Does Mail logging – WP Mail Catcher have any unpatched vulnerabilities?

No. All known vulnerabilities in Mail logging – WP Mail Catcher have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Mail logging – WP Mail Catcher compatible with WordPress 6.8.5?

According to WordPress.org data, Mail logging – WP Mail Catcher 2.1.11 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Mail logging – WP Mail Catcher compatible with PHP 7.4+?

Mail logging – WP Mail Catcher requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Mail logging – WP Mail Catcher updated?

Mail logging – WP Mail Catcher was last updated on Jul 13, 2025. Frequent updates are generally a positive security signal.

What is Mail logging – WP Mail Catcher's security score?

Mail logging – WP Mail Catcher has a WP-Safety security score of 95/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Mail logging – WP Mail Catcher Security & Risk Analysis

wordpress.org/plugins/wp-mail-catcher

Stop from ever losing your emails again! This fast, lightweight plugin (under 140kb in size!) is also useful for debugging or backing up your messages

20K active installs v2.1.11 PHP 7.4+ WP 4.7+ Updated Jul 13, 2025

email-logemail-loggeremail-loggingloggingmail-logging

A · Safe

CVEs total5

Unpatched0

Last CVESep 27, 2024

Plugin page Download

Safety Verdict

Is Mail logging – WP Mail Catcher Safe to Use in 2026?

Generally Safe

Score 95/100

Mail logging – WP Mail Catcher has a strong security track record. Known vulnerabilities have been patched promptly.

5 known CVEsLast CVE: Sep 27, 2024Updated 8mo ago

Risk Assessment

The static analysis for wp-mail-catcher v2.1.11 reveals a plugin with a seemingly small attack surface, as indicated by zero AJAX handlers, REST API routes, shortcodes, and cron events. The code signals show a decent usage of prepared statements for SQL queries (82%), and a reasonable number of nonce and capability checks. However, the low percentage of properly escaped output (32%) is a significant concern, suggesting potential for Cross-Site Scripting (XSS) vulnerabilities. The presence of one file operation also warrants scrutiny. Taint analysis shows no critical or high-severity flows, which is a positive sign. Despite the limited immediate attack vectors and lack of critical taint flows, the plugin's vulnerability history is problematic. With 5 known CVEs, including 2 high and 3 medium severity, it demonstrates a recurring pattern of security weaknesses, particularly related to XSS, CSRF, and SQL Injection. The fact that the last vulnerability was very recent (2024-09-27) suggests ongoing issues that may not be fully mitigated by the current version's static analysis findings. Therefore, while the code might appear clean in some areas, the historical track record points to a persistent need for vigilance and a higher risk of undiscovered or reintroduced vulnerabilities.

Key Concerns

Output escaping is low (32%)
File operations present
History of 2 high severity CVEs
History of 3 medium severity CVEs
Recent vulnerability discovered (2024-09-27)

Vulnerabilities

Mail logging – WP Mail Catcher Security Vulnerabilities

CVEs by Year

3 CVEs in 2023

2023

2 CVEs in 2024

2024

Patched Has unpatched

Severity Breakdown

High

Medium

5 total CVEs

CVE-2024-47339medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Mail Catcher <= 2.1.9 - Reflected Cross-Site Scripting

Sep 27, 2024 Patched in 2.1.10 (7d)

CVE-2024-32099medium · 4.3Cross-Site Request Forgery (CSRF)

WP Mail Catcher <= 2.1.6 - Cross-Site Request Forgery

Apr 11, 2024 Patched in 2.1.7 (7d)

CVE-2023-50844medium · 6.6Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Mail logging – WP Mail Catcher <= 2.1.3 - Authenticated(Administrator+) SQL Injection

Dec 21, 2023 Patched in 2.1.4 (33d)

WF-f3ebbf7f-61f2-403f-8131-8cedeb13c2d4-wp-mail-catcherhigh · 7.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Mail logging - WP Mail Catcher <= 2.1.3 - Authenticated (Admin+) SQL Injection

Oct 29, 2023 Patched in 2.1.4 (86d)

CVE-2023-3080high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Mail Catcher <= 2.1.2 - Unauthenticated Stored Cross-Site Scripting via Email Subject

Jun 9, 2023 Patched in 2.1.3 (228d)

Code Analysis

Analyzed Mar 16, 2026

Mail logging – WP Mail Catcher Code Analysis

Dangerous Functions

Raw SQL Queries

9 prepared

Unescaped Output

8 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

82% prepared11 total queries

Output Escaping

32% escaped25 total outputs

Attack Surface

Mail logging – WP Mail Catcher Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 14

filterwpmu_drop_tablessrc\Bootstrap.php:33

filterplugin_action_links_wp-mail-catcher/WpMailCatcher.phpsrc\Bootstrap.php:38

actionadmin_enqueue_scriptssrc\Bootstrap.php:39

actionplugins_loadedsrc\Bootstrap.php:40

actionadmin_menusrc\Bootstrap.php:51

filtercron_schedulessrc\CronManager.php:13

actionbp_send_email_successsrc\Loggers\BuddyPress.php:17

actionbp_send_email_failuresrc\Loggers\BuddyPress.php:18

filterwp_mailsrc\Loggers\WpMail.php:18

actionwp_mail_failedsrc\Loggers\WpMail.php:19

filterwp_mail_content_typesrc\Loggers\WpMail.php:20

filterwp_mail_content_typesrc\Models\Mail.php:22

filterwp_mail_content_typesrc\Models\Mail.php:180

filterset-screen-optionsrc\ScreenOptions.php:17

Maintenance & Trust

Mail logging – WP Mail Catcher Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJul 13, 2025

PHP min version7.4

Downloads252K

Community Trust

Rating98/100

Number of ratings107

Active installs20K

Alternatives

Mail logging – WP Mail Catcher Alternatives

Mail via Resend

mail-via-resend

100

Send WordPress emails via Resend. Includes email logging and management.

0 No CVEs

Check & Log Email – Easy Email Testing & Mail logging

check-email

Check & Log email allows you to test if your website is correctly sending emails . Overriding of email headers and carbon copying to another address.

100K 5 CVEs

WP Mail Log

wp-mail-log

WP Mail Log helps you to Log and view all emails from WordPress. It is useful if you have to debug email related problems or have to store sent emails …

10K 7 CVEs

Log Emails

log-emails

100

Log emails to the database, to enable email problem analysis

6K No CVEs

WP Email Log – PostBox

postbox-email-logs

Capture email log and view all outgoing emails. Easily debug mail function issues.

700 1 CVE

Developer Profile

Mail logging – WP Mail Catcher Developer Profile

JWardee

1 plugin · 20K total installs

trust score

Avg Security Score

95/100

Avg Patch Time

72 days

View full developer profile

Detection Fingerprints

How We Detect Mail logging – WP Mail Catcher

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-mail-catcher/global.min.css/wp-content/plugins/wp-mail-catcher/global.min.js

Script Paths

/wp-content/plugins/wp-mail-catcher/global.min.js

Version Parameters

wp-mail-catcher/global.min.css?v=wp-mail-catcher/global.min.js?v=

HTML / DOM Fingerprints

Data Attributes

data-role="message-list-item"data-role="message-details"data-role="toggle-details"data-role="next-page"data-role="prev-page"data-role="toggle-next-page"+26 more

JS Globals

window.wp_mail_catcher

FAQ