WP-Safety

MailNiaga SMTP Security & Risk Analysis

wordpress.org/plugins/mailniaga-smtp

Streamline your WordPress email delivery with Mail Niaga SMTP & API integration. Boost email deliverability, manage email queues, and track email …

10 active installs v2.2.3 PHP 7.4+ WP 5.6+ Updated Mar 1, 2026
apiemailmailniagasmtpwp_mail
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is MailNiaga SMTP Safe to Use in 2026?

Generally Safe

Score 100/100

MailNiaga SMTP has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The mailniaga-smtp plugin exhibits a mixed security posture. While it has a clean vulnerability history with no recorded CVEs, indicating a generally well-maintained codebase, the static analysis reveals several areas of concern. A significant number of taint analysis flows (5 out of 9) were found to have unsanitized paths, with 5 of those being of high severity. This suggests potential vulnerabilities where user-supplied data could be misused. Furthermore, the presence of one unprotected AJAX handler significantly expands the attack surface without proper authorization checks. The use of the `unserialize` function is also a red flag, as it can lead to remote code execution if not handled with extreme care and proper input validation.

Despite these concerns, the plugin does show some good security practices. The majority of SQL queries utilize prepared statements, and a substantial portion of output is properly escaped, reducing the risk of cross-site scripting (XSS) vulnerabilities. The presence of nonce checks and capability checks on some entry points is also a positive sign. However, the combination of high-severity unsanitized taint flows and an unprotected AJAX handler presents a notable risk that could outweigh the positive aspects. A thorough review of the specific high-severity taint flows and the unprotected AJAX handler is strongly recommended to mitigate potential exploits.

Key Concerns

  • High severity unsanitized taint flows
  • Unprotected AJAX handler
  • Use of unserialize function
  • Taint flows with unsanitized paths (high severity)
Vulnerabilities
None known

MailNiaga SMTP Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

MailNiaga SMTP Code Analysis

Dangerous Functions
1
Raw SQL Queries
7
27 prepared
Unescaped Output
42
108 escaped
Nonce Checks
5
Capability Checks
3
File Operations
0
External Requests
2
Bundled Libraries
1

Dangerous Functions Found

unserialize$headers = unserialize($email->headers);includes\src\MailniagaEmailSender.php:198

Bundled Libraries

Guzzle

SQL Query Safety

79% prepared34 total queries

Output Escaping

72% escaped150 total outputs
Data Flows
6 unsanitized

Data Flow Analysis

9 flows6 with unsanitized paths
render_log_page (includes\src\MailniagaEmailLog.php:68)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

MailNiaga SMTP Attack Surface

Entry Points3
Unprotected1

AJAX Handlers 3

authwp_ajax_mailniaga_get_email_detailsincludes\src\MailniagaConnector.php:58
authwp_ajax_generate_mailniaga_webhookincludes\src\MailniagaSettings.php:10
authwp_ajax_verify_mailniaga_apiincludes\src\MailniagaSettings.php:21
WordPress Hooks 30
filtercron_schedulesincludes\src\MailniagaActionSchedulerCleaner.php:20
actioninitincludes\src\MailniagaCheckBalance.php:13
actioninitincludes\src\MailniagaCheckBalance.php:14
actionmailniaga_check_balance_hookincludes\src\MailniagaCheckBalance.php:15
filtercron_schedulesincludes\src\MailniagaCheckBalance.php:19
actioninitincludes\src\MailniagaConnector.php:42
actionadmin_post_mailniaga_send_test_emailincludes\src\MailniagaConnector.php:54
actionadmin_noticesincludes\src\MailniagaConnector.php:55
actionadmin_menuincludes\src\MailniagaEmailLog.php:10
actionadmin_enqueue_scriptsincludes\src\MailniagaEmailLog.php:11
actionadmin_post_mailniaga_bulk_actionincludes\src\MailniagaEmailLog.php:12
actionmailniaga_clean_email_logsincludes\src\MailniagaEmailLogCleaner.php:10
filterpre_wp_mailincludes\src\MailniagaEmailSender.php:31
actioninitincludes\src\MailniagaEmailSender.php:32
actionmailniaga_process_queueincludes\src\MailniagaEmailSender.php:33
actionmailniaga_retry_failedincludes\src\MailniagaEmailSender.php:34
actionadmin_menuincludes\src\MailniagaFailedDeliveriesLog.php:9
actionadmin_enqueue_scriptsincludes\src\MailniagaFailedDeliveriesLog.php:10
actioninitincludes\src\MailniagaRecoveryManager.php:7
actionmailniaga_recover_staleincludes\src\MailniagaRecoveryManager.php:8
actionadmin_bar_menuincludes\src\MailniagaSettings.php:11
actionadmin_headincludes\src\MailniagaSettings.php:12
actionadmin_headincludes\src\MailniagaSettings.php:13
actionadmin_menuincludes\src\MailniagaSettings.php:17
actionadmin_initincludes\src\MailniagaSettings.php:18
actionadmin_enqueue_scriptsincludes\src\MailniagaSettings.php:19
actionmailniaga_unsubscribe_cronincludes\src\MailniagaUnsubscribeFunnelKit.php:13
actioninitincludes\src\WebhookHandler.php:10
actionplugins_loadedmailniaga-smtp.php:49
actionplugins_loadedmailniaga-smtp.php:63

Scheduled Events 3

mailniaga_check_balance_hook
mailniaga_clean_email_logs
mailniaga_unsubscribe_cron
Maintenance & Trust

MailNiaga SMTP Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedMar 1, 2026
PHP min version7.4
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

MailNiaga SMTP Alternatives

Email Override for SendGrid

Email Override for SendGrid

email-override-for-sendgrid

A
100

Replaces WordPress wp_mail() with SendGrid's API. Adds a settings page to manage API key, sender info, and test email functionality.

0 No CVEs
Email Override for Mailgun

Email Override for Mailgun

email-override-mailgun

A
100

Replaces WordPress wp_mail() with MailGun's API. Adds a settings page to manage API key, sender info, and test email functionality.

0 No CVEs
Site Mailer – SMTP Replacement, Email API Deliverability & Email Log

Site Mailer – SMTP Replacement, Email API Deliverability & Email Log

site-mailer

A
98

Effortlessly manage transactional emails with Site Mailer. High deliverability, logs and statistics, and no SMTP plugins needed.

200K 1 CVE
ActiveCampaign Postmark for WordPress

ActiveCampaign Postmark for WordPress

postmark-approved-wordpress-plugin

A
92

The officially-supported ActiveCampaign Postmark plugin for Wordpress.

50K No CVEs
SMTP2GO for WordPress – Email Made Easy

SMTP2GO for WordPress – Email Made Easy

smtp2go

A
98

Resolve email delivery issues, increase inbox placement, track sent email, get 24/7 support, and real-time reporting.

30K 2 CVEs
Developer Profile

MailNiaga SMTP Developer Profile

Web Impian

5 plugins · 840 total installs

87
trust score
Avg Security Score
98/100
Avg Patch Time
31 days
View full developer profile
Detection Fingerprints

How We Detect MailNiaga SMTP

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/mailniaga-smtp/includes/src/assets/js/email-log.js/wp-content/plugins/mailniaga-smtp/includes/src/assets/css/email-log.css
Script Paths
/wp-content/plugins/mailniaga-smtp/includes/src/assets/js/email-log.js
Version Parameters
mailniaga-smtp/includes/src/assets/js/email-log.js?ver=mailniaga-smtp/includes/src/assets/css/email-log.css?ver=

HTML / DOM Fingerprints

Data Attributes
data-nonce="mailniaga_email_details"
JS Globals
mailniagaEmailLog
FAQ

Frequently Asked Questions about MailNiaga SMTP