WP-Safety

Pro Mail SMTP Security & Risk Analysis

wordpress.org/plugins/pro-mail-smtp

Enhance email deliverability with multiple SMTP providers, automatic failover, proactive alerts, analytics, and smart routing.

100 active installs v1.6.3 PHP 7.2+ WP 6.3+ Updated Mar 3, 2026
emailgmailoutlooksmtpwp-mail
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Pro Mail SMTP Safe to Use in 2026?

Generally Safe

Score 100/100

Pro Mail SMTP has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "pro-mail-smtp" v1.6.3 plugin exhibits a generally strong security posture based on the provided static analysis. The plugin demonstrates good development practices by implementing robust authentication and authorization checks for all its AJAX entry points, leaving no unprotected endpoints. Furthermore, the vast majority of SQL queries utilize prepared statements, and output escaping is consistently applied, significantly reducing the risk of common web vulnerabilities like SQL injection and cross-site scripting. The absence of known CVEs and a clean vulnerability history are positive indicators of responsible development and maintenance.

However, the taint analysis reveals a significant area of concern: 11 out of 14 analyzed flows have unsanitized paths with a high severity. This indicates potential pathways for malicious input to be processed without adequate sanitization, which could lead to vulnerabilities like path traversal or other file-related exploits, even though direct file operations are limited to three. The presence of bundled libraries, specifically PHPMailer, also warrants attention. While not explicitly flagged as outdated or vulnerable in this dataset, bundled libraries can become a security risk if not actively maintained and updated, as they may contain known vulnerabilities.

Key Concerns

  • High severity taint flows with unsanitized paths
  • Bundled library (PHPMailer)
Vulnerabilities
None known

Pro Mail SMTP Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Pro Mail SMTP Code Analysis

Dangerous Functions
0
Raw SQL Queries
18
42 prepared
Unescaped Output
8
390 escaped
Nonce Checks
24
Capability Checks
22
File Operations
3
External Requests
8
Bundled Libraries
1

Bundled Libraries

PHPMailer

SQL Query Safety

70% prepared60 total queries

Output Escaping

98% escaped398 total outputs
Data Flows
11 unsanitized

Data Flow Analysis

14 flows11 with unsanitized paths
handle_form_submissions (includes\Admin\Logs.php:77)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Pro Mail SMTP Attack Surface

Entry Points19
Unprotected0

AJAX Handlers 19

authwp_ajax_pro_mail_smtp_save_alert_configincludes\Admin\Alerts.php:13
authwp_ajax_pro_mail_smtp_test_alertincludes\Admin\Alerts.php:14
authwp_ajax_pro_mail_smtp_delete_alert_configincludes\Admin\Alerts.php:15
authwp_ajax_pro_mail_smtp_fetch_provider_analyticsincludes\Admin\Analytics.php:21
authwp_ajax_pro_mail_smtp_get_provider_configincludes\Admin\Analytics.php:22
authwp_ajax_pro_mail_smtp_save_email_routerincludes\Admin\EmailRouter.php:11
authwp_ajax_pro_mail_smtp_update_email_router_statusincludes\Admin\EmailRouter.php:12
authwp_ajax_pro_mail_smtp_get_email_router_conditionincludes\Admin\EmailRouter.php:13
authwp_ajax_pro_mail_smtp_delete_email_router_conditionincludes\Admin\EmailRouter.php:14
authwp_ajax_pro_mail_smtp_view_email_logincludes\Admin\Logs.php:23
authwp_ajax_pro_mail_smtp_resend_email_logincludes\Admin\Logs.php:24
authwp_ajax_pro_mail_smtp_get_resend_modalincludes\Admin\Logs.php:25
authwp_ajax_pro_mail_smtp_test_provider_connectionincludes\Admin\Providers.php:19
authwp_ajax_pro_mail_smtp_save_providerincludes\Admin\Providers.php:20
authwp_ajax_pro_mail_smtp_delete_providerincludes\Admin\Providers.php:21
authwp_ajax_pro_mail_smtp_load_provider_formincludes\Admin\Providers.php:22
authwp_ajax_pro_mail_smtp_import_connectionsincludes\Admin\Providers.php:23
authwp_ajax_pro_mail_smtp_set_oauth_tokenincludes\Admin\Providers.php:24
authwp_ajax_pro_mail_smtp_delete_all_dataincludes\Admin\Settings.php:15
WordPress Hooks 18
actionadmin_enqueue_scriptsincludes\Admin\About.php:13
actionadmin_enqueue_scriptsincludes\Admin\Alerts.php:12
actionadmin_enqueue_scriptsincludes\Admin\Analytics.php:23
actionadmin_enqueue_scriptsincludes\Admin\EmailRouter.php:10
actionadmin_enqueue_scriptsincludes\Admin\Logs.php:22
actionadmin_menuincludes\Admin\Menu.php:9
actionadmin_enqueue_scriptsincludes\Admin\Providers.php:18
actionadmin_enqueue_scriptsincludes\Admin\Settings.php:13
actionadmin_initincludes\Admin\Settings.php:14
filterwpcf7_mail_componentsincludes\Core\Plugin.php:51
filterpre_wp_mailincludes\Core\Plugin.php:68
actionadmin_enqueue_scriptsincludes\Core\Plugin.php:82
actionadmin_bar_menuincludes\Core\Plugin.php:83
actioninitincludes\Cron\SummaryMail.php:16
filtercron_schedulesincludes\Cron\SummaryMail.php:17
actioninitincludes\Email\Manager.php:35
actionadmin_noticespro-mail-smtp.php:55
actioninitpro-mail-smtp.php:62
Maintenance & Trust

Pro Mail SMTP Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 3, 2026
PHP min version7.2
Downloads2K

Community Trust

Rating100/100
Number of ratings4
Active installs100
Alternatives

Pro Mail SMTP Alternatives

WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin

WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin

wp-mail-smtp

A
99

Make email delivery easy for WordPress. Connect with SMTP, Gmail, Outlook, SendGrid, Mailgun, SES, Zoho, + more. Rated #1 WordPress SMTP Email plugin.

4.0M 2 CVEs
Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more

Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more

easy-wp-smtp

A
91

Make SMTP email sending and delivery easy. Configure Gmail, Outlook, Brevo, SendGrid, Mailgun, SendLayer or connect to any SMTP server.

500K 8 CVEs
SureMail – SMTP and Email Logs Plugin with Amazon SES, Postmark, and Other Providers

SureMail – SMTP and Email Logs Plugin with Amazon SES, Postmark, and Other Providers

suremails

A
97

SureMail – SMTP and Email Logs Plugin with Amazon SES, Postmark, and Other Providers

200K 1 CVE
YaySMTP and Email Logs: Amazon SES, SendGrid, Outlook, Mailgun, Brevo, Google and Any SMTP Service

YaySMTP and Email Logs: Amazon SES, SendGrid, Outlook, Mailgun, Brevo, Google and Any SMTP Service

yaysmtp

A
90

Send WordPress emails successfully with WP Mail SMTP via your favorite mailer

10K 8 CVEs
Bit SMTP – Easy SMTP Solution with Email Logs

Bit SMTP – Easy SMTP Solution with Email Logs

bit-smtp

A
99

Short Description

2K 1 CVE
Developer Profile

Pro Mail SMTP Developer Profile

turboSMTP

3 plugins · 510 total installs

100
trust score
Avg Security Score
100/100
Avg Patch Time
6 days
View full developer profile
Detection Fingerprints

How We Detect Pro Mail SMTP

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/pro-mail-smtp/assets/css/admin.css/wp-content/plugins/pro-mail-smtp/assets/js/alerts.js/wp-content/plugins/pro-mail-smtp/assets/css/alerts.css
Script Paths
/wp-content/plugins/pro-mail-smtp/assets/js/alerts.js
Version Parameters
pro-mail-smtp/assets/css/admin.css?ver=pro-mail-smtp/assets/js/alerts.js?ver=pro-mail-smtp/assets/css/alerts.css?ver=

HTML / DOM Fingerprints

CSS Classes
pro-mail-smtp-page-pro-mail-smtp-aboutpro-mail-smtp_page_pro-mail-smtp-alerts
Data Attributes
data-pro-mail-smtp-module
JS Globals
ProMailSMTPAlerts
FAQ

Frequently Asked Questions about Pro Mail SMTP