WP-Safety

Mesh SMTP Security & Risk Analysis

wordpress.org/plugins/mesh-smtp

A lightweight, secure SMTP plugin for WordPress with provider presets, test email support, and a clean admin experience.

0 active installs v1.2.4 PHP 7.4+ WP 6.0+ Updated Unknown
deliverabilityemailmailersmtpwp-mail
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Mesh SMTP Safe to Use in 2026?

Generally Safe

Score 100/100

Mesh SMTP has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The mesh-smtp v1.2.4 plugin exhibits a generally good security posture, with no known vulnerabilities in its history and a strong adherence to secure coding practices. The static analysis reveals a small attack surface, with all identified entry points protected by authentication checks. The plugin also demonstrates good use of prepared statements for SQL queries and includes nonce and capability checks, further bolstering its security.

However, a notable concern arises from the output escaping analysis, where only 68% of outputs are properly escaped. This leaves a significant portion of the plugin's output potentially vulnerable to Cross-Site Scripting (XSS) attacks if user-supplied data is not sufficiently sanitized before being rendered in the browser. While taint analysis found no unsanitized flows, the incomplete output escaping remains a potential avenue for attack, especially if combined with other subtle vulnerabilities or misconfigurations.

Given the absence of past vulnerabilities and the presence of many security best practices, the plugin is considered relatively safe. The primary area for improvement is the consistent and robust escaping of all output. Addressing this would significantly enhance the plugin's overall security and mitigate the risk of XSS vulnerabilities.

Key Concerns

  • Output escaping only 68% proper
Vulnerabilities
None known

Mesh SMTP Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Mesh SMTP Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
35
74 escaped
Nonce Checks
2
Capability Checks
3
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared2 total queries

Output Escaping

68% escaped109 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
meshsmtp_handle_test_email (admin\settings-page.php:325)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Mesh SMTP Attack Surface

Entry Points1
Unprotected0

AJAX Handlers 1

authwp_ajax_meshsmtp_detect_provider_hintadmin\settings-page.php:12
WordPress Hooks 7
actionadmin_menuadmin\settings-page.php:7
actionadmin_initadmin\settings-page.php:8
actionadmin_enqueue_scriptsadmin\settings-page.php:9
actionadmin_post_meshsmtp_send_test_emailadmin\settings-page.php:10
actionwp_mail_failedadmin\settings-page.php:11
actionadmin_initmesh-smtp.php:36
actionphpmailer_initmesh-smtp.php:136
Maintenance & Trust

Mesh SMTP Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedUnknown
PHP min version7.4
Downloads108

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Mesh SMTP Alternatives

SMTP Connector – Free & Lightweight SMTP Plugin for WordPress

SMTP Connector – Free & Lightweight SMTP Plugin for WordPress

smtp-connector

A
100

Easily configure custom SMTP settings for your WordPress site with SMTP Connector.

20 No CVEs
WP Mail Logging

WP Mail Logging

wp-mail-logging

A
89

Log, view, and resend all emails sent from your WordPress site. Great for resolving email sending issues or keeping a copy for auditing.

300K 6 CVEs
SMTP Mailer

SMTP Mailer

smtp-mailer

A
97

Configure a SMTP server to send email from your WordPress site. Configure the wp_mail() function to use SMTP instead of the PHP mail() function.

70K 1 CVE
WPO365 | MICROSOFT 365 GRAPH MAILER

WPO365 | MICROSOFT 365 GRAPH MAILER

wpo365-msgraphmailer

A
99

Send WordPress emails from a M365 / Exchange Online Mailbox using Microsoft Graph, leveraging OAuth for authentication which is more secure than SMTP

10K 1 CVE
YaySMTP and Email Logs: Amazon SES, SendGrid, Outlook, Mailgun, Brevo, Google and Any SMTP Service

YaySMTP and Email Logs: Amazon SES, SendGrid, Outlook, Mailgun, Brevo, Google and Any SMTP Service

yaysmtp

A
90

Send WordPress emails successfully with WP Mail SMTP via your favorite mailer

10K 8 CVEs
Developer Profile

Mesh SMTP Developer Profile

Mesh Creation

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Mesh SMTP

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/mesh-smtp/admin/css/style.css/wp-content/plugins/mesh-smtp/admin/js/script.js
Script Paths
/wp-content/plugins/mesh-smtp/admin/js/script.js
Version Parameters
mesh-smtp/admin/css/style.css?ver=mesh-smtp/admin/js/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
meshsmtp-settings-wrapmeshsmtp-admin-noticemeshsmtp-logomeshsmtp-section-titlemeshsmtp-form-fieldmeshsmtp-button
Data Attributes
data-meshsmtp-provider-selector
JS Globals
meshsmtp_ajax_object
REST Endpoints
/wp-json/meshsmtp/v1/detect-provider-hint
FAQ

Frequently Asked Questions about Mesh SMTP