WP Email Verify Security & Risk Analysis

wordpress.org/plugins/wp-email-verify

Keep away SPAM comments,registration,ecommerce orders, WP Email Verify accepts email that really exisit this keep away bounced email

10 active installs v2.0.4 PHP + WP 3.0+ Updated Aug 20, 2018
email-checkeremail-validatoremail-verifieremail-verify
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is WP Email Verify Safe to Use in 2026?

Generally Safe

Score 85/100

WP Email Verify has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago
Risk Assessment

The "wp-email-verify" plugin v2.0.4 exhibits a generally good security posture, with no recorded CVEs and no critical or high severity taint flows identified. The static analysis indicates a strong adherence to secure coding practices, with all SQL queries utilizing prepared statements and a significant number of capability checks present. The absence of a large attack surface (AJAX handlers, REST API routes, shortcodes, cron events) is also a positive indicator. However, a notable concern is the relatively low percentage (42%) of properly escaped outputs. This could potentially lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is rendered directly without sufficient sanitization, especially given the presence of 8 external HTTP requests which could be vectors for injecting malicious content. While the plugin has no documented vulnerability history, the output escaping is a weakness that warrants attention for future development or review.

Key Concerns

  • Low percentage of properly escaped output
Vulnerabilities
None known

WP Email Verify Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

WP Email Verify Release Timeline

v2.0.4Current
v2.0.3
v2.0.2
v2.0.1
v2.0
v1.3
v1.2
v1.1
v1.0
Code Analysis
Analyzed Apr 16, 2026

WP Email Verify Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
46
33 escaped
Nonce Checks
2
Capability Checks
10
File Operations
0
External Requests
8
Bundled Libraries
0

Output Escaping

42% escaped79 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

2 flows
<emailchecker_header> (includes/emailchecker_header.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

WP Email Verify Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 8
actionadmin_menuplugin_interface.php:2
actionadmin_print_stylesplugin_interface.php:3
filteris_emailplugin_interface.php:4
actioninitplugin_interface.php:13
filterninja_forms_submit_dataplugin_interface.php:18
filtergform_field_validationplugin_interface.php:126
actionadmin_noticestrue-email-checker.php:83
actionadmin_noticestrue-email-checker.php:85
Maintenance & Trust

WP Email Verify Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29
Last updatedAug 20, 2018
PHP min version
Downloads4K

Community Trust

Rating60/100
Number of ratings2
Active installs10
Developer Profile

WP Email Verify Developer Profile

Naqi

3 plugins · 20 total installs

85
trust score
Avg Security Score
87/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WP Email Verify

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-email-verify/css/email-check_admin.css
Version Parameters
wp-email-verify/plugin_interface.php?ver=email-verification/email-verification.php?ver=

HTML / DOM Fingerprints

CSS Classes
updatederror
Data Attributes
id="message"
FAQ

Frequently Asked Questions about WP Email Verify