WP-Safety

NutsForPress SMTP Mail Security & Risk Analysis

wordpress.org/plugins/nutsforpress-smtp-mail

NutsForPress SMTP Mail is a simple and lightweight plugin that prevents emails sent by your website to be marked as spam from the recipient servers.

100 active installs v1.6 PHP 7.0.0+ WP 5.3+ Updated Dec 28, 2025
emailmailnutsforpresssmtpspam
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is NutsForPress SMTP Mail Safe to Use in 2026?

Generally Safe

Score 100/100

NutsForPress SMTP Mail has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago
Risk Assessment

The "nutsforpress-smtp-mail" v1.6 plugin exhibits a generally strong security posture, with excellent practices in SQL query handling and output escaping. The complete absence of known CVEs and vulnerability history further reinforces this positive outlook. However, the plugin presents a notable risk due to two unprotected AJAX handlers. These entry points could potentially be exploited if they handle user-supplied data without proper authorization checks, even though the static analysis did not identify any critical or high-severity taint flows.

While the plugin demonstrates good coding hygiene in many areas, the presence of unprotected AJAX endpoints is a significant concern. The lack of explicit capability checks or nonce verification on these handlers means that any unauthenticated user could potentially trigger their functionality. The absence of recorded vulnerabilities historically is a strength, but it should not negate the need to secure all attack surfaces. Therefore, while the plugin has strengths, the unprotected AJAX handlers represent a clear weakness that requires immediate attention.

Key Concerns

  • Unprotected AJAX handlers
Vulnerabilities
None known

NutsForPress SMTP Mail Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

NutsForPress SMTP Mail Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
2
152 escaped
Nonce Checks
2
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

99% escaped154 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
nfproot_save_settings (root\nfproot-save-settings.php:71)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

NutsForPress SMTP Mail Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_nfproot_save_settingsnuts-for-press-smtp-mail.php:35
authwp_ajax_nfpsmt_mail_testnuts-for-press-smtp-mail.php:83
WordPress Hooks 6
actionadmin_menunuts-for-press-smtp-mail.php:31
actionplugins_loadednuts-for-press-smtp-mail.php:39
actionadmin_enqueue_scriptsnuts-for-press-smtp-mail.php:43
actionadmin_enqueue_scriptsnuts-for-press-smtp-mail.php:65
actionadmin_menunuts-for-press-smtp-mail.php:72
actionphpmailer_initnuts-for-press-smtp-mail.php:79
Maintenance & Trust

NutsForPress SMTP Mail Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 28, 2025
PHP min version7.0.0
Downloads3K

Community Trust

Rating0/100
Number of ratings0
Active installs100
Alternatives

NutsForPress SMTP Mail Alternatives

WP Mail Logging

WP Mail Logging

wp-mail-logging

A
89

Log, view, and resend all emails sent from your WordPress site. Great for resolving email sending issues or keeping a copy for auditing.

300K 6 CVEs
Xmail – The Right Way

Xmail – The Right Way

xmail-the-right-way

A
100

Replaces wp_mail and sends email the right way so it does not get flagged as SPAM.

10 No CVEs
WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin

WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin

wp-mail-smtp

A
99

Make email delivery easy for WordPress. Connect with SMTP, Gmail, Outlook, SendGrid, Mailgun, SES, Zoho, + more. Rated #1 WordPress SMTP Email plugin.

4.0M 2 CVEs
Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more

Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more

easy-wp-smtp

A
91

Make SMTP email sending and delivery easy. Configure Gmail, Outlook, Brevo, SendGrid, Mailgun, SendLayer or connect to any SMTP server.

500K 8 CVEs
Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App

Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App

post-smtp

B
76

Improve WordPress email deliverability. Connect Gmail SMTP, Microsoft 365, Brevo, SendGrid, Mailgun, Zoho, Amazon SES, etc. #1 WordPress SMTP Plugin.

400K 23 CVEs
Developer Profile

NutsForPress SMTP Mail Developer Profile

Christian Gatti

9 plugins · 460 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect NutsForPress SMTP Mail

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/nutsforpress-smtp-mail/root/css/nfproot-style.css/wp-content/plugins/nutsforpress-smtp-mail/root/js/nfproot-script.js/wp-content/plugins/nutsforpress-smtp-mail/root/js/nfproot-save-settings.js/wp-content/plugins/nutsforpress-smtp-mail/admin/includes/js/nfpsmt-mail-test.js

HTML / DOM Fingerprints

JS Globals
nfpsmt_mail_test_objectnfproot_save_settings_object
FAQ

Frequently Asked Questions about NutsForPress SMTP Mail