WP-Safety

SMTP Mail Control for MailPoet Security & Risk Analysis

wordpress.org/plugins/omppm-override-phpmail-mailpoet

The missing link between MailPoet and your SMTP plugin – for reliable email delivery!

100 active installs v1.2.4 PHP 8.0+ WP 6.5+ Updated Jan 21, 2026
gmail-apimailpoetphpmailersmtpwp_mail
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is SMTP Mail Control for MailPoet Safe to Use in 2026?

Generally Safe

Score 100/100

SMTP Mail Control for MailPoet has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The "omppm-override-phpmail-mailpoet" plugin v1.2.4 exhibits a mixed security posture. While it demonstrates good practices such as using prepared statements for all SQL queries and having no recorded vulnerabilities in its history, several concerning aspects emerge from the static analysis. The plugin exposes a moderate attack surface with 6 AJAX handlers, and critically, 3 of these lack authentication checks. This significantly increases the risk of unauthorized access and manipulation of plugin functionality. Furthermore, the low percentage of properly escaped output (11%) suggests a high likelihood of cross-site scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into the user interface. The absence of critical or high-severity taint flows is a positive sign, indicating that direct data manipulation risks are not immediately apparent. However, the combination of unprotected AJAX endpoints and poor output escaping presents a clear and present danger that requires immediate attention.

Key Concerns

  • Unprotected AJAX handlers
  • Low output escaping percentage
Vulnerabilities
None known

SMTP Mail Control for MailPoet Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

SMTP Mail Control for MailPoet Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
8
1 escaped
Nonce Checks
3
Capability Checks
3
File Operations
1
External Requests
0
Bundled Libraries
0

Output Escaping

11% escaped9 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
ajax_toggle_debug (includes\class-omppm-admin.php:489)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

SMTP Mail Control for MailPoet Attack Surface

Entry Points6
Unprotected3

AJAX Handlers 6

authwp_ajax_omppm_toggle_debugincludes\class-omppm-admin.php:51
authwp_ajax_omppm_clear_logsincludes\class-omppm-admin.php:52
authwp_ajax_omppm_send_test_emailincludes\class-omppm-admin.php:53
authwp_ajax_omppm_toggle_debugincludes\class-omppm-admin.php:59
authwp_ajax_omppm_clear_logsincludes\class-omppm-admin.php:60
authwp_ajax_omppm_send_test_emailincludes\class-omppm-admin.php:61
WordPress Hooks 8
actionadmin_menuincludes\class-omppm-admin.php:48
actionadmin_initincludes\class-omppm-admin.php:49
actionadmin_enqueue_scriptsincludes\class-omppm-admin.php:50
actionadmin_menuincludes\class-omppm-admin.php:56
actionadmin_initincludes\class-omppm-admin.php:57
actionadmin_enqueue_scriptsincludes\class-omppm-admin.php:58
actionadmin_noticesomppm-override-phpmail-mailpoet.php:26
actionplugins_loadedomppm-override-phpmail-mailpoet.php:106
Maintenance & Trust

SMTP Mail Control for MailPoet Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 21, 2026
PHP min version8.0
Downloads2K

Community Trust

Rating100/100
Number of ratings3
Active installs100
Alternatives

SMTP Mail Control for MailPoet Alternatives

WPO365 | MICROSOFT 365 GRAPH MAILER

WPO365 | MICROSOFT 365 GRAPH MAILER

wpo365-msgraphmailer

A
99

Send WordPress emails from a M365 / Exchange Online Mailbox using Microsoft Graph, leveraging OAuth for authentication which is more secure than SMTP

10K 1 CVE
WP SMTP Mailer – SMTP7

WP SMTP Mailer – SMTP7

wp-mail-smtp-mailer

A
100

WP SMTP Mailer Plugin - SMTP7. Make email delivery easy from WordPress. It is easy to configure.

9K No CVEs
MailerSend – Official SMTP Integration

MailerSend – Official SMTP Integration

mailersend-official-smtp-integration

A
100

Improve your deliverability and avoid the spam box with MailerSend’s SMTP server. Check your analytics to improve your emails for better conversion!

2K No CVEs
Simple SMTP by Maileroo

Simple SMTP by Maileroo

simple-smtp-by-maileroo

A
100

Ensure seamless WordPress email delivery with our all-in-one SMTP plugin, compatible with Gmail, Outlook, Maileroo, SendGrid, Mailgun, and more!

700 No CVEs
WP Mail SMTP SendGrid Edition

WP Mail SMTP SendGrid Edition

wp-mail-smtp-sendgrid-edition

A
92

Based on WP Mail SMTP. Also adds subject for display on SendGrid Activity Screen.

500 No CVEs
Developer Profile

SMTP Mail Control for MailPoet Developer Profile

Saskia Teichmann

5 plugins · 300 total installs

93
trust score
Avg Security Score
98/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect SMTP Mail Control for MailPoet

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/omppm-override-phpmail-mailpoet/assets/css/omppm-admin.css/wp-content/plugins/omppm-override-phpmail-mailpoet/assets/js/omppm-admin.js
Script Paths
/wp-content/plugins/omppm-override-phpmail-mailpoet/assets/js/omppm-admin.js
Version Parameters
omppm-override-phpmail-mailpoet/assets/css/omppm-admin.css?ver=omppm-override-phpmail-mailpoet/assets/js/omppm-admin.js?ver=

HTML / DOM Fingerprints

HTML Comments
<!-- SMTP Mail Control for MailPoet --><!-- This is the working approach from version 1.0.4 --><!-- Recursion protection flag --><!-- Prevents infinite loops when wp_mail() triggers MailPoet again -->+2 more
FAQ

Frequently Asked Questions about SMTP Mail Control for MailPoet