WP-Safety

Swift SMTP (formerly Welcome Email Editor) Security & Risk Analysis

wordpress.org/plugins/welcome-email-editor

Swift SMTP is a free & simple SMTP Plugin for WordPress.

8K active installs v6.3 PHP + WP 4.6+ Updated Dec 1, 2025
custom-smtpsmtpwelcome-email-editorwordpress-emailwp-mail-smtp
99
A · Safe
CVEs total2
Unpatched0
Last CVEJan 8, 2024
Download
Safety Verdict

Is Swift SMTP (formerly Welcome Email Editor) Safe to Use in 2026?

Generally Safe

Score 99/100

Swift SMTP (formerly Welcome Email Editor) has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Jan 8, 2024Updated 4mo ago
Risk Assessment

The "welcome-email-editor" plugin v6.3 exhibits a mixed security posture. On the positive side, the code analysis shows good practices such as 100% of SQL queries using prepared statements and all output being properly escaped, indicating an effort to prevent common web vulnerabilities. The absence of critical or high-severity taint flows and dangerous functions is also encouraging. However, a significant concern is the presence of one AJAX handler without authentication checks. This directly contributes to the plugin's limited attack surface but leaves it exposed to potential unauthorized actions if exploited. The vulnerability history reveals two known medium-severity CVEs, specifically related to Cross-Site Request Forgery and Missing Authorization. While there are no currently unpatched vulnerabilities, the pattern of past issues, particularly missing authorization, aligns with the static analysis finding of an unprotected AJAX endpoint, suggesting a recurring area of weakness. In conclusion, while the plugin demonstrates good coding hygiene in many areas, the unprotected AJAX handler and historical vulnerabilities related to authorization represent a notable risk that requires attention.

Key Concerns

  • Unprotected AJAX handler
  • Two medium severity CVEs in history
  • History of Missing Authorization
Vulnerabilities
2

Swift SMTP (formerly Welcome Email Editor) Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

WF-1b9ed184-814d-46cb-979c-908bc9359fae-welcome-email-editormedium · 4.3Cross-Site Request Forgery (CSRF)

Swift SMTP <= 5.0.6 - Cross-Site Request Forgery

Jan 8, 2024 Patched in 5.0.7 (15d)
CVE-2023-47756medium · 5.3Missing Authorization

Welcome Email Editor <= 5.0.5 - Missing Authorization via ajax_handler

Nov 13, 2023 Patched in 5.0.6 (71d)
Code Analysis
Analyzed Mar 16, 2026

Swift SMTP (formerly Welcome Email Editor) Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
4 prepared
Unescaped Output
0
154 escaped
Nonce Checks
2
Capability Checks
2
File Operations
2
External Requests
1
Bundled Libraries
0

SQL Query Safety

100% prepared4 total queries

Output Escaping

100% escaped154 total outputs
Data Flows
All sanitized

Data Flow Analysis

1 flows
<settings-template> (modules\settings\templates\settings-template.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Swift SMTP (formerly Welcome Email Editor) Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_weed_test_emailsmodules\settings\class-settings-module.php:70
WordPress Hooks 42
actionadmin_initclass-backwards-compatibility.php:50
actionplugins_loadedclass-setup.php:32
actionupdated_option_weed_settingsclass-setup.php:57
actioninitclass-setup.php:59
actioninitclass-setup.php:60
filteradmin_body_classclass-setup.php:61
actioninitmodules\logs\class-logs-module.php:77
actionadmin_menumodules\logs\class-logs-module.php:78
filterwp_mailmodules\logs\class-logs-module.php:79
actionphpmailer_initmodules\logs\class-logs-module.php:80
actionwp_mail_succeededmodules\logs\class-logs-module.php:81
actionwp_mail_failedmodules\logs\class-logs-module.php:82
actionadmin_enqueue_scriptsmodules\logs\class-logs-module.php:83
actionadmin_initmodules\logs\class-logs-module.php:84
filtermanage_weed_email_logs_posts_columnsmodules\logs\class-logs-output.php:70
actionmanage_weed_email_logs_posts_custom_columnmodules\logs\class-logs-output.php:71
actionrestrict_manage_postsmodules\logs\class-logs-output.php:72
actionpre_get_postsmodules\logs\class-logs-output.php:73
actionadmin_headmodules\logs\class-logs-output.php:74
actionadmin_menumodules\logs\class-logs-output.php:75
actionadd_meta_boxesmodules\logs\class-logs-output.php:76
filterget_search_querymodules\logs\class-logs-output.php:77
filterweed_test_email_recipientmodules\settings\ajax\class-test-emails.php:79
actioninitmodules\settings\class-settings-module.php:47
actionadmin_menumodules\settings\class-settings-module.php:49
actioncurrent_screenmodules\settings\class-settings-module.php:50
actionadmin_initmodules\settings\class-settings-module.php:51
actionadmin_enqueue_scriptsmodules\settings\class-settings-module.php:53
actionadmin_enqueue_scriptsmodules\settings\class-settings-module.php:54
filterretrieve_password_titlemodules\settings\class-settings-output.php:76
filterretrieve_password_messagemodules\settings\class-settings-output.php:77
filterwpmu_welcome_user_notificationmodules\settings\class-settings-output.php:78
actionws_plugin__s2member_after_email_config_releasemodules\settings\class-settings-output.php:86
filterwp_mail_frommodules\settings\class-settings-output.php:139
filterwp_mail_from_namemodules\settings\class-settings-output.php:143
filterwp_mail_content_typemodules\settings\class-settings-output.php:147
filterwp_mail_charsetmodules\settings\class-settings-output.php:148
filterwp_mail_frommodules\settings\class-settings-output.php:236
filterwp_mail_from_namemodules\settings\class-settings-output.php:240
filterpre_wp_mailmodules\smtp\class-smtp-output.php:80
actionphpmailer_initmodules\smtp\class-smtp-output.php:81
actionwp_mail_failedmodules\smtp\class-smtp-output.php:82
Maintenance & Trust

Swift SMTP (formerly Welcome Email Editor) Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 1, 2025
PHP min version
Downloads340K

Community Trust

Rating84/100
Number of ratings68
Active installs8K
Alternatives

Swift SMTP (formerly Welcome Email Editor) Alternatives

YaySMTP and Email Logs: Amazon SES, SendGrid, Outlook, Mailgun, Brevo, Google and Any SMTP Service

YaySMTP and Email Logs: Amazon SES, SendGrid, Outlook, Mailgun, Brevo, Google and Any SMTP Service

yaysmtp

A
90

Send WordPress emails successfully with WP Mail SMTP via your favorite mailer

10K 8 CVEs
Bit SMTP – Easy SMTP Solution with Email Logs

Bit SMTP – Easy SMTP Solution with Email Logs

bit-smtp

A
100

Short Description

2K No CVEs
SMTP for SendGrid – YaySMTP

SMTP for SendGrid – YaySMTP

smtp-sendgrid

A
97

Send emails from WordPress through SendGrid using SMTP by YayCommerce

1K 2 CVEs
MailHawk — Simple SMTP, Email Delivery, and Email Logging

MailHawk — Simple SMTP, Email Delivery, and Email Logging

mailhawk

A
95

An easier SMTP service for WordPress. Improve your WordPress email deliverability!

400 1 CVE
MailHog for WordPress

MailHog for WordPress

wp-mailhog-smtp

A
85

Zero configuration MailHog plugin for your development machine.

100 No CVEs
Developer Profile

Swift SMTP (formerly Welcome Email Editor) Developer Profile

David Vongries

10 plugins · 121K total installs

76
trust score
Avg Security Score
95/100
Avg Patch Time
607 days
View full developer profile
Detection Fingerprints

How We Detect Swift SMTP (formerly Welcome Email Editor)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/welcome-email-editor/modules/logs/css/email-logs-detail.css

HTML / DOM Fingerprints

CSS Classes
weed_email_log_tableweed_email_log_view
HTML Comments
<!-- wp:paragraph --><!-- /wp:paragraph --><!-- wp:heading --><!-- /wp:heading -->+4 more
Data Attributes
data-post-iddata-id
JS Globals
weed_current_email_log
REST Endpoints
/wp-json/weed/v1/email-logs
FAQ

Frequently Asked Questions about Swift SMTP (formerly Welcome Email Editor)