SH Email Tester Security & Risk Analysis
wordpress.org/plugins/sh-email-testerSend a test email from your WordPress site and review recent outgoing email logs.
Is SH Email Tester Safe to Use in 2026?
Generally Safe
Score 100/100SH Email Tester has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "sh-email-tester" plugin v1.0.0 exhibits a generally strong security posture based on the provided static analysis. The absence of known vulnerabilities in its history is a positive indicator. The code demonstrates good practices by utilizing prepared statements for all SQL queries and implementing nonce and capability checks for sensitive operations. The limited attack surface, with no AJAX handlers, REST API routes, or shortcodes, further reduces the immediate risk of external exploitation.
However, a notable concern arises from the output escaping. With 67% of outputs properly escaped, this means approximately one-third of the plugin's output is not adequately protected, potentially leaving it vulnerable to cross-site scripting (XSS) attacks. While the taint analysis shows no critical or high-severity unsanitized flows, the unescaped outputs represent a real, albeit potentially lower-severity, risk that should be addressed.
In conclusion, while the plugin is well-constructed in many areas, the unescaped output is a significant weakness that needs remediation to achieve a robust security profile. The lack of historical vulnerabilities is encouraging, but it does not negate the importance of addressing identified code-level weaknesses.
Key Concerns
- Inadequately escaped outputs
SH Email Tester Security Vulnerabilities
SH Email Tester Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
SH Email Tester Attack Surface
WordPress Hooks 5
Scheduled Events 1
Maintenance & Trust
SH Email Tester Maintenance & Trust
Maintenance Signals
Community Trust
SH Email Tester Alternatives
WP SMTP Mailer
wp-smtp-mailer
WP SMTP Mailer is a simple and flexible plugin to configure SMTP settings in WordPress. It allows you to set up SMTP credentials, test email sending, …
WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin
wp-mail-smtp
Make email delivery easy for WordPress. Connect with SMTP, Gmail, Outlook, SendGrid, Mailgun, SES, Zoho, + more. Rated #1 WordPress SMTP Email plugin.
Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more
easy-wp-smtp
Make SMTP email sending and delivery easy. Configure Gmail, Outlook, Brevo, SendGrid, Mailgun, SendLayer or connect to any SMTP server.
Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App
post-smtp
Improve WordPress email deliverability. Connect Gmail SMTP, Microsoft 365, Brevo, SendGrid, Mailgun, Zoho, Amazon SES, etc. #1 WordPress SMTP Plugin.
SureMail – SMTP and Email Logs Plugin with Amazon SES, Postmark, and Other Providers
suremails
SureMail – SMTP and Email Logs Plugin with Amazon SES, Postmark, and Other Providers
SH Email Tester Developer Profile
2 plugins · 10 total installs
How We Detect SH Email Tester
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/sh-email-tester/css/admin.css/wp-content/plugins/sh-email-tester/js/admin.js/wp-content/plugins/sh-email-tester/js/admin.jssh-email-tester/css/admin.css?ver=sh-email-tester/js/admin.js?ver=HTML / DOM Fingerprints
shet-email-tester-testshet-email-tester-hintshet-email-tester-cardname="mail_to"name="mail_subject"name="shet_email_tester_submit"<input class="regular-text" type="email" name="mail_to" value="