WP-Safety

Smart Product Emails Security & Risk Analysis

wordpress.org/plugins/smart-product-emails

The complete email marketing suite for WooCommerce store owners who want to communicate smarter, not harder.

0 active installs v0.7.1 PHP 8.2+ WP 6.8+ Updated Jan 24, 2026
custom-emailsper-productproduct-emailstargeted-emailswoocommerce-emails
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Smart Product Emails Safe to Use in 2026?

Generally Safe

Score 100/100

Smart Product Emails has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The "smart-product-emails" plugin version 0.7.1 demonstrates a generally strong security posture with several good practices in place. A significant majority of SQL queries utilize prepared statements, and a high percentage of outputs are properly escaped, reducing the risk of common web vulnerabilities like SQL injection and cross-site scripting. The plugin also incorporates a reasonable number of nonce and capability checks, indicating an awareness of WordPress security best practices. Furthermore, the absence of any recorded vulnerabilities or CVEs in its history is a positive indicator of its stability and past security diligence.

However, there is a notable concern regarding the plugin's attack surface. It exposes three AJAX handlers, with one of them lacking any authentication checks. This unprotected entry point presents a potential pathway for unauthenticated attackers to interact with the plugin's functionality, which could lead to unintended actions or information disclosure depending on the handler's implementation. While taint analysis did not reveal any critical or high severity flows, the presence of an unprotected AJAX endpoint is a significant weakness that requires immediate attention.

In conclusion, while "smart-product-emails" v0.7.1 has commendable security foundations, the unprotected AJAX handler introduces a critical risk that overshadows its otherwise positive attributes. The lack of known vulnerabilities is encouraging, but proactive mitigation of the identified attack surface weakness is essential to maintain a secure environment.

Key Concerns

  • 1 unprotected AJAX handler
Vulnerabilities
None known

Smart Product Emails Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Smart Product Emails Code Analysis

Dangerous Functions
0
Raw SQL Queries
3
18 prepared
Unescaped Output
20
174 escaped
Nonce Checks
6
Capability Checks
5
File Operations
1
External Requests
0
Bundled Libraries
0

SQL Query Safety

86% prepared21 total queries

Output Escaping

90% escaped194 total outputs
Data Flows
All sanitized

Data Flow Analysis

4 flows
spe_settings_create_admin_page (admin\class-spe-admin-settings.php:115)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Smart Product Emails Attack Surface

Entry Points3
Unprotected1

AJAX Handlers 3

authwp_ajax_smartproductemails_clear_logsadmin\class-spe-error-log-admin.php:38
authwp_ajax_smartproductemails_export_logsadmin\class-spe-error-log-admin.php:39
authwp_ajax_smartproductemails_data_fetchincludes\class-smart-product-emails.php:85
WordPress Hooks 41
actionadmin_menuadmin\class-spe-admin-settings.php:29
actionadmin_initadmin\class-spe-admin-settings.php:30
actionadmin_enqueue_scriptsadmin\class-spe-admin-settings.php:31
actionadmin_noticesadmin\class-spe-admin-settings.php:32
filtermanage_smartproductemails_posts_columnsadmin\class-spe-column-display.php:22
actionmanage_smartproductemails_posts_custom_columnadmin\class-spe-column-display.php:23
actionplugins_loadedadmin\class-spe-column-display.php:63
actionadmin_noticesadmin\class-spe-cpt.php:22
actioninitadmin\class-spe-cpt.php:145
actionadmin_enqueue_scriptsadmin\class-spe-dynamic-tags.php:25
actionedit_form_after_titleadmin\class-spe-dynamic-tags.php:26
actionadmin_footeradmin\class-spe-dynamic-tags.php:27
actionadmin_menuadmin\class-spe-error-log-admin.php:36
actionadmin_enqueue_scriptsadmin\class-spe-error-log-admin.php:37
filteradmin_body_classadmin\class-spe-product-data-admin.php:24
actionadmin_head-post.phpincludes\class-smart-product-emails.php:74
actionadmin_head-post-new.phpincludes\class-smart-product-emails.php:75
actionwoocommerce_product_data_tabsincludes\class-smart-product-emails.php:76
actionwoocommerce_product_data_panelsincludes\class-smart-product-emails.php:77
actionadmin_enqueue_scriptsincludes\class-smart-product-emails.php:78
actionwoocommerce_process_product_metaincludes\class-smart-product-emails.php:79
actionadmin_footerincludes\class-smart-product-emails.php:82
actionwp_mail_failedincludes\class-spe-email-logger.php:37
actionwoocommerce_email_sentincludes\class-spe-email-logger.php:40
actionwoocommerce_order_status_cancelled_to_processing_notificationincludes\class-spe-output.php:62
actionwoocommerce_order_status_cancelled_to_processing_notificationincludes\class-spe-output.php:63
actionwoocommerce_order_status_failed_to_processing_notificationincludes\class-spe-output.php:64
actionwoocommerce_order_status_failed_to_processing_notificationincludes\class-spe-output.php:65
actionwoocommerce_order_status_on-hold_to_processing_notificationincludes\class-spe-output.php:66
actionwoocommerce_order_status_on-hold_to_processing_notificationincludes\class-spe-output.php:67
actionwoocommerce_order_status_pending_to_processing_notificationincludes\class-spe-output.php:68
actionwoocommerce_order_status_pending_to_processing_notificationincludes\class-spe-output.php:69
filtersafe_style_cssincludes\class-spe-output.php:261
actionwoocommerce_email_headerincludes\class-spe-output.php:537
actionwoocommerce_email_before_order_tableincludes\class-spe-output.php:538
actionwoocommerce_email_after_order_tableincludes\class-spe-output.php:539
actionwoocommerce_email_order_metaincludes\class-spe-output.php:540
actionwoocommerce_email_customer_detailsincludes\class-spe-output.php:541
actionwoocommerce_email_footerincludes\class-spe-output.php:542
actionbefore_woocommerce_initsmart-product-emails.php:29
actionsmartproductemails_cleanup_old_logssmart-product-emails.php:117

Scheduled Events 1

smartproductemails_cleanup_old_logs
Maintenance & Trust

Smart Product Emails Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 24, 2026
PHP min version8.2
Downloads195

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Smart Product Emails Alternatives

MailPoet – Newsletters, Email Marketing, and Automation

MailPoet – Newsletters, Email Marketing, and Automation

mailpoet

A
98

Send beautiful newsletters from WordPress. Collect subscribers with signup forms, automate your emails for WooCommerce, blog post notifications & more

500K 3 CVEs
YayMail – WooCommerce Email Customizer

YayMail – WooCommerce Email Customizer

yaymail

A
94

Customize WooCommerce email templates with an advanced drag-and-drop email builder. Works great with 80+ WooCommerce Email Customizer Addons.

50K 4 CVEs
Email Customizer for WooCommerce | Drag and Drop Email Templates Builder

Email Customizer for WooCommerce | Drag and Drop Email Templates Builder

email-customizer-for-woocommerce

A
98

WooCommerce Email Customizer plugin lets you customize transactional emails using a template builder, adding text, images & more to match your brand

10K 2 CVEs
Metorik – Reports & Email Automation for WooCommerce

Metorik – Reports & Email Automation for WooCommerce

metorik-helper

A
99

The Metorik Helper helps provide your WooCommerce store with powerful analytics, reports, and tools.

10K 1 CVE
ShopMagic – email automation

ShopMagic – email automation

shopmagic-for-woocommerce

A
96

Flexible email automation and workflows triggered by customer and site events.

10K 2 CVEs
Developer Profile

Smart Product Emails Developer Profile

alexmustin

4 plugins · 100 total installs

86
trust score
Avg Security Score
89/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Smart Product Emails

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/smart-product-emails/assets/css/spe-admin-styles.css/wp-content/plugins/smart-product-emails/assets/css/spe-frontend-styles.css/wp-content/plugins/smart-product-emails/assets/js/spe-admin-scripts.js/wp-content/plugins/smart-product-emails/assets/js/spe-frontend-scripts.js
Script Paths
/wp-content/plugins/smart-product-emails/assets/js/spe-admin-scripts.js/wp-content/plugins/smart-product-emails/assets/js/spe-frontend-scripts.js
Version Parameters
smart-product-emails/assets/css/spe-admin-styles.css?ver=smart-product-emails/assets/css/spe-frontend-styles.css?ver=smart-product-emails/assets/js/spe-admin-scripts.js?ver=smart-product-emails/assets/js/spe-frontend-scripts.js?ver=

HTML / DOM Fingerprints

CSS Classes
spe-error-log-tablespe-email-log-table
HTML Comments
<!-- Smart Product Emails Admin Settings --><!-- Smart Product Emails Error Log Table --><!-- Smart Product Emails Email Log Table -->
Data Attributes
data-spe-log-leveldata-spe-messagedata-spe-contextdata-spe-user-iddata-spe-product-iddata-spe-order-id+19 more
JS Globals
smartProductEmailsAdminspe_admin_paramsspe_frontend_params
REST Endpoints
/wp-json/smart-product-emails/v1/logs/wp-json/smart-product-emails/v1/email-logs
FAQ

Frequently Asked Questions about Smart Product Emails