SMTP Form Master Security & Risk Analysis
wordpress.org/plugins/smtp-form-masterContact forms with SMTP, email templates, and reCAPTCHA v3 spam protection.
Is SMTP Form Master Safe to Use in 2026?
Generally Safe
Score 100/100SMTP Form Master has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "smtp-form-master" plugin version 2.0.4 demonstrates a generally strong security posture based on the provided static analysis. It exhibits excellent practices in output escaping, with 99% of outputs being properly escaped, and all SQL queries utilize prepared statements, mitigating common injection risks. The plugin also correctly implements nonce and capability checks for its limited entry points, indicating a thoughtful approach to access control. The complete absence of known CVEs and historical vulnerabilities further reinforces this positive outlook, suggesting a well-maintained and secure codebase.
However, a minor concern lies in the plugin's reliance on external HTTP requests. While the analysis doesn't specify the nature or target of these requests, any external communication inherently introduces a potential attack vector. This could be for legitimate purposes like fetching data, but it's crucial to ensure these requests are made securely and do not expose sensitive information or become a pivot point for attackers. The limited attack surface and the robust implementation of security checks are significant strengths, but the external request warrants careful monitoring and understanding of its implementation details for a complete risk assessment.
Key Concerns
- External HTTP requests detected
SMTP Form Master Security Vulnerabilities
SMTP Form Master Code Analysis
Output Escaping
SMTP Form Master Attack Surface
Shortcodes 1
WordPress Hooks 16
Maintenance & Trust
SMTP Form Master Maintenance & Trust
Maintenance Signals
Community Trust
SMTP Form Master Alternatives
WPZOOM Forms – Drag & Drop Contact Form Builder for WordPress
wpzoom-forms
Drag & drop contact form builder for WordPress. Create contact forms, custom forms, email forms with spam protection. Works with Elementor, shortcodes
reCaptcha Add-On for FormCraft
formcraft-recaptcha
Add reCaptcha to your FormCraft forms.
Contact Form Widget
new-contact-form-widget
Create contact forms with query table management. Simple setup, secure submissions, and easy customization for your site.
Quick Contact Form
quick-contact-form
An easy to set up, plug and play contact form with a huge range of options and styles. A beginner friendly WordPress contact form plugin.
Contact Forms by Cimatti
contact-forms
Create and publish forms in your WordPress website with drag and drop. Contact forms, landing page forms, invitations, and more.
SMTP Form Master Developer Profile
2 plugins · 0 total installs
How We Detect SMTP Form Master
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/smtp-form-master/public/css/smtpfm-styles.css/wp-content/plugins/smtp-form-master/public/js/smtpfm-modal.js/wp-content/plugins/smtp-form-master/admin/build/index.css/wp-content/plugins/smtp-form-master/admin/build/index.js/wp-content/plugins/smtp-form-master/public/js/smtpfm-modal.js/wp-content/plugins/smtp-form-master/public/css/smtpfm-styles.css?ver=/wp-content/plugins/smtp-form-master/public/js/smtpfm-modal.js?ver=/wp-content/plugins/smtp-form-master/admin/build/index.css?ver=/wp-content/plugins/smtp-form-master/admin/build/index.js?ver=HTML / DOM Fingerprints
smtpfm-modal-js<!-- Top-level dashboard page with React admin --><!-- Note: Forms tab is now inside the React dashboard (not a separate submenu) --><!-- The React admin has 3 tabs: SMTP Settings | Forms | reCAPTCHA --><!-- Only load on our dashboard page -->+7 moreid="smtpfm-react-root"smtpfm_register_form_post_typesmtpfm_upgrade_routinessmtpfm_upgrade_noticesmtpfm_action_linkssmtpfm_row_metasmtpfm_admin_menu+2 more