WP-Safety

MainWP Post SMTP Extension – Easily Manage WP SMTP Setup for All Sites in One Place Security & Risk Analysis

wordpress.org/plugins/post-smtp-for-mainwp

Manage WP SMTP configuration from a single dashboard for all your sites. View email logs, get instant email failure alerts, and set up a backup SMTP c …

300 active installs v1.0.5 PHP 7.0+ WP 4.7+ Updated Feb 19, 2026
main-wpmainwpmainwp-childsmtpwp-mail
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is MainWP Post SMTP Extension – Easily Manage WP SMTP Setup for All Sites in One Place Safe to Use in 2026?

Generally Safe

Score 100/100

MainWP Post SMTP Extension – Easily Manage WP SMTP Setup for All Sites in One Place has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The post-smtp-for-mainwp plugin v1.0.5 exhibits a generally strong security posture with notable strengths in its handling of SQL queries and output escaping. The plugin utilizes prepared statements for all its SQL queries, significantly reducing the risk of SQL injection. Furthermore, a high percentage of output is properly escaped, which is crucial for preventing cross-site scripting (XSS) vulnerabilities.

However, a significant concern arises from its attack surface. The analysis reveals one REST API route that lacks permission callbacks. This unprotected entry point could potentially be exploited by unauthenticated users, leading to unauthorized actions or information disclosure, depending on the functionality exposed by that route.

The plugin's vulnerability history is clean, with no known CVEs recorded. This absence of historical vulnerabilities, combined with the good coding practices observed in SQL and output handling, suggests a codebase that is actively maintained and security-conscious. Despite the single unprotected REST API route, the overall security outlook is positive, with the primary area for improvement being the hardening of its REST API endpoints.

Key Concerns

  • Unprotected REST API route
Vulnerabilities
None known

MainWP Post SMTP Extension – Easily Manage WP SMTP Setup for All Sites in One Place Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

MainWP Post SMTP Extension – Easily Manage WP SMTP Setup for All Sites in One Place Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
1
30 escaped
Nonce Checks
2
Capability Checks
0
File Operations
0
External Requests
1
Bundled Libraries
0

SQL Query Safety

100% prepared2 total queries

Output Escaping

97% escaped31 total outputs
Attack Surface
1 unprotected

MainWP Post SMTP Extension – Easily Manage WP SMTP Setup for All Sites in One Place Attack Surface

Entry Points2
Unprotected1

AJAX Handlers 1

authwp_ajax_post-smtp-request-mwp-childincludes\class-post-smtp-mwp-page.php:38

REST API Routes 1

GET/wp-json/post-smtp-for-mainwp/v1/send-emailincludes\rest-api\v1\class-post-smtp-mwp-rest-api.php:54
WordPress Hooks 19
filtermainwp_getextensionsincludes\class-post-smtp-mainwp.php:63
filtermainwp_header_leftincludes\class-post-smtp-mainwp.php:64
actionmainwp_activatedincludes\class-post-smtp-mainwp.php:74
actionadmin_enqueue_scriptsincludes\class-post-smtp-mwp-page.php:33
actionadmin_post_post_smtp_mwp_save_sitesincludes\class-post-smtp-mwp-page.php:37
actionpost_smtp_email_logs_table_headerincludes\class-post-smtp-mwp-table.php:27
actionadmin_enqueue_scriptsincludes\class-post-smtp-mwp-table.php:28
filterpost_smtp_get_logs_query_after_tableincludes\class-post-smtp-mwp-table.php:29
filterpost_smtp_get_logs_query_colsincludes\class-post-smtp-mwp-table.php:30
filterpost_smtp_email_logs_localizeincludes\class-post-smtp-mwp-table.php:31
filterps_email_logs_rowincludes\class-post-smtp-mwp-table.php:32
filterpost_smtp_get_logs_argsincludes\class-post-smtp-mwp-table.php:33
actionpostman_delete_logs_successfullyincludes\class-post-smtp-mwp-table.php:34
actionrest_api_initincludes\rest-api\v1\class-post-smtp-mwp-rest-api.php:41
actionpost_smtp_after_email_log_savedincludes\rest-api\v1\class-post-smtp-mwp-rest-api.php:42
filterpost_smtp_from_email_addressincludes\rest-api\v1\class-post-smtp-mwp-rest-api.php:255
filterpost_smtp_from_nameincludes\rest-api\v1\class-post-smtp-mwp-rest-api.php:260
filterpost_smtp_reply_toincludes\rest-api\v1\class-post-smtp-mwp-rest-api.php:265
actionadmin_noticesmainwp-post-smtp-extension.php:47
Maintenance & Trust

MainWP Post SMTP Extension – Easily Manage WP SMTP Setup for All Sites in One Place Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 19, 2026
PHP min version7.0
Downloads5K

Community Trust

Rating100/100
Number of ratings1
Active installs300
Alternatives

MainWP Post SMTP Extension – Easily Manage WP SMTP Setup for All Sites in One Place Alternatives

MainWP Child Reports

MainWP Child Reports

mainwp-child-reports

A
96

The MainWP Child Report plugin tracks changes to Child sites for the Pro Reports Extension.

100K 3 CVEs
YaySMTP and Email Logs: Amazon SES, SendGrid, Outlook, Mailgun, Brevo, Google and Any SMTP Service

YaySMTP and Email Logs: Amazon SES, SendGrid, Outlook, Mailgun, Brevo, Google and Any SMTP Service

yaysmtp

A
90

Send WordPress emails successfully with WP Mail SMTP via your favorite mailer

10K 8 CVEs
WP SMTP Mailer – SMTP7

WP SMTP Mailer – SMTP7

wp-mail-smtp-mailer

A
100

WP SMTP Mailer Plugin - SMTP7. Make email delivery easy from WordPress. It is easy to configure.

9K No CVEs
Swift SMTP (formerly Welcome Email Editor)

Swift SMTP (formerly Welcome Email Editor)

welcome-email-editor

A
99

Swift SMTP is a free & simple SMTP Plugin for WordPress.

8K 2 CVEs
MainWP Key Maker

MainWP Key Maker

mainwp-key-maker

A
100

The MainWP Key Maker plugin copies settings for the MainWP Bulk Settings Manager Extension.

5K No CVEs
Developer Profile

MainWP Post SMTP Extension – Easily Manage WP SMTP Setup for All Sites in One Place Developer Profile

Saad Iqbal

84 plugins · 1.4M total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
287 days
View full developer profile
Detection Fingerprints

How We Detect MainWP Post SMTP Extension – Easily Manage WP SMTP Setup for All Sites in One Place

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/post-smtp-for-mainwp/assets/css/style.css
Version Parameters
post-smtp-mainwp?ver=1.0.0

HTML / DOM Fingerprints

CSS Classes
post-smtp-mainwpps-enable-allps-disable-allpsmwp-securityps-switch-1ps-errorps-error
Data Attributes
data-id
JS Globals
post_smtp_mainwp_ajax_object
REST Endpoints
/wp-json/post-smtp-mainwp/v1/settings/wp-json/post-smtp-mainwp/v1/test-email
FAQ

Frequently Asked Questions about MainWP Post SMTP Extension – Easily Manage WP SMTP Setup for All Sites in One Place