:299

SQL Query Safety

100% prepared27 total queries

Output Escaping

56% escaped91 total outputs
Data Flows
All sanitized

Data Flow Analysis

4 flows
test_messages (pbci-mail.php:1100)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Mail Queues by PBCI Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 3
actioninitpbci-mail.php:1388
actionadmin_initpbci-mail.php:1389
actionadmin_menupbci-mail.php:1390
Maintenance & Trust

Mail Queues by PBCI Maintenance & Trust

Maintenance Signals

WordPress version tested3.5.2
Last updatedJul 14, 2013
PHP min version
Downloads7K

Community Trust

Rating94/100
Number of ratings3
Active installs30
Alternatives

Mail Queues by PBCI Alternatives

Akismet Anti-spam: Spam Protection

Akismet Anti-spam: Spam Protection

akismet

A
99

The best anti-spam protection to block spam comments and spam in a contact form. The most trusted antispam solution for WordPress and WooCommerce.

6.0M 2 CVEs
WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin

WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin

wp-mail-smtp

A
99

Make email delivery easy for WordPress. Connect with SMTP, Gmail, Outlook, SendGrid, Mailgun, SES, Zoho, + more. Rated #1 WordPress SMTP Email plugin.

4.0M 2 CVEs
Disable Comments – Remove Comments & Stop Spam [Multi-Site Support]

Disable Comments – Remove Comments & Stop Spam [Multi-Site Support]

disable-comments

A
99

Allows administrators to globally disable comments on their site. Comments can be disabled according to post type. Multisite friendly.

1.0M 1 CVE
Antispam Bee

Antispam Bee

antispam-bee

A
100

Sophisticated antispam plugin for effective daily comment and trackback spam-fighting. Built with data protection and privacy in mind.

700K 1 CVE
Sucuri Security – Auditing, Malware Scanner and Security Hardening

Sucuri Security – Auditing, Malware Scanner and Security Hardening

sucuri-scanner

A
99

The Sucuri WordPress Security plugin is a security toolset for security integrity monitoring, malware detection and security hardening.

600K 1 CVE
Developer Profile

Mail Queues by PBCI Developer Profile

Jeffrey Schutzman

4 plugins · 1K total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Mail Queues by PBCI

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/mail-queues/js/mail-queues-admin.js/wp-content/plugins/mail-queues/css/mail-queues-admin.css
Script Paths
/wp-content/plugins/mail-queues/js/mail-queues-admin.js
Version Parameters
mail-queues/css/mail-queues-admin.css?ver=mail-queues/js/mail-queues-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
mail-queues-admin-wrappermail-queues-message-status-pendingmail-queues-message-status-sentmail-queues-message-status-errormail-queues-message-status-failed
HTML Comments
<!-- begin mail-queues settings --><!-- end mail-queues settings --><!-- mail-queues: Shortcode content goes here -->
Data Attributes
data-mail-queue-iddata-mail-message-id
JS Globals
mailQueuesAdmin
Shortcode Output
[mail_queues_list][mail_queues_stats]
FAQ

Frequently Asked Questions about Mail Queues by PBCI