Does SMTP for SendGrid – YaySMTP have any unpatched vulnerabilities?

No. All known vulnerabilities in SMTP for SendGrid – YaySMTP have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is SMTP for SendGrid – YaySMTP compatible with WordPress 6.8.5?

According to WordPress.org data, SMTP for SendGrid – YaySMTP 1.5.1 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is SMTP for SendGrid – YaySMTP compatible with PHP 5.3+?

SMTP for SendGrid – YaySMTP requires PHP 5.3 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is SMTP for SendGrid – YaySMTP updated?

SMTP for SendGrid – YaySMTP was last updated on Jul 12, 2025. Frequent updates are generally a positive security signal.

What is SMTP for SendGrid – YaySMTP's security score?

SMTP for SendGrid – YaySMTP has a WP-Safety security score of 97/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

SMTP for SendGrid – YaySMTP Security & Risk Analysis

wordpress.org/plugins/smtp-sendgrid

Send emails from WordPress through SendGrid using SMTP by YayCommerce

1K active installs v1.5.1 PHP 5.3+ WP 4.0+ Updated Jul 12, 2025

sendgrid-smtpwordpress-smtpwp-mail-smtpwp-smtpwp-mail

A · Safe

CVEs total2

Unpatched0

Last CVEJul 16, 2025

Plugin page Download

Safety Verdict

Is SMTP for SendGrid – YaySMTP Safe to Use in 2026?

Generally Safe

Score 97/100

SMTP for SendGrid – YaySMTP has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Jul 16, 2025Updated 8mo ago

Risk Assessment

The 'smtp-sendgrid' plugin v1.5.1 exhibits a generally strong security posture based on the provided static analysis. The absence of identified AJAX handlers, REST API routes, shortcodes, and cron events with unprotected entry points suggests a limited attack surface. Furthermore, the code demonstrates good practices with a high percentage of SQL queries using prepared statements and a majority of outputs being properly escaped. The presence of nonce and capability checks, along with a single external HTTP request, are also positive indicators.

Key Concerns

High historical high/medium CVE count
Bundled PHPMailer library
Some SQL queries not prepared
Some outputs not escaped

Vulnerabilities

SMTP for SendGrid – YaySMTP Security Vulnerabilities

CVEs by Year

2 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

High

Medium

2 total CVEs

CVE-2025-48301medium · 4.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

SMTP for SendGrid – YaySMTP <= 1.5 - Authenticated (Administrator+) SQL Injection

Jul 16, 2025 Patched in 1.5.1 (7d)

CVE-2025-0918high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

SMTP for SendGrid – YaySMTP <= 1.4 - Unauthenticated Stored Cross-Site Scripting via Email Logs

Feb 22, 2025 Patched in 1.5 (48d)

Code Analysis

Analyzed Mar 16, 2026

SMTP for SendGrid – YaySMTP Code Analysis

Dangerous Functions

Raw SQL Queries

11 prepared

Unescaped Output

36 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

PHPMailer

SQL Query Safety

73% prepared15 total queries

Output Escaping

88% escaped41 total outputs

Attack Surface

SMTP for SendGrid – YaySMTP Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 8

actioninitincludes\I18n.php:18

actionadmin_menuincludes\Page\Settings.php:25

actionadmin_enqueue_scriptsincludes\Page\Settings.php:29

actionphpmailer_initincludes\PluginCore.php:28

filterwp_mail_fromincludes\PluginCore.php:29

filterwp_mail_from_nameincludes\PluginCore.php:30

filtercron_schedulesincludes\Schedule.php:21

actionplugins_loadedyay-smtp.php:88

Maintenance & Trust

SMTP for SendGrid – YaySMTP Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJul 12, 2025

PHP min version5.3

Downloads15K

Community Trust

Rating100/100

Number of ratings2

Active installs1K

Alternatives

SMTP for SendGrid – YaySMTP Alternatives

WP SMTP Mailer – SMTP7

wp-mail-smtp-mailer

100

WP SMTP Mailer Plugin - SMTP7. Make email delivery easy from WordPress. It is easy to configure.

9K No CVEs

MailHawk — Simple SMTP, Email Delivery, and Email Logging

mailhawk

An easier SMTP service for WordPress. Improve your WordPress email deliverability!

400 1 CVE

MailHog for WordPress

wp-mailhog-smtp

Zero configuration MailHog plugin for your development machine.

100 No CVEs

HTP SMTP – WP Mail SMTP, Amazon SES, SendGrid, MailGun and Any SMTP Connector Plugin

htp-smtp

HTP SMTP can help us to send emails via SMTP instead of the PHP mail() function.

20 No CVEs

GoSMTP – SMTP for WordPress

gosmtp

100

Send emails from your WordPress site using your preferred SMTP provider like Gmail, Outlook, AWS, Zoho, SMTP.com, Brevo (formerly Sendinblue), Mailgun …

500K No CVEs

Developer Profile

SMTP for SendGrid – YaySMTP Developer Profile

YayCommerce

16 plugins · 78K total installs

trust score

Avg Security Score

97/100

Avg Patch Time

133 days

View full developer profile

Detection Fingerprints

How We Detect SMTP for SendGrid – YaySMTP

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/smtp-sendgrid/assets/css/yay-smtp-admin.css/wp-content/plugins/smtp-sendgrid/assets/js/yay-smtp-admin.js/wp-content/plugins/smtp-sendgrid/assets/js/purify.min.js

Script Paths

/wp-content/plugins/smtp-sendgrid/assets/js/yay-smtp-admin.js/wp-content/plugins/smtp-sendgrid/assets/js/purify.min.js

Version Parameters

smtp-sendgrid/assets/css/yay-smtp-admin.css?ver=smtp-sendgrid/assets/js/yay-smtp-admin.js?ver=smtp-sendgrid/assets/js/purify.min.js?ver=

HTML / DOM Fingerprints

Data Attributes

data-pageid="yaysmtp-sendgrid-settings"

JS Globals

window.yay_smtp_sendgrid_wp_data

FAQ