Does Primail have any unpatched vulnerabilities?

No. All known vulnerabilities in Primail have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Primail compatible with WordPress 6.0.11?

According to WordPress.org data, Primail 1.0.1 has been tested up to WordPress 6.0.11. Check the plugin's changelog for the latest compatibility information.

Is Primail compatible with PHP 5.6.20+?

Primail requires PHP 5.6.20 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Primail updated?

Primail was last updated on Oct 9, 2022. Frequent updates are generally a positive security signal.

What is Primail's security score?

Primail has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Primail Security & Risk Analysis

wordpress.org/plugins/primail

The Primail plugin allows you to connect your WordPress site with Mandrill for improved email delivery and reliability

0 active installs v1.0.1 PHP 5.6.20+ WP 5.5.1+ Updated Oct 9, 2022

emailemail-reliabilitymailchimpmandrilltransactional-email

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Primail Safe to Use in 2026?

Generally Safe

Score 85/100

Primail has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago

Risk Assessment

The "primail" plugin v1.0.1 presents a generally positive security posture based on the static analysis. The absence of any recorded vulnerabilities (CVEs) historically and currently is a strong indicator of good development practices and diligence in addressing security flaws. Furthermore, the plugin exhibits several strengths: all SQL queries utilize prepared statements, all identified external HTTP requests are protected by nonce checks, and there are no critical or high severity taint flows identified. This suggests that common vulnerability vectors such as SQL injection and cross-site scripting (XSS) related to data handling are well-mitigated.

However, there are areas for improvement. The most significant concern is the relatively low percentage of properly escaped output (49%). This indicates a potential risk of cross-site scripting (XSS) vulnerabilities where unsanitized user-supplied data could be rendered directly in the browser. While the current attack surface appears minimal and there are no identified capability checks, this could change with future updates. The presence of file operations and an external HTTP request, though currently seeming protected, warrant careful monitoring in future analyses to ensure they don't introduce new attack vectors.

In conclusion, "primail" v1.0.1 is reasonably secure, particularly in its handling of database interactions and core input validation. The lack of historical vulnerabilities is commendable. The primary risk lies in the insufficient output escaping, which should be a priority for developers to address. With a focus on improving output sanitization, the plugin's security can be further enhanced.

Key Concerns

Low output escaping percentage

Vulnerabilities

None known

Primail Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Primail Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

21 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

49% escaped43 total outputs

Attack Surface

Primail Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 10

filteroption_primail_default_from_emailcore\options.php:5

filteroption_primail_default_from_namecore\options.php:6

filteroption_primail_api_debug_enabledcore\options.php:7

actioninitcore\settings.php:5

actionadmin_menucore\settings.php:7

actionadmin_initcore\settings.php:8

actionadmin_noticescore\settings.php:9

actionadmin_enqueue_scriptscore\settings.php:10

filterpre_wp_mailprimail.php:77

filterplugin_action_linksprimail.php:104

Maintenance & Trust

Primail Maintenance & Trust

Maintenance Signals

WordPress version tested6.0.11

Last updatedOct 9, 2022

PHP min version5.6.20

Downloads660

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Primail Alternatives

Send Emails with Mandrill

send-emails-with-mandrill

'Send Emails with Mandrill' sends emails that are generated by WordPress through Mandrill, a transactional email service powered by MailChimp.

7K 1 CVE

MC4WP: Mailchimp for WordPress

mailchimp-for-wp

The #1 Mailchimp plugin for WordPress. Allows you to add a multitude of newsletter sign-up methods to your site.

1.0M 11 CVEs

Mailchimp for WooCommerce

mailchimp-for-woocommerce

Connect your store to your Mailchimp audience to track sales, create targeted emails, send abandoned cart emails, and more.

300K 2 CVEs

Mailchimp List Subscribe Form

mailchimp

Add a Mailchimp signup form block, widget, or shortcode to your WordPress site.

60K 1 CVE

Elastic Email Sender

elastic-email-sender

Reconfigures wp_mail() to send email using Elastic Email API instead of SMTP.

10K 2 CVEs

Developer Profile

Primail Developer Profile

markcummins

1 plugin · 0 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Primail

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/primail/scripts/css/style.css

Version Parameters

primail/scripts/css/style.css?ver=

HTML / DOM Fingerprints

Data Attributes

name="primail_default_from_email"name="primail_default_from_name"name="primail_api_key"name="primail_api_test_key"name="primail_api_debug_enabled"

FAQ