Does Reply-To for WP_Mail have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Reply-To for WP_Mail compatible with WordPress 6.9.4?

According to WordPress.org data, Reply-To for WP_Mail 2.0.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Reply-To for WP_Mail compatible with PHP 5.6+?

Reply-To for WP_Mail requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Reply-To for WP_Mail updated?

Reply-To for WP_Mail was last updated on Jan 20, 2026. Frequent updates are generally a positive security signal.

What is Reply-To for WP_Mail's security score?

Reply-To for WP_Mail has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Reply-To for WP_Mail Security & Risk Analysis

wordpress.org/plugins/replyto

Configure different "Reply-To" addresses by email context with validation, modern tabbed UI, and automatic migration.

100 active installs v2.0.0 PHP 5.6+ WP 4.1+ Updated Jan 20, 2026

emailmailreply-tosmtp

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Reply-To for WP_Mail Safe to Use in 2026?

Generally Safe

Score 100/100

Reply-To for WP_Mail has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago

Risk Assessment

The "replyto" v2.0.0 plugin exhibits a strong security posture based on the provided static analysis. A notable strength is the complete absence of unprotected entry points across AJAX handlers, REST API routes, shortcodes, and cron events. Furthermore, all identified output is properly escaped, and there are no detected file operations or external HTTP requests, significantly reducing the attack surface. The plugin also shows good practice by including a capability check. However, a critical concern is the single SQL query that is not using prepared statements. This represents a potential SQL injection vulnerability, especially given the lack of any recorded historical vulnerabilities, which might suggest a false sense of security or limited testing.

Key Concerns

Raw SQL query without prepared statements

Vulnerabilities

None known

Reply-To for WP_Mail Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Reply-To for WP_Mail Release Timeline

v2.0.0Current

v1.0.3

v1.0.2

v1.0.1

v1.0.0

Code Analysis

Analyzed Mar 16, 2026

Reply-To for WP_Mail Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

46 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared1 total queries

Output Escaping

100% escaped46 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

2 flows

wp_mail_replyto_render_settings_page (replyto.php:659)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Reply-To for WP_Mail Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 6

actionadmin_initreplyto.php:91

filterwp_mailreplyto.php:209

filterwp_mailreplyto.php:316

actionadmin_menureplyto.php:334

actionadmin_initreplyto.php:484

actionadmin_enqueue_scriptsreplyto.php:650

Maintenance & Trust

Reply-To for WP_Mail Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 20, 2026

PHP min version5.6

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs100

Alternatives

Reply-To for WP_Mail Alternatives

WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin

wp-mail-smtp

Make email delivery easy for WordPress. Connect with SMTP, Gmail, Outlook, SendGrid, Mailgun, SES, Zoho, + more. Rated #1 WordPress SMTP Email plugin.

4.0M 2 CVEs

Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more

easy-wp-smtp

Make SMTP email sending and delivery easy. Configure Gmail, Outlook, Brevo, SendGrid, Mailgun, SendLayer or connect to any SMTP server.

500K 8 CVEs

Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App

post-smtp

Improve WordPress email deliverability. Connect Gmail SMTP, Microsoft 365, Brevo, SendGrid, Mailgun, Zoho, Amazon SES, etc. #1 WordPress SMTP Plugin.

400K 23 CVEs

WP Mail Logging

wp-mail-logging

Log, view, and resend all emails sent from your WordPress site. Great for resolving email sending issues or keeping a copy for auditing.

300K 6 CVEs

Site Mailer – SMTP Replacement, Email API Deliverability & Email Log

site-mailer

Effortlessly manage transactional emails with Site Mailer. High deliverability, logs and statistics, and no SMTP plugins needed.

200K 1 CVE

Developer Profile

Reply-To for WP_Mail Developer Profile

Javier Casares

4 plugins · 13K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

10 days

View full developer profile

Detection Fingerprints

How We Detect Reply-To for WP_Mail

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ