Does SMTP Mailer have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is SMTP Mailer compatible with WordPress 6.9.4?

According to WordPress.org data, SMTP Mailer 1.1.25 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is SMTP Mailer updated?

SMTP Mailer was last updated on Feb 16, 2026. Frequent updates are generally a positive security signal.

What is SMTP Mailer's security score?

SMTP Mailer has a WP-Safety security score of 97/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

SMTP Mailer Security & Risk Analysis

wordpress.org/plugins/smtp-mailer

Configure a SMTP server to send email from your WordPress site. Configure the wp_mail() function to use SMTP instead of the PHP mail() function.

70K active installs v1.1.25 PHP + WP 6.9+ Updated Feb 16, 2026

emailmailphpmailersmtp

A · Safe

CVEs total1

Unpatched0

Last CVEMar 20, 2026

Plugin page Download

Safety Verdict

Is SMTP Mailer Safe to Use in 2026?

Generally Safe

Score 97/100

SMTP Mailer has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Mar 20, 2026Updated 3mo ago

Risk Assessment

The "smtp-mailer" plugin v1.1.25 demonstrates a generally strong security posture based on the provided static analysis. The absence of any reported CVEs or known vulnerabilities, combined with no recorded past issues, suggests a well-maintained and secure plugin. The code analysis reveals a clean implementation with no dangerous functions, file operations, or external HTTP requests. Importantly, all SQL queries utilize prepared statements, and a significant majority of output is properly escaped. The presence of nonce and capability checks, though not universally applied across all potential entry points (which are notably zero), indicates a level of security awareness in the development process.

Key Concerns

No reported CVEs or vulnerability history
No dangerous functions detected
All SQL queries use prepared statements
Limited output escaping (83%)
No file operations or external HTTP requests
Presence of nonce and capability checks
Zero identified attack surface entry points
No taint analysis findings

Vulnerabilities

1 published

SMTP Mailer Security Vulnerabilities

CVEs by Year

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

High

1 total CVE

CVE-2026-32538high · 7.5Exposure of Sensitive Information to an Unauthorized Actor

SMTP Mailer <= 1.1.24 - Unauthenticated Information Exposure

Mar 20, 2026 Patched in 1.1.25 (8d)

Version History

SMTP Mailer Release Timeline

v1.1.231 CVE

v1.1.221 CVE

v1.1.211 CVE

v1.1.201 CVE

v1.1.191 CVE

v1.1.181 CVE

v1.1.171 CVE

v1.1.101 CVE

v1.1.51 CVE

v1.0.51 CVE

v1.0.21 CVE

v1.0.11 CVE

Code Analysis

Analyzed Mar 16, 2026

SMTP Mailer Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

44 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

83% escaped53 total outputs

Attack Surface

SMTP Mailer Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 5

actionplugins_loadedmain.php:43

actionadmin_menumain.php:44

actionadmin_enqueue_scriptsmain.php:45

filterpre_wp_mailmain.php:47

filterplugin_action_linksmain.php:61

Maintenance & Trust

SMTP Mailer Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 16, 2026

PHP min version

Downloads1.4M

Community Trust

Rating90/100

Number of ratings65

Active installs70K

Alternatives

SMTP Mailer Alternatives

WPO365 | MICROSOFT 365 GRAPH MAILER

wpo365-msgraphmailer

Send WordPress emails from a M365 / Exchange Online Mailbox using Microsoft Graph, leveraging OAuth for authentication which is more secure than SMTP

10K 1 CVE

Configure SMTP

configure-smtp

Configure SMTP mailing in WordPress, including support for sending email via SSL/TLS (such as Gmail).

7K 1 CVE

MailerSend – Official SMTP Integration

mailersend-official-smtp-integration

100

Improve your deliverability and avoid the spam box with MailerSend’s SMTP server. Check your analytics to improve your emails for better conversion!

2K No CVEs

SAR Friendly SMTP

sar-friendly-smtp

A friendly SMTP plugin for WordPress. No third-party, simply using WordPress native possibilities.

2K No CVEs

Send From

send-from

Plugin for modifying the from line on all emails coming from WordPress.

600 1 CVE

Developer Profile

SMTP Mailer Developer Profile

Noor Alam

26 plugins · 156K total installs

trust score

Avg Security Score

93/100

Avg Patch Time

416 days

View full developer profile

Detection Fingerprints

How We Detect SMTP Mailer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/smtp-mailer/addons/smtp-mailer-addons.css

Version Parameters

smtp-mailer/addons/smtp-mailer-addons.css?ver=

HTML / DOM Fingerprints

CSS Classes

nav-tab-active

Data Attributes

data-options

FAQ

SMTP Mailer Security & Risk Analysis

Is SMTP Mailer Safe to Use in 2026?

Generally Safe

Key Concerns

SMTP Mailer Security Vulnerabilities

CVEs by Year

Severity Breakdown

SMTP Mailer Release Timeline

SMTP Mailer Code Analysis

Output Escaping

SMTP Mailer Attack Surface

SMTP Mailer Maintenance & Trust

Maintenance Signals

Community Trust

SMTP Mailer Alternatives

WPO365 | MICROSOFT 365 GRAPH MAILER

Configure SMTP

MailerSend – Official SMTP Integration

SAR Friendly SMTP

Send From

SMTP Mailer Developer Profile

How We Detect SMTP Mailer

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about SMTP Mailer