Does Stars SMTP Mailer have any unpatched vulnerabilities?

No. All known vulnerabilities in Stars SMTP Mailer have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Stars SMTP Mailer compatible with WordPress 6.8.5?

According to WordPress.org data, Stars SMTP Mailer 2.2.1 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Stars SMTP Mailer compatible with PHP 7.2+?

Stars SMTP Mailer requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Stars SMTP Mailer updated?

Stars SMTP Mailer was last updated on Jul 22, 2025. Frequent updates are generally a positive security signal.

What is Stars SMTP Mailer's security score?

Stars SMTP Mailer has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Stars SMTP Mailer Security & Risk Analysis

wordpress.org/plugins/stars-smtp-mailer

Every email your WordPress website sends is important — whether it’s a contact form message, password reset, order update, or newsletter.

10 active installs v2.2.1 PHP 7.2+ WP 5.8+ Updated Jul 22, 2025

mail-logphp-mail-alternativesmtp-mailersmtp-pluginwp-smtp

A · Safe

CVEs total2

Unpatched0

Last CVEJan 16, 2025

Plugin page Download

Safety Verdict

Is Stars SMTP Mailer Safe to Use in 2026?

Generally Safe

Score 98/100

Stars SMTP Mailer has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Jan 16, 2025Updated 8mo ago

Risk Assessment

The "stars-smtp-mailer" v2.2.1 plugin exhibits a mixed security posture. While it demonstrates some good practices, such as a relatively high percentage of SQL queries using prepared statements and a significant number of output escaping routines, there are notable areas of concern. The static analysis reveals an attack surface with 5 entry points, of which 3 lack authentication checks, presenting a significant risk for unauthorized access or manipulation. Furthermore, the taint analysis identified 4 flows with unsanitized paths, all classified as high severity, indicating potential for serious security vulnerabilities like cross-site scripting or remote code execution if these flows are exploited.

The plugin's vulnerability history, with 2 known CVEs including a high and a medium severity one, reinforces these concerns. Although there are currently no unpatched vulnerabilities, the past occurrence of "Cross-site Scripting" and "Unrestricted Upload of File with Dangerous Type" suggests recurring weaknesses in input validation and file handling. The "Cross-site Scripting" vulnerability in particular aligns with the high-severity unsanitized taint flows, indicating a potential pattern of issues related to how user-supplied data is processed and rendered. In conclusion, while the plugin shows some positive security implementations, the presence of unprotected entry points, high-severity taint flows, and a history of significant vulnerabilities necessitate careful consideration and immediate patching of any newly discovered issues.

Key Concerns

3 unprotected AJAX handlers
4 high severity unsanitized taint flows
1 high severity CVE (historical)
1 medium severity CVE (historical)
Only 1 capability check on 5 entry points
36% of output is not properly escaped

Vulnerabilities

Stars SMTP Mailer Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

High

Medium

2 total CVEs

CVE-2025-23453medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Stars SMTP Mailer <= 1.7 - Reflected Cross-Site Scripting

Jan 16, 2025 Patched in 2.1.6 (163d)

CVE-2024-50530high · 8.8Unrestricted Upload of File with Dangerous Type

Stars SMTP Mailer <= 1.7 - Authenticated (Subscriber+) Arbitrary File Upload

Oct 30, 2024 Patched in 2.1.6 (241d)

Code Analysis

Analyzed Mar 17, 2026

Stars SMTP Mailer Code Analysis

Dangerous Functions

Raw SQL Queries

32 prepared

Unescaped Output

127 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

76% prepared42 total queries

Output Escaping

64% escaped197 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

10 flows4 with unsanitized paths

extra_tablenav (action\stars-class-table-layout.php:322)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3 unprotected

Stars SMTP Mailer Attack Surface

Entry Points5

Unprotected3

AJAX Handlers 5

authwp_ajax_stars_smtpm_check_host_serveraction\stars_function.php:83

authwp_ajax_stars_smtpm_check_useraction\stars_function.php:123

authwp_ajax_stars_smtpm_change_statusstars_smtp_mailer.php:309

authwp_ajax_stars_smtp_save_mailer_emailstars_smtp_mailer.php:400

noprivwp_ajax_stars_smtp_save_mailer_emailstars_smtp_mailer.php:401

WordPress Hooks 12

actioninitstars_smtp_mailer.php:118

actioninitstars_smtp_mailer.php:124

actionall_admin_noticesstars_smtp_mailer.php:144

actionall_admin_noticesstars_smtp_mailer.php:147

actionadmin_menustars_smtp_mailer.php:153

actionadmin_enqueue_scriptsstars_smtp_mailer.php:154

filterset-screen-optionstars_smtp_mailer.php:234

filterset-screen-optionstars_smtp_mailer.php:253

actionwp_dashboard_setupstars_smtp_mailer.php:339

actionplugins_loadedstars_smtp_mailer.php:396

filtercron_schedulesstars_smtp_mailer.php:433

actionstarssmtpmailer_send_weekly_emailstars_smtp_mailer.php:540

Scheduled Events 1

starssmtpmailer_send_weekly_email

Maintenance & Trust

Stars SMTP Mailer Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJul 22, 2025

PHP min version7.2

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Stars SMTP Mailer Alternatives

WP SMTP Mailer

wp-smtp-mailer

WP SMTP Mailer is a simple and flexible plugin to configure SMTP settings in WordPress. It allows you to set up SMTP credentials, test email sending, …

50 No CVEs

WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin

wp-mail-smtp

Make email delivery easy for WordPress. Connect with SMTP, Gmail, Outlook, SendGrid, Mailgun, SES, Zoho, + more. Rated #1 WordPress SMTP Email plugin.

4.0M 2 CVEs

Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more

easy-wp-smtp

Make SMTP email sending and delivery easy. Configure Gmail, Outlook, Brevo, SendGrid, Mailgun, SendLayer or connect to any SMTP server.

500K 8 CVEs

Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App

post-smtp

Improve WordPress email deliverability. Connect Gmail SMTP, Microsoft 365, Brevo, SendGrid, Mailgun, Zoho, Amazon SES, etc. #1 WordPress SMTP Plugin.

400K 23 CVEs

WP Mail Logging

wp-mail-logging

Log, view, and resend all emails sent from your WordPress site. Great for resolving email sending issues or keeping a copy for auditing.

300K 6 CVEs

Developer Profile

Stars SMTP Mailer Developer Profile

Myriad Solutionz

1 plugin · 10 total installs

trust score

Avg Security Score

98/100

Avg Patch Time

202 days

View full developer profile

Detection Fingerprints

How We Detect Stars SMTP Mailer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/stars-smtp-mailer/assets/css/stars-smtp-style.css/wp-content/plugins/stars-smtp-mailer/assets/js/stars-smtp-script.js

Script Paths

/wp-content/plugins/stars-smtp-mailer/assets/js/stars-smtp-script.js

Version Parameters

stars-smtp-mailer/assets/css/stars-smtp-style.css?ver=stars-smtp-mailer/assets/js/stars-smtp-script.js?ver=

HTML / DOM Fingerprints

CSS Classes

stars-smtp-mailer

HTML Comments

+4 more

JS Globals

stars_smtpm_plugin_urlstars_smtpm_plugin_dir

FAQ