WP Email Log – PostBox Security & Risk Analysis
wordpress.org/plugins/postbox-email-logsCapture email log and view all outgoing emails. Easily debug mail function issues.
Is WP Email Log – PostBox Safe to Use in 2026?
Generally Safe
Score 99/100WP Email Log – PostBox has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.
The 'postbox-email-logs' plugin, version 1.0.5, exhibits a generally good security posture, with all identified entry points protected by authentication and capability checks. The plugin demonstrates strong output escaping practices and avoids file operations and external HTTP requests, which are positive indicators. However, the presence of two 'unserialize' calls and a significant number of unsanitized taint flows, including two high-severity ones, raises concerns. While there are no currently unpatched CVEs, the history of a medium-severity vulnerability, specifically related to missing authorization, suggests potential areas of weakness that could be exploited if not carefully managed. The plugin's strength lies in its limited attack surface and robust checks on its exposed endpoints. The primary weaknesses stem from the use of potentially dangerous functions and less secure data handling patterns, as highlighted by the taint analysis.
Key Concerns
- High severity taint flows
- Unsanitized paths in taint flows
- Use of unserialize function
- Low percentage of prepared statements in SQL
- Medium severity CVE in history
WP Email Log – PostBox Security Vulnerabilities
CVEs by Year
Severity Breakdown
1 total CVE
PostBox <= 1.0.4 - Missing Authorization to Authenticated (Subscriber+) Log Export
WP Email Log – PostBox Release Timeline
WP Email Log – PostBox Code Analysis
Dangerous Functions Found
SQL Query Safety
Output Escaping
Data Flow Analysis
WP Email Log – PostBox Attack Surface
AJAX Handlers 1
WordPress Hooks 8
Maintenance & Trust
WP Email Log – PostBox Maintenance & Trust
Maintenance Signals
Community Trust
WP Email Log – PostBox Alternatives
WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin
wp-mail-smtp
Make email delivery easy for WordPress. Connect with SMTP, Gmail, Outlook, SendGrid, Mailgun, SES, Zoho, + more. Rated #1 WordPress SMTP Email plugin.
Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more
easy-wp-smtp
Make SMTP email sending and delivery easy. Configure Gmail, Outlook, Brevo, SendGrid, Mailgun, SendLayer or connect to any SMTP server.
Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App
post-smtp
Improve WordPress email deliverability. Connect Gmail SMTP, Microsoft 365, Brevo, SendGrid, Mailgun, Zoho, Amazon SES, etc. #1 WordPress SMTP Plugin.
SureMail – SMTP and Email Logs Plugin with Amazon SES, Postmark, and Other Providers
suremails
SureMail – SMTP and Email Logs Plugin with Amazon SES, Postmark, and Other Providers
Mail logging – WP Mail Catcher
wp-mail-catcher
Stop from ever losing your emails again! This fast, lightweight plugin (under 140kb in size!) is also useful for debugging or backing up your messages
WP Email Log – PostBox Developer Profile
9 plugins · 23K total installs
How We Detect WP Email Log – PostBox
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/postbox-email-logs/css/jquery-ui/jquery-ui.min.css/wp-content/plugins/postbox-email-logs/css/style.css/wp-content/plugins/postbox-email-logs/js/script.js/wp-content/plugins/postbox-email-logs/js/script.jspostbox-email-logs/js/script.js?ver=HTML / DOM Fingerprints
pbemlpbeml-popup-wrapperpbeml-popup-headerpbeml-popup-closepbeml-popup-content<!-- Display a notice that can be dismissed --><!-- Translators: %1$s is the URL to dismiss the notice, %2$s is the URL to the WordPress plugin page. -->data-noncedata-idpbeml/wp-json/pbeml/v1/email-log