Does WP Mail Changer have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Mail Changer have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Mail Changer compatible with WordPress 6.8.5?

According to WordPress.org data, WP Mail Changer 1.1.0 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is WP Mail Changer updated?

WP Mail Changer was last updated on Aug 28, 2025. Frequent updates are generally a positive security signal.

What is WP Mail Changer's security score?

WP Mail Changer has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Mail Changer Security & Risk Analysis

wordpress.org/plugins/wp-mail-changer

This plugin will allow you to change the email from address and name that WordPress uses by default.

80 active installs v1.1.0 PHP + WP 3.0+ Updated Aug 28, 2025

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP Mail Changer Safe to Use in 2026?

Generally Safe

Score 100/100

WP Mail Changer has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7mo ago

Risk Assessment

The "wp-mail-changer" v1.1.0 plugin exhibits a generally strong security posture based on the provided static analysis. The absence of any identified AJAX handlers, REST API routes, shortcodes, or cron events with unprotected entry points suggests a minimal attack surface. Furthermore, the code signals indicate a lack of dangerous functions, file operations, external HTTP requests, and the presence of SQL queries that are exclusively using prepared statements. However, a significant concern arises from the fact that 100% of the identified output operations are not properly escaped. This could lead to Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is displayed without sanitization. The vulnerability history showing no known CVEs is positive, implying a history of secure development or limited exposure. Despite the lack of critical code-level issues and a clean vulnerability history, the unescaped output represents a tangible risk that should be addressed.

Key Concerns

Unescaped output detected

Vulnerabilities

None known

WP Mail Changer Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WP Mail Changer Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped2 total outputs

Attack Surface

WP Mail Changer Attack Surface

Entry Points0

Unprotected0

Maintenance & Trust

WP Mail Changer Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedAug 28, 2025

PHP min version

Downloads3K

Community Trust

Rating100/100

Number of ratings3

Active installs80

Alternatives

WP Mail Changer Alternatives

WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin

wp-mail-smtp

Make email delivery easy for WordPress. Connect with SMTP, Gmail, Outlook, SendGrid, Mailgun, SES, Zoho, + more. Rated #1 WordPress SMTP Email plugin.

4.0M 2 CVEs

Hostinger Reach – AI-Powered Email Marketing for WordPress

hostinger-reach

100

Launch and grow your email marketing effortlessly with Hostinger Reach. Collect contacts, sync subscribers, and send emails – all in one, AI powered.

1.0M No CVEs

MC4WP: Mailchimp for WordPress

mailchimp-for-wp

The #1 Mailchimp plugin for WordPress. Allows you to add a multitude of newsletter sign-up methods to your site.

1.0M 11 CVEs

Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more

easy-wp-smtp

Make SMTP email sending and delivery easy. Configure Gmail, Outlook, Brevo, SendGrid, Mailgun, SendLayer or connect to any SMTP server.

500K 8 CVEs

MailPoet – Newsletters, Email Marketing, and Automation

mailpoet

Send beautiful newsletters from WordPress. Collect subscribers with signup forms, automate your emails for WooCommerce, blog post notifications & more

500K 3 CVEs

Developer Profile

WP Mail Changer Developer Profile

Joost de Valk

8 plugins · 9K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

2736 days

View full developer profile

Detection Fingerprints

How We Detect WP Mail Changer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-mail-changer/wp-mail-changer.php

HTML / DOM Fingerprints

CSS Classes

wrapform-tableemaildescription

Data Attributes

id="wpmc_mail_from"name="wpmc_mail_from"id="wpmc_mail_from_name"name="wpmc_mail_from_name"

FAQ