Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App Security & Risk Analysis

Improve WordPress email deliverability. Connect Gmail SMTP, Microsoft 365, Brevo, SendGrid, Mailgun, Zoho, Amazon SES, etc. #1 WordPress SMTP Plugin.

400K active installs v3.9.1 PHP 7.0+ WP 5.6.0+ Updated Apr 1, 2026

emailemail-logsgmail-smtpoffice-365smtp

B · Generally Safe

CVEs total23

Unpatched0

Last CVEMar 17, 2026

Plugin page Download

Safety Verdict

Is Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App Safe to Use in 2026?

Mostly Safe

Score 76/100

Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App is generally safe to use. 23 past CVEs were resolved.

23 known CVEsLast CVE: Mar 17, 2026Updated 1mo ago

Risk Assessment

The post-smtp plugin v3.9.1 exhibits a concerning security posture, despite some positive indications. The presence of 13 unprotected entry points across AJAX handlers and REST API routes is a significant concern, potentially exposing sensitive functionalities to unauthorized access. Furthermore, the static analysis reveals a substantial number of dangerous functions, including `unserialize`, `assert`, and `exec`, which, if not handled with extreme care, can lead to severe vulnerabilities. The taint analysis highlights two critical severity flows with unsanitized paths, indicating direct risks of code execution or data compromise.

The plugin's vulnerability history is particularly alarming, with 23 known CVEs, including 2 critical and 9 high-severity issues. The prevalence of vulnerabilities like Missing Authorization, SQL Injection, XSS, Authorization Bypass, CSRF, and SSRF points to recurring systemic security flaws. While the most recent vulnerability was in 2026 (which appears to be a future date and might be a data entry error, but assuming it represents recent activity), the sheer volume and types of past vulnerabilities suggest a pattern of insecure coding practices that have not been fully remediated. The use of bundled libraries like TCPDF and PHPMailer, while common, also presents a risk if these libraries are outdated and contain known vulnerabilities themselves.

In conclusion, while the plugin demonstrates some good practices such as a high percentage of SQL prepared statements and proper output escaping, these are overshadowed by critical weaknesses. The significant attack surface without proper authentication, the presence of dangerous functions, critical taint flows, and a substantial history of severe vulnerabilities collectively paint a picture of a plugin that requires immediate and thorough security review and remediation. Users should be advised of the elevated risks associated with this version.

Key Concerns

Unprotected AJAX handlers and REST API routes
Critical severity taint flows with unsanitized paths
High number of known CVEs (23 total)
Critical severity CVEs in history (2 critical)
High severity CVEs in history (9 high)
Presence of dangerous functions (unserialize, assert, exec)
Bundled libraries (TCPDF, PHPMailer) potentially outdated

Vulnerabilities

23 published

Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App Security Vulnerabilities

CVEs by Year

1 CVE in 2021

2021

2 CVEs in 2022

2022

6 CVEs in 2023

2023

5 CVEs in 2024

2024

7 CVEs in 2025

2025

2 CVEs in 2026

2026

Patched Has unpatched

Severity Breakdown

Critical

High

Medium

23 total CVEs

CVE-2026-2559medium · 5.3Missing Authorization

Post SMTP <= 3.8.0 - Missing Authorization to Authenticated (Subscriber+) Office 365 OAuth Configuration Overwrite

Mar 17, 2026 Patched in 3.9.0 (2d)

CVE-2026-3090high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Post SMTP <= 3.8.0 - Unauthenticated Stored Cross-Site Scripting via 'event_type'

Mar 17, 2026 Patched in 3.9.0 (2d)

CVE-2025-12887medium · 5.4Missing Authorization

Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App <= 3.6.1 - Missing Authorization to Authenticated (Subscriber+) OAuth Token Update

Dec 3, 2025 Patched in 3.6.2 (9d)

CVE-2025-11833critical · 9.8Missing Authorization

Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App <= 3.6.0 - Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure

Oct 31, 2025 Patched in 3.6.1 (1d)

CVE-2025-9219medium · 4.3Missing Authorization

Post SMTP <= 3.4.1 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Option Update

Sep 2, 2025 Patched in 3.4.2 (1d)

CVE-2025-24000high · 8.8Missing Authorization

Post SMTP <= 3.2.0 - Missing Authorization to Authenticated (Subscriber+) Account Takeover via Email Log Exposure

Jul 21, 2025 Patched in 3.3.0 (4d)

CVE-2024-13844medium · 4.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Post SMTP <= 3.1.2 - Authenticated (Administrator+) SQL Injection via columns Parameter

Mar 7, 2025 Patched in 3.1.3 (1d)

CVE-2025-0521high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Post SMTP <= 3.0.2 - Unauthenticated Stored Cross-Site Scripting

Feb 17, 2025 Patched in 3.1.0 (1d)

CVE-2025-22800medium · 4.3Missing Authorization

Post SMTP <= 2.9.11 - Missing Authorization via regenerate_qrcode()

Jan 7, 2025 Patched in 2.9.12 (8d)

CVE-2024-52436medium · 4.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Post SMTP <= 2.9.9 - Authenticated (Administrator+) SQL Injection

Nov 15, 2024 Patched in 2.9.10 (21d)

CVE-2024-5207high · 7.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.9.3 - Authenticated (Administrator+) SQL Injection

May 22, 2024 Patched in 2.9.4 (69d)

CVE-2023-6875critical · 9.8Authorization Bypass Through User-Controlled Key

POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.8.7 - Authorization Bypass via type connect-app API

Jan 10, 2024 Patched in 2.8.8 (202d)

CVE-2023-6629medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

POST SMTP Mailer <= 2.8.6 - Reflected Cross-Site Scripting via msg

Jan 2, 2024 Patched in 2.8.7 (210d)

CVE-2023-7027high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.8.7 - Unauthenticated Stored Cross-Site Scripting via device

Jan 2, 2024 Patched in 2.8.8 (210d)

CVE-2023-6620high · 7.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.8.6 - Authenticated (Administrator+) SQL Injection

Dec 21, 2023 Patched in 2.8.7 (33d)

CVE-2023-5958high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

POST SMTP Mailer <= 2.7.0 - Unauthenticated Stored Cross-Site Scripting

Nov 6, 2023 Patched in 2.7.1 (78d)

WF-3816a6cf-8157-4ad9-83f6-93c9b6c6275f-post-smtphigh · 7.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Post SMTP <= 2.6.0 - Authenticated (Administrator+) SQL Injection

Oct 3, 2023 Patched in 2.6.1 (112d)

CVE-2023-3082high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Post SMTP <= 2.5.7 - Unauthenticated Stored Cross-Site Scripting via Email

Jul 11, 2023 Patched in 2.5.8 (196d)

CVE-2023-3179medium · 6.5Cross-Site Request Forgery (CSRF)

POST SMTP Mailer <= 2.5.6 - Cross-Site Request Forgery to Account Compromise

Jun 26, 2023 Patched in 2.5.7 (211d)

CVE-2023-3178medium · 4.3Cross-Site Request Forgery (CSRF)

POST SMTP Mailer <= 2.5.6 - Cross-Site Request Forgery to Arbitrary Log Deletion

Jun 26, 2023 Patched in 2.5.7 (211d)

CVE-2022-2352medium · 6.6Server-Side Request Forgery (SSRF)

Post SMTP <= 2.1.6 - Authenticated (Administrator+) Blind Server-Side Request Forgery

Sep 5, 2022 Patched in 2.1.7 (505d)

CVE-2022-2351medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Post SMTP Mailer/Email Log <= 2.1.3 - Authenticated (Admin+) Stored Cross-Site Scripting

Aug 18, 2022 Patched in 2.1.4 (523d)

CVE-2021-4422medium · 4.3Cross-Site Request Forgery (CSRF)

POST SMTP Mailer <= 2.0.20 - Cross-Site Request Forgery Bypass

Mar 1, 2021 Patched in 2.0.21 (1058d)

Version History

Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App Release Timeline

v3.9.1Current42 files changed

v3.9.054 files changed

v3.8.02 CVEs42 files changed

CVE-2026-2559 CVE-2026-3090

v3.7.02 CVEs14 files changed

CVE-2026-2559 CVE-2026-3090

v3.6.32 CVEs3 files changed

CVE-2026-2559 CVE-2026-3090

v3.6.22 CVEs12 files changed

CVE-2026-2559 CVE-2026-3090

v3.6.13 CVEs21 files changed

CVE-2026-2559 CVE-2026-3090 CVE-2025-12887

v3.6.04 CVEs23 files changed

CVE-2026-2559 CVE-2026-3090 CVE-2025-11833 +1 more

v3.5.04 CVEs26 files changed

CVE-2026-2559 CVE-2026-3090 CVE-2025-11833 +1 more

v3.4.24 CVEs16 files changed

CVE-2026-2559 CVE-2026-3090 CVE-2025-11833 +1 more

v3.4.15 CVEs2 files changed

CVE-2026-2559 CVE-2026-3090 CVE-2025-11833 +2 more

v3.4.05 CVEs44 files changed

CVE-2026-2559 CVE-2026-3090 CVE-2025-11833 +2 more

v3.3.05 CVEs

CVE-2026-2559 CVE-2026-3090 CVE-2025-11833 +2 more

v3.2.06 CVEs31 files changed

CVE-2026-2559 CVE-2026-3090 CVE-2025-11833 +3 more

v3.1.46 CVEs6 files changed

CVE-2026-2559 CVE-2026-3090 CVE-2025-11833 +3 more

v3.1.36 CVEs3 files changed

CVE-2026-2559 CVE-2026-3090 CVE-2025-11833 +3 more

v3.1.27 CVEs382 files changed

CVE-2024-13844 CVE-2026-2559 CVE-2026-3090 +4 more

v3.1.17 CVEs4 files changed

CVE-2024-13844 CVE-2026-2559 CVE-2026-3090 +4 more

v3.1.07 CVEs26 files changed

CVE-2024-13844 CVE-2026-2559 CVE-2026-3090 +4 more

v3.0.2-beta.18 CVEs

CVE-2024-13844 CVE-2026-2559 CVE-2025-0521 +5 more

Code Analysis

Analyzed Apr 6, 2026

Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App Code Analysis

Dangerous Functions

Raw SQL Queries

39 prepared

Unescaped Output

159

827 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$headers = is_serialized( $log['original_headers'] ) ? unserialize( $log['original_headers'] ) : $loPostman/Dashboard/includes/rest-api/v1/class-psd-rest-api.php:236

assertassert ( ! empty ( $clientId ) );Postman/Postman-Auth/PostmanAbstractAuthenticationManager.php:31

assertassert ( ! empty ( $clientSecret ) );Postman/Postman-Auth/PostmanAbstractAuthenticationManager.php:32

assertassert ( ! empty ( $authorizationToken ) );Postman/Postman-Auth/PostmanAbstractAuthenticationManager.php:33

assertassert ( ! empty ( $callbackUri ) );Postman/Postman-Auth/PostmanAbstractAuthenticationManager.php:34

assertassert ( ! empty ( $newtoken ) );Postman/Postman-Auth/PostmanAbstractAuthenticationManager.php:108

assertassert ( ! empty ( $newtoken->{self::EXPIRES} ) );Postman/Postman-Auth/PostmanAbstractAuthenticationManager.php:109

assertassert ( ! empty ( $newtoken->{self::ACCESS_TOKEN} ) );Postman/Postman-Auth/PostmanAbstractAuthenticationManager.php:110

assertassert ( ! empty ( $refreshUrl ) );Postman/Postman-Auth/PostmanAbstractAuthenticationManager.php:146

assertassert ( ! empty ( $callbackUrl ) );Postman/Postman-Auth/PostmanAbstractAuthenticationManager.php:147

assertassert ( false );Postman/Postman-Auth/PostmanAuthenticationManagerFactory.php:49

assertassert ( ! empty ( $clientId ) );Postman/Postman-Auth/PostmanGoogleAuthenticationManager.php:42

assertassert ( ! empty ( $clientSecret ) );Postman/Postman-Auth/PostmanGoogleAuthenticationManager.php:43

assertassert ( ! empty ( $authorizationToken ) );Postman/Postman-Auth/PostmanGoogleAuthenticationManager.php:44

assertassert ( ! empty ( $senderEmail ) );Postman/Postman-Auth/PostmanGoogleAuthenticationManager.php:45

assertassert ( ! empty ( $clientId ) );Postman/Postman-Auth/PostmanMicrosoftAuthenticationManager.php:33

assertassert ( ! empty ( $clientSecret ) );Postman/Postman-Auth/PostmanMicrosoftAuthenticationManager.php:34

assertassert ( ! empty ( $authorizationToken ) );Postman/Postman-Auth/PostmanMicrosoftAuthenticationManager.php:35

assertassert ( ! empty ( $callbackUri ) );Postman/Postman-Auth/PostmanMicrosoftAuthenticationManager.php:36

assertassert ( false );Postman/Postman-Auth/PostmanNonOAuthAuthenticationManager.php:23

assertassert ( false );Postman/Postman-Auth/PostmanNonOAuthAuthenticationManager.php:27

assertassert ( false );Postman/Postman-Auth/PostmanNonOAuthAuthenticationManager.php:43

assertassert ( ! empty ( $clientId ) );Postman/Postman-Auth/PostmanYahooAuthenticationManager.php:35

assertassert ( ! empty ( $clientSecret ) );Postman/Postman-Auth/PostmanYahooAuthenticationManager.php:36

assertassert ( ! empty ( $authorizationToken ) );Postman/Postman-Auth/PostmanYahooAuthenticationManager.php:37

assertassert ( ! empty ( $callbackUri ) );Postman/Postman-Auth/PostmanYahooAuthenticationManager.php:38

assertassert ( ! empty ( $refreshUrl ) );Postman/Postman-Auth/PostmanYahooAuthenticationManager.php:116

assertassert ( ! empty ( $callbackUrl ) );Postman/Postman-Auth/PostmanYahooAuthenticationManager.php:117

assertassert( ! empty( $rootPluginFilenameAndPath ) );Postman/Postman-Configuration/PostmanConfigurationController.php:39

assertassert( PostmanUtils::isAdmin() );Postman/Postman-Configuration/PostmanConfigurationController.php:40

assertassert( is_admin() );Postman/Postman-Configuration/PostmanConfigurationController.php:41

unserialize$mb_email_configuration_data = unserialize( $mb_email_configuration_data['meta_value'] );Postman/Postman-Configuration/PostmanImportableConfiguration.php:421

exec@exec ( "nslookup.exe -type=MX $hostname.", $output );Postman/Postman-Configuration/PostmanSmtpDiscovery.php:220

assertassert( ! empty( $rootPluginFilenameAndPath ) );Postman/Postman-Connectivity-Test/PostmanConnectivityTestController.php:22

assertassert( PostmanUtils::isAdmin() );Postman/Postman-Connectivity-Test/PostmanConnectivityTestController.php:23

assertassert( is_admin() );Postman/Postman-Connectivity-Test/PostmanConnectivityTestController.php:24

assertassert ( ! empty ( $rootPluginFilenameAndPath ) );Postman/Postman-Controller/PostmanDashboardWidgetController.php:19

assertassert ( ! empty ( $options ) );Postman/Postman-Controller/PostmanDashboardWidgetController.php:20

assertassert ( ! empty ( $authorizationToken ) );Postman/Postman-Controller/PostmanDashboardWidgetController.php:21

assertassert ( ! empty ( $binder ) );Postman/Postman-Controller/PostmanDashboardWidgetController.php:22

assertassert ( ! empty ( $this->transport ) );Postman/Postman-Controller/PostmanManageConfigurationAjaxHandler.php:64

assertassert( ! empty( $rootPluginFilenameAndPath ) );Postman/Postman-Diagnostic-Test/PostmanDiagnosticTestController.php:21

assertassert( PostmanUtils::isAdmin() );Postman/Postman-Diagnostic-Test/PostmanDiagnosticTestController.php:22

assertassert( is_admin() );Postman/Postman-Diagnostic-Test/PostmanDiagnosticTestController.php:23

assertassert( !empty( $api_key ) );Postman/Postman-Mail/PostmanElasticEmailMailEngine.php:25

assertassert ( ! empty ( $emails ) );Postman/Postman-Mail/PostmanEmailAddress.php:78

assertassert( ! empty( $apiKey ) );Postman/Postman-Mail/PostmanEmailitMailEngine.php:20

assertassert( ! empty( $apiKey ) );Postman/Postman-Mail/PostmanMailerSendMailEngine.php:32

assertassert( !empty( $api_key ) );Postman/Postman-Mail/PostmanMailerooMailEngine.php:17

assertassert( ! empty( $apiKey ) );Postman/Postman-Mail/PostmanMailgunMailEngine.php:34

assertassert( !empty( $api_key ) );Postman/Postman-Mail/PostmanMailtrapMailEngine.php:25

assertassert( ! empty( $apiKey ) );Postman/Postman-Mail/PostmanMandrillMailEngine.php:33

assertassert( ! empty( $senderEmail ) );Postman/Postman-Mail/PostmanMandrillMailEngine.php:184

assertassert( !empty( $api_key ) );Postman/Postman-Mail/PostmanPostmarkMailEngine.php:23

assertassert( !empty( $api_key ) );Postman/Postman-Mail/PostmanResendMailEngine.php:24

assertassert( ! empty( $apiKey ) );Postman/Postman-Mail/PostmanSendGridMailEngine.php:32

assertassert( !empty( $api_key ) );Postman/Postman-Mail/PostmanSendinblueMailEngine.php:25

assertassert( ! empty( $apiKey ) );Postman/Postman-Mail/PostmanSmtp2GoEngine.php:20

assertassert( !empty( $api_key ) );Postman/Postman-Mail/PostmanSparkPostMailEngine.php:24

assertassert( ! empty( $apiKey ) );Postman/Postman-Mail/PostmanSweegoMailEngine.php:20

assertassert( isset( $transport ) );Postman/Postman-Mail/PostmanZendMailEngine.php:58

assertassert( ! empty( $senderEmail ) );Postman/Postman-Mail/PostmanZendMailEngine.php:248

assertassert ( ! empty ( $senderEmail ) );Postman/Postman-Mail/PostmanZendMailTransportConfigurationFactory.php:66

assertassert( ! empty( $rootPluginFilenameAndPath ) );Postman/Postman-Send-Test-Email/PostmanSendTestEmailController.php:34

assertassert( PostmanUtils::isAdmin() );Postman/Postman-Send-Test-Email/PostmanSendTestEmailController.php:35

assertassert( is_admin() );Postman/Postman-Send-Test-Email/PostmanSendTestEmailController.php:36

assertassert( ! empty( $rootPluginFilenameAndPath ) );Postman/Postman.php:49

assertassert( ! empty( $version ) );Postman/Postman.php:50

assertassert( ! empty( $rootPluginFilenameAndPath ) );Postman/PostmanAdminController.php:88

assertassert( ! empty( $options ) );Postman/PostmanAdminController.php:89

assertassert( ! empty( $authorizationToken ) );Postman/PostmanAdminController.php:90

assertassert( ! empty( $messageHandler ) );Postman/PostmanAdminController.php:91

assertassert( ! empty( $binder ) );Postman/PostmanAdminController.php:92

assertassert( PostmanUtils::isAdmin() );Postman/PostmanAdminController.php:93

assertassert( is_admin() );Postman/PostmanAdminController.php:94

unserialize$headers = is_serialized( $log['original_headers'] ) ? unserialize( $log['original_headers'] ) : $loPostman/PostmanEmailLogs.php:907

assertassert( $postmanState ['version'] == $data ['version'] );Postman/PostmanOptions.php:935

assertassert( ! empty( $transport ) );Postman/PostmanWpMail.php:501

assertassert( ! empty( $options ) );Postman/PostmanWpMail.php:502

assertassert( ! empty( $authorizationToken ) );Postman/PostmanWpMail.php:503

Bundled Libraries

TCPDFPHPMailerGuzzleFreemius1.0

SQL Query Safety

75% prepared52 total queries

Output Escaping

84% escaped986 total outputs

Data Flows · Security

7 unsanitized

Data Flow Analysis

14 flows7 with unsanitized paths

test_mail (Postman/Postman-Mail-Tester/PostmanEmailTester.php:51)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

13 unprotected

Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App Attack Surface

Entry Points31

Unprotected13

AJAX Handlers 22

authwp_ajax_postman_send_test_notificationPostman/Extensions/Core/Notifications/PostmanNotify.php:37

authwp_ajax_post_smtp_dash_widget_lite_save_widget_metaPostman/Postman-Controller/PostmanDashboardWidgetController.php:28

authwp_ajax_post_smtp_log_trash_allPostman/Postman-Email-Log/PostmanEmailLogController.php:56

authwp_ajax_ps-get-email-logsPostman/Postman-Email-Log/PostmanEmailLogController.php:58

authwp_ajax_ps-delete-email-logsPostman/Postman-Email-Log/PostmanEmailLogController.php:60

authwp_ajax_ps-export-email-logsPostman/Postman-Email-Log/PostmanEmailLogController.php:62

authwp_ajax_ps-view-logPostman/Postman-Email-Log/PostmanEmailLogController.php:64

authwp_ajax_ps-resend-emailPostman/Postman-Email-Log/PostmanEmailLogController.php:66

authwp_ajax_ps-migrate-logsPostman/Postman-Email-Log/PostmanEmailLogMigration.php:100

authwp_ajax_ps-db-update-notice-dismissPostman/Postman-Email-Log/PostmanEmailLogMigration.php:101

authwp_ajax_ps-mail-testPostman/Postman-Mail-Tester/PostmanEmailTester.php:21

authwp_ajax_post_user_feedbackPostman/PostmanPluginFeedback.php:8

authwp_ajax_dismiss_smtp_conflict_noticePostman/PostmanSMTPConflictManager.php:34

authwp_ajax_delete_lock_filePostman/PostmanViewController.php:44

authwp_ajax_dismiss_version_notifyPostman/PostmanViewController.php:45

authwp_ajax_dismiss_donation_notifyPostman/PostmanViewController.php:46

authwp_ajax_ps-discard-less-secure-notificationPostman/PostmanViewController.php:47

authwp_ajax_ps-save-wizardPostman/Wizard/NewWizard.php:101

authwp_ajax_update_post_smtp_pro_optionPostman/Wizard/NewWizard.php:102

authwp_ajax_update_post_smtp_pro_option_office365Postman/Wizard/NewWizard.php:103

authwp_ajax_ps_get_office365_auth_urlPostman/Wizard/NewWizard.php:104

authwp_ajax_ps_get_gmail_auth_urlPostman/Wizard/NewWizard.php:105

REST API Routes 8

GET/wp-json/psmwp/v1/activate-from-mainwpPostman/Extensions/MainWP-Child/includes/rest-api/v1/class-psmwp-rest-api.php:28

GET/wp-json/post-smtp/v1/connect-appPostman/Mobile/includes/rest-api/v1/rest-api.php:31

GET/wp-json/post-smtp/v1/get-logsPostman/Mobile/includes/rest-api/v1/rest-api.php:37

GET/wp-json/post-smtp/v1/disconnect-sitePostman/Mobile/includes/rest-api/v1/rest-api.php:43

GET/wp-json/post-smtp/v1/get-logPostman/Mobile/includes/rest-api/v1/rest-api.php:49

GET/wp-json/post-smtp/v1/resend-emailPostman/Mobile/includes/rest-api/v1/rest-api.php:55

GET/wp-json/post-smtp/v2/get-logsPostman/Mobile/includes/rest-api/v2/rest-api.php:31

GET/wp-json/post-smtp/v2/validate-licensePostman/Mobile/includes/rest-api/v2/rest-api.php:37

Shortcodes 1

[postman-version] Postman/Postman.php:178

WordPress Hooks 151

actionadmin_enqueue_scriptsPostman/Dashboard/NewDashboard.php:11

filterpost_smtp__new_dashboardPostman/Dashboard/NewDashboard.php:12

actionpost_smtp__new_dashboard_contentPostman/Dashboard/NewDashboard.php:13

filterpost_smtp_dashboard_opened_emails_countPostman/Dashboard/NewDashboard.php:20

actionrest_api_initPostman/Dashboard/includes/rest-api/v1/class-psd-rest-api.php:15

filterpost_smtp_admin_tabsPostman/Extensions/Core/Notifications/PostmanNotify.php:29

actionpost_smtp_settings_menuPostman/Extensions/Core/Notifications/PostmanNotify.php:30

actionpost_smtp_settings_fieldsPostman/Extensions/Core/Notifications/PostmanNotify.php:31

actionpost_smtp_on_failedPostman/Extensions/Core/Notifications/PostmanNotify.php:32

filterpost_smtp_sanitizePostman/Extensions/Core/Notifications/PostmanNotify.php:33

actionadmin_enqueue_scriptsPostman/Extensions/Core/Notifications/PostmanNotify.php:38

filterpost_smtp_log_solutionPostman/Extensions/Core/StatusSolution.php:8

filterpost_smtp_dashboard_noticePostman/Extensions/MainWP-Child/includes/psmwp-init.php:80

filterpost_smtp_declare_wp_mailPostman/Extensions/MainWP-Child/includes/psmwp-init.php:81

actionadmin_enqueue_scriptsPostman/Extensions/MainWP-Child/includes/psmwp-init.php:82

actionrest_api_initPostman/Extensions/MainWP-Child/includes/rest-api/v1/class-psmwp-rest-api.php:15

actionadmin_action_post_smtp_disconnect_appPostman/Mobile/includes/controller/v1/controller.php:20

actionpost_smtp_on_failedPostman/Mobile/includes/controller/v1/controller.php:24

actionrest_api_initPostman/Mobile/includes/rest-api/v1/rest-api.php:17

filterpost_smtp_get_logs_query_after_tablePostman/Mobile/includes/rest-api/v1/rest-api.php:126

actionrest_api_initPostman/Mobile/includes/rest-api/v2/rest-api.php:17

actionplugins_loadedPostman/Mobile/mobile.php:37

actionadmin_menuPostman/Mobile/mobile.php:38

actionpost_smtp_settings_menuPostman/Mobile/mobile.php:39

actionadmin_enqueue_scriptsPostman/Mobile/mobile.php:40

actionadmin_action_post_smtp_disconnect_appPostman/Mobile/mobile.php:41

actionadmin_post_ps_dimiss_app_noticePostman/Mobile/mobile.php:42

actionadmin_post_regenerate-qrcodePostman/Mobile/mobile.php:43

filterpost_smtp_sanitizePostman/Mobile/mobile.php:45

filterpost_smtp_admin_tabsPostman/Mobile/mobile.php:46

actionplugins_loadedPostman/Phpmailer/PostsmtpMailer.php:37

filterwp_mailPostman/Phpmailer/PostsmtpMailer.php:73

actionphpmailer_initPostman/Phpmailer/PostsmtpMailer.php:75

filterpostman_wp_mail_resultPostman/Phpmailer/PostsmtpMailer.php:138

actioninitPostman/Postman-Configuration/PostmanConfigurationController.php:49

actionadmin_initPostman/Postman-Configuration/PostmanConfigurationController.php:55

actionadmin_menuPostman/Postman-Configuration/PostmanConfigurationController.php:60

actionadmin_menuPostman/Postman-Configuration/PostmanConfigurationController.php:61

filtersubmenu_filePostman/Postman-Configuration/PostmanConfigurationController.php:62

actioninitPostman/Postman-Connectivity-Test/PostmanConnectivityTestController.php:32

actionadmin_initPostman/Postman-Connectivity-Test/PostmanConnectivityTestController.php:38

actionadmin_enqueue_scriptsPostman/Postman-Controller/PostmanAdminPointer.php:30

filterpostman_admin_pointers-settings_page_postmanPostman/Postman-Controller/PostmanAdminPointer.php:34

actionadmin_enqueue_scriptsPostman/Postman-Controller/PostmanDashboardWidgetController.php:30

actionwp_dashboard_setupPostman/Postman-Controller/PostmanDashboardWidgetController.php:35

actionwp_network_dashboard_setupPostman/Postman-Controller/PostmanDashboardWidgetController.php:40

filterdashboard_glance_itemsPostman/Postman-Controller/PostmanDashboardWidgetController.php:47

filterprint_postman_statusPostman/Postman-Controller/PostmanDashboardWidgetController.php:54

actionadmin_menuPostman/Postman-Controller/PostmanWelcomeController.php:15

actionadmin_headPostman/Postman-Controller/PostmanWelcomeController.php:16

actioninitPostman/Postman-Diagnostic-Test/PostmanDiagnosticTestController.php:33

actionadmin_initPostman/Postman-Diagnostic-Test/PostmanDiagnosticTestController.php:39

actioninitPostman/Postman-Email-Health-Report/PostmanEmailReportSending.php:39

actionpostman_rat_email_reportPostman/Postman-Email-Health-Report/PostmanEmailReportSending.php:40

filtercron_schedulesPostman/Postman-Email-Health-Report/PostmanEmailReportSending.php:41

filterpost_smtp_admin_tabsPostman/Postman-Email-Health-Report/PostmanEmailReporting.php:39

actionpost_smtp_settings_menuPostman/Postman-Email-Health-Report/PostmanEmailReporting.php:40

filterpost_smtp_sanitizePostman/Postman-Email-Health-Report/PostmanEmailReporting.php:41

actionadmin_menuPostman/Postman-Email-Log/PostmanEmailLogController.php:26

actionadmin_post_deletePostman/Postman-Email-Log/PostmanEmailLogController.php:36

actionadmin_post_viewPostman/Postman-Email-Log/PostmanEmailLogController.php:40

actionadmin_post_transcriptPostman/Postman-Email-Log/PostmanEmailLogController.php:44

actionadmin_initPostman/Postman-Email-Log/PostmanEmailLogController.php:48

actionadmin_noticesPostman/Postman-Email-Log/PostmanEmailLogMigration.php:47

actionadmin_enqueue_scriptsPostman/Postman-Email-Log/PostmanEmailLogMigration.php:68

actioninitPostman/Postman-Email-Log/PostmanEmailLogPostType.php:21

actionpost_smtp_on_successPostman/Postman-Email-Log/PostmanEmailLogService.php:66

actionpost_smtp_on_failedPostman/Postman-Email-Log/PostmanEmailLogService.php:67

actionadmin_noticesPostman/Postman-Email-Log/PostmanEmailLogService.php:272

actionwpcf7_mail_failedPostman/Postman-Mail/PostmanContactForm7.php:10

filterwpcf7_ajax_json_echoPostman/Postman-Mail/PostmanContactForm7.php:11

actionadmin_initPostman/Postman-Mail/PostmanElasticEmailTransport.php:34

actionadmin_initPostman/Postman-Mail/PostmanEmailitTransport.php:31

actionadmin_initPostman/Postman-Mail/PostmanGmailApiModuleTransport.php:30

actionadmin_initPostman/Postman-Mail/PostmanMailerSendTransport.php:29

actionadmin_initPostman/Postman-Mail/PostmanMailerooTransport.php:25

actionadmin_initPostman/Postman-Mail/PostmanMailgunTransport.php:29

actionadmin_initPostman/Postman-Mail/PostmanMailjetTransport.php:34

actionadmin_initPostman/Postman-Mail/PostmanMailtrapTransport.php:34

actionadmin_initPostman/Postman-Mail/PostmanMandrillTransport.php:24

actioninitPostman/Postman-Mail/PostmanMyMailConnector.php:33

filtermailster_delivery_methodsPostman/Postman-Mail/PostmanMyMailConnector.php:50

actionmailster_deliverymethod_tab_postmanPostman/Postman-Mail/PostmanMyMailConnector.php:54

actionmailster_initsendPostman/Postman-Mail/PostmanMyMailConnector.php:60

actionmailster_presendPostman/Postman-Mail/PostmanMyMailConnector.php:64

actionmailster_dosendPostman/Postman-Mail/PostmanMyMailConnector.php:68

actionMAILSTER_POSTMAN_cronPostman/Postman-Mail/PostmanMyMailConnector.php:72

actionadmin_initPostman/Postman-Mail/PostmanPostmarkTransport.php:34

actionadmin_initPostman/Postman-Mail/PostmanResendTransport.php:35

actionadmin_initPostman/Postman-Mail/PostmanSendGridTransport.php:29

actionadmin_initPostman/Postman-Mail/PostmanSendinblueTransport.php:34

actionadmin_initPostman/Postman-Mail/PostmanSendpulseTransport.php:35

actionadmin_initPostman/Postman-Mail/PostmanSmtp2GoTransport.php:23

actionadmin_initPostman/Postman-Mail/PostmanSmtpModuleTransport.php:18

actionadmin_initPostman/Postman-Mail/PostmanSparkPostTransport.php:34

actionadmin_initPostman/Postman-Mail/PostmanSweegoTransport.php:20

filteroption_woocommerce_email_from_addressPostman/Postman-Mail/PostmanWooCommerce.php:21

filterwoocommerce_email_from_addressPostman/Postman-Mail/PostmanWooCommerce.php:22

filterwoocommerce_get_settings_emailPostman/Postman-Mail/PostmanWooCommerce.php:23

filterpost_smtp_incompatible_phpPostman/Postman-Mail/Zend-1.12.10/Mail/Transport/Abstract.php:193

actioninitPostman/Postman-Send-Test-Email/PostmanSendTestEmailController.php:45

actionadmin_initPostman/Postman-Send-Test-Email/PostmanSendTestEmailController.php:51

filterpostman_test_emailPostman/Postman-Send-Test-Email/PostmanSendTestEmailController.php:341

actionadmin_action_ps-skip-bfcmPostman/Postman-Suggest-Pro/PostmanPromotionManager.php:44

actionadmin_enqueue_scriptsPostman/Postman-Suggest-Pro/PostmanSuggestProSocket.php:27

actionaddons/after_addonsPostman/Postman-Suggest-Pro/PostmanSuggestProSocket.php:28

actionadmin_menuPostman/Postman-Suggest-Pro/PostmanSuggestProSocket.php:33

actionpost_smtp_dashboard_after_configPostman/Postman-Suggest-Pro/PostmanSuggestProSocket.php:38

filtergettextPostman/Postman-Suggest-Pro/PostmanSuggestProSocket.php:42

actionadmin_action_ps_skip_pro_bannerPostman/Postman-Suggest-Pro/PostmanSuggestProSocket.php:43

filterpostman_get_plugin_metadataPostman/Postman.php:120

actioninitPostman/Postman.php:184

actionwp_loadedPostman/Postman.php:193

actionadmin_headPostman/Postman.php:210

actionin_admin_footerPostman/Postman.php:344

actionadmin_noticesPostman/Postman.php:383

actioninitPostman/PostmanAdminController.php:136

actionwpmu_optionsPostman/PostmanAdminController.php:142

actionupdate_wpmu_optionsPostman/PostmanAdminController.php:147

actioninitPostman/PostmanAdminController.php:274

actionadmin_noticesPostman/PostmanMessageHandler.php:24

actionadmin_enqueue_scriptsPostman/PostmanPluginFeedback.php:11

actionadmin_headPostman/PostmanPluginFeedback.php:12

actionadmin_footerPostman/PostmanPluginFeedback.php:13

actionadmin_noticesPostman/PostmanSMTPConflictManager.php:31

actionadmin_enqueue_scriptsPostman/PostmanSMTPConflictManager.php:37

actionadmin_menuPostman/PostmanUtils.php:451

actionadmin_initPostman/PostmanViewController.php:43

actionadmin_noticesPostman/PostmanViewController.php:52

filterpostman_wp_mail_resultPostman/PostmanWpMail.php:244

filterpostman_wp_mail_bind_statusPostman/PostmanWpMailBinder.php:23

filterpost_smtp_legacy_wizardPostman/Wizard/NewWizard.php:98

actionpost_smtp_new_wizardPostman/Wizard/NewWizard.php:99

actionadmin_enqueue_scriptsPostman/Wizard/NewWizard.php:100

actionadmin_action_zoho_auth_requestPostman/Wizard/NewWizard.php:106

actionadmin_post_remove_oauth_actionPostman/Wizard/NewWizard.php:107

actionadmin_initPostman/Wizard/NewWizard.php:108

actionadmin_initPostman/Wizard/NewWizard.php:109

actionadmin_post_remove_365_oauth_actionPostman/Wizard/NewWizard.php:110

filterpost_smtp_legacy_wizardPostman/Wizard/NewWizard.php:114

actionadmin_footerPostman/Wizard/NewWizard.php:1674

filterconnect_messagepostman-smtp.php:89

filterplugin_iconpostman-smtp.php:95

actioninitpostman-smtp.php:124

actionadmin_initpostman-smtp.php:127

actionadmin_noticespostman-smtp.php:130

actionadmin_noticespostman-smtp.php:134

actionadmin_footerpostman-smtp.php:197

actionadmin_bar_menupostman-smtp.php:206

actionadmin_enqueue_scriptspostman-smtp.php:208

filteris_submenu_visiblepostman-smtp.php:243

Scheduled Events 1

postman_rat_email_report

Maintenance & Trust

Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedApr 1, 2026

PHP min version7.0

Downloads19.0M

Community Trust

Rating94/100

Number of ratings519

Active installs400K

Alternatives

Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App Alternatives

SureMail – SMTP and Email Logs Plugin with Amazon SES, Postmark, and Other Providers

suremails

SureMail – SMTP and Email Logs Plugin with Amazon SES, Postmark, and Other Providers

200K 1 CVE

Bit SMTP – Easy SMTP Solution with Email Logs

bit-smtp

Short Description

2K 1 CVE

WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin

wp-mail-smtp

Make email delivery easy for WordPress. Connect with SMTP, Gmail, Outlook, SendGrid, Mailgun, SES, Zoho, + more. Rated #1 WordPress SMTP Email plugin.

4.0M 2 CVEs

Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more

easy-wp-smtp

Make SMTP email sending and delivery easy. Configure Gmail, Outlook, Brevo, SendGrid, Mailgun, SendLayer or connect to any SMTP server.

500K 8 CVEs

WP Offload SES Lite

wp-ses

100

Fix your email delivery problems by sending your WordPress emails through Amazon SES's powerful email sending infrastructure.

10K 1 CVE

Developer Profile

Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App Developer Profile

Saad Iqbal

89 plugins · 1.4M total installs

trust score

Avg Security Score

93/100

Avg Patch Time

265 days

View full developer profile

Detection Fingerprints

How We Detect Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/post-smtp/assets/css/post-smtp.css/wp-content/plugins/post-smtp/assets/css/postman-admin.css/wp-content/plugins/post-smtp/assets/css/postman-admin-login.css/wp-content/plugins/post-smtp/assets/css/postman-admin-page.css/wp-content/plugins/post-smtp/assets/css/postman-admin-tabs.css/wp-content/plugins/post-smtp/assets/css/postman-bootstrap.css/wp-content/plugins/post-smtp/assets/css/postman-main.css/wp-content/plugins/post-smtp/assets/css/postman-navigation.css+11 more

Script Paths

/wp-content/plugins/post-smtp/script/localize.js/wp-content/plugins/post-smtp/script/post-smtp-hooks.js

Version Parameters

post-smtp/assets/css/post-smtp.css?ver=post-smtp/assets/css/postman-admin.css?ver=post-smtp/assets/css/postman-admin-login.css?ver=post-smtp/assets/css/postman-admin-page.css?ver=post-smtp/assets/css/postman-admin-tabs.css?ver=post-smtp/assets/css/postman-bootstrap.css?ver=post-smtp/assets/css/postman-main.css?ver=post-smtp/assets/css/postman-navigation.css?ver=post-smtp/assets/css/postman-smtp.css?ver=post-smtp/assets/css/postman-wizard.css?ver=post-smtp/assets/js/post-smtp-hooks.js?ver=post-smtp/assets/js/post-smtp-localize.js?ver=post-smtp/assets/js/post-smtp.js?ver=post-smtp/assets/js/postman-admin-page.js?ver=post-smtp/assets/js/postman-admin-tabs.js?ver=post-smtp/assets/js/postman-api.js?ver=post-smtp/assets/js/postman-bootstrap.js?ver=post-smtp/assets/js/postman-wizard.js?ver=post-smtp/assets/js/jquery.validate.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

postman-smtppostman-adminpostman-wizardpostman-not-configured-noticeps-optin-popup

HTML Comments

+4 more

Data Attributes

data-toggle="tooltip"data-placement="top"data-title=""data-content=""data-trigger="hover"

JS Globals

post_smtp_localize

FAQ

Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App Security & Risk Analysis

Is Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App Safe to Use in 2026?

Mostly Safe

Key Concerns

Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App Security Vulnerabilities

CVEs by Year

Severity Breakdown

Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App Release Timeline

Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App Attack Surface

AJAX Handlers 22

REST API Routes 8

Shortcodes 1

Scheduled Events 1

Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App Maintenance & Trust

Maintenance Signals

Community Trust

Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App Alternatives

SureMail – SMTP and Email Logs Plugin with Amazon SES, Postmark, and Other Providers

Bit SMTP – Easy SMTP Solution with Email Logs

WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin

Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more

WP Offload SES Lite

Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App Developer Profile

How We Detect Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App