Does SMTP Mailer have any unpatched vulnerabilities?

No. All known vulnerabilities in SMTP Mailer have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is SMTP Mailer compatible with WordPress 6.9.4?

According to WordPress.org data, SMTP Mailer 1.1.25 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is SMTP Mailer updated?

SMTP Mailer was last updated on Feb 16, 2026. Frequent updates are generally a positive security signal.

What is SMTP Mailer's security score?

SMTP Mailer has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

SMTP Mailer Security & Risk Analysis

wordpress.org/plugins/smtp-mailer

Configure a SMTP server to send email from your WordPress site. Configure the wp_mail() function to use SMTP instead of the PHP mail() function.

70K active installs v1.1.25 PHP + WP 6.9+ Updated Feb 16, 2026

emailmailphpmailersmtp

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is SMTP Mailer Safe to Use in 2026?

Generally Safe

Score 100/100

SMTP Mailer has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The "smtp-mailer" plugin v1.1.25 demonstrates a generally strong security posture based on the provided static analysis. The absence of any reported CVEs or known vulnerabilities, combined with no recorded past issues, suggests a well-maintained and secure plugin. The code analysis reveals a clean implementation with no dangerous functions, file operations, or external HTTP requests. Importantly, all SQL queries utilize prepared statements, and a significant majority of output is properly escaped. The presence of nonce and capability checks, though not universally applied across all potential entry points (which are notably zero), indicates a level of security awareness in the development process.

Key Concerns

No reported CVEs or vulnerability history
No dangerous functions detected
All SQL queries use prepared statements
Limited output escaping (83%)
No file operations or external HTTP requests
Presence of nonce and capability checks
Zero identified attack surface entry points
No taint analysis findings

Vulnerabilities

None known

SMTP Mailer Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

SMTP Mailer Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

44 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

83% escaped53 total outputs

Attack Surface

SMTP Mailer Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 5

actionplugins_loadedmain.php:43

actionadmin_menumain.php:44

actionadmin_enqueue_scriptsmain.php:45

filterpre_wp_mailmain.php:47

filterplugin_action_linksmain.php:61

Maintenance & Trust

SMTP Mailer Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 16, 2026

PHP min version

Downloads1.4M

Community Trust

Rating90/100

Number of ratings65

Active installs70K

Alternatives

SMTP Mailer Alternatives

WPO365 | MICROSOFT 365 GRAPH MAILER

wpo365-msgraphmailer

Send WordPress emails from a M365 / Exchange Online Mailbox using Microsoft Graph, leveraging OAuth for authentication which is more secure than SMTP

10K 1 CVE

Configure SMTP

configure-smtp

Configure SMTP mailing in WordPress, including support for sending email via SSL/TLS (such as Gmail).

7K 1 CVE

MailerSend – Official SMTP Integration

mailersend-official-smtp-integration

100

Improve your deliverability and avoid the spam box with MailerSend’s SMTP server. Check your analytics to improve your emails for better conversion!

2K No CVEs

SAR Friendly SMTP

sar-friendly-smtp

100

A friendly SMTP plugin for WordPress. No third-party, simply using WordPress native possibilities.

2K No CVEs

Send From

send-from

Plugin for modifying the from line on all emails coming from WordPress.

600 1 CVE

Developer Profile

SMTP Mailer Developer Profile

Noor Alam

25 plugins · 157K total installs

trust score

Avg Security Score

94/100

Avg Patch Time

450 days

View full developer profile

Detection Fingerprints

How We Detect SMTP Mailer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/smtp-mailer/addons/smtp-mailer-addons.css

Version Parameters

smtp-mailer/addons/smtp-mailer-addons.css?ver=

HTML / DOM Fingerprints

CSS Classes

nav-tab-active

Data Attributes

data-options

FAQ