Does WP Mail Logging have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Mail Logging have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Mail Logging compatible with WordPress 6.9.4?

According to WordPress.org data, WP Mail Logging 1.16.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is WP Mail Logging compatible with PHP 7.4+?

WP Mail Logging requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WP Mail Logging updated?

WP Mail Logging was last updated on Feb 19, 2026. Frequent updates are generally a positive security signal.

What is WP Mail Logging's security score?

WP Mail Logging has a WP-Safety security score of 89/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Mail Logging Security & Risk Analysis

wordpress.org/plugins/wp-mail-logging

Log, view, and resend all emails sent from your WordPress site. Great for resolving email sending issues or keeping a copy for auditing.

300K active installs v1.16.0 PHP 7.4+ WP 5.3+ Updated Feb 19, 2026

deliverabilityemailemail-logsmtpspam

A · Safe

CVEs total6

Unpatched0

Last CVEFeb 27, 2026

Plugin page Download

Safety Verdict

Is WP Mail Logging Safe to Use in 2026?

Generally Safe

Score 89/100

WP Mail Logging has a strong security track record. Known vulnerabilities have been patched promptly.

6 known CVEsLast CVE: Feb 27, 2026Updated 1mo ago

Risk Assessment

The wp-mail-logging plugin v1.16.0 presents a mixed security posture. On the positive side, it demonstrates good practices with a significant majority of SQL queries using prepared statements and proper output escaping. The absence of shortcodes, cron events, and REST API routes, along with a substantial number of nonce and capability checks on its 6 AJAX entry points, indicates a conscious effort to secure common WordPress attack vectors. The lack of external HTTP requests is also a strength. However, the presence of the 'unserialize' dangerous function is a notable concern, as it can lead to deserialization vulnerabilities if not handled with extreme care and robust input validation. The taint analysis showing flows with unsanitized paths, though not critically or highly severe, warrants attention as it suggests potential for unintended data manipulation. The plugin's vulnerability history is a significant red flag. With a total of 6 known CVEs, including 2 high-severity ones, and a recent vulnerability recorded in 2026, it suggests a pattern of security weaknesses. The common vulnerability types of Deserialization of Untrusted Data and Improper Neutralization of Input During Web Page Generation align with the static analysis findings and highlight recurring issues. While no vulnerabilities are currently unpatched, the past history and specific dangerous function usage indicate a higher risk profile than initially suggested by the static analysis alone.

Key Concerns

Presence of 'unserialize' dangerous function
Flows with unsanitized paths found in taint analysis
History of 6 known CVEs, including 2 high severity
Common vulnerability types: Deserialization, XSS

Vulnerabilities

WP Mail Logging Security Vulnerabilities

CVEs by Year

1 CVE in 2017

2017

1 CVE in 2021

2021

1 CVE in 2022

2022

2 CVEs in 2023

2023

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

High

Medium

6 total CVEs

CVE-2026-2471high · 7.5Deserialization of Untrusted Data

WP Mail Logging <= 1.15.0 - Unauthenticated PHP Object Injection via Email Log Message Field

Feb 27, 2026 Patched in 1.16 (1d)

WF-de00d13b-fab9-4284-9594-abd000fbb7ef-wp-mail-loggingmedium · 4.3Missing Authorization

WP Mail Logging <= 1.11.2 - Missing Authorization to Notice Dismissal

Jun 23, 2023 Patched in 1.12.0 (214d)

CVE-2023-3081high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Mail Logging <= 1.11.1 - Unauthenticated Stored Cross-Site Scripting via Email

Jun 8, 2023 Patched in 1.11.2 (229d)

WF-84003388-c47c-41db-8d2d-4643aa375a89-wp-mail-loggingmedium · 4.3Missing Authorization

Appsero <= 1.2.1 - Missing Authorization

Dec 16, 2022 Patched in 1.11.0 (699d)

WF-79ff583b-f18a-4e04-9c23-9d3a4eca8c6b-wp-mail-loggingmedium · 5.3Missing Authorization

WP Mail Logging < 1.10.0 - Unauthenticated Arbitrary Settings Change

Nov 29, 2021 Patched in 1.10.0 (785d)

WF-5c8a4708-eb74-45e1-ba47-e245491a8c2f-wp-mail-loggingmedium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Mail Logging <= 1.8.2 - Cross-Site Scripting

Nov 11, 2017 Patched in 1.8.3 (2264d)

Code Analysis

Analyzed Mar 16, 2026

WP Mail Logging Code Analysis

Dangerous Functions

Raw SQL Queries

23 prepared

Unescaped Output

250 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$unserialized_val = unserialize(src\Model\WPML_Mail.php:102

SQL Query Safety

74% prepared31 total queries

Output Escaping

90% escaped279 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

11 flows4 with unsanitized paths

search_box (src\inc\class-wp-list-table.php:203)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WP Mail Logging Attack Surface

Entry Points6

Unprotected0

AJAX Handlers 6

authwp_ajax_wp_mail_logging_install_smtpsrc\inc\Admin\SMTPTab.php:86

authwp_ajax_wp_mail_logging_activate_smtpsrc\inc\Admin\SMTPTab.php:87

authwp_ajax_wp_mail_logging_smtp_page_check_plugin_statussrc\inc\Admin\SMTPTab.php:88

authwp_ajax_wp_mail_logging_dismiss_db_upgrade_noticesrc\inc\Migration\Migration.php:129

authwp_ajax_wp_mail_logging_product_education_dismisssrc\WPML_ProductEducation.php:53

authwp_ajax_wp_mail_logging_feedback_notice_dismisssrc\WPML_UserFeedback.php:55

WordPress Hooks 51

actionadmin_initsrc\inc\Admin\EmailLogsTab.php:100

actionadmin_enqueue_scriptssrc\inc\Admin\EmailLogsTab.php:198

actionwp_mail_logging_email_logs_tab_display_beforesrc\inc\Admin\EmailLogsTab.php:199

actionwp_mail_logging_email_logs_tab_display_aftersrc\inc\Admin\EmailLogsTab.php:200

filteradmin_body_classsrc\inc\Admin\EmailLogsTab.php:201

actionwp_mail_logging_admin_tab_contentsrc\inc\Admin\EmailLogsTab.php:202

filterwp_mail_logging_jquery_confirm_localized_stringssrc\inc\Admin\EmailLogsTab.php:203

actionadmin_menusrc\inc\Admin\SettingsTab.php:93

actionadmin_enqueue_scriptssrc\inc\Admin\SettingsTab.php:105

actionadmin_noticessrc\inc\Admin\SettingsTab.php:106

actionwp_mail_logging_admin_tab_contentsrc\inc\Admin\SettingsTab.php:107

filterscreen_options_show_screensrc\inc\Admin\SettingsTab.php:108

actionadmin_enqueue_scriptssrc\inc\Admin\SMTPTab.php:266

actionwp_mail_logging_admin_tab_contentsrc\inc\Admin\SMTPTab.php:267

filterscreen_options_show_screensrc\inc\Admin\SMTPTab.php:268

actionadmin_footersrc\inc\class-wp-list-table.php:102

actioncurrent_screensrc\inc\Migration\Migration.php:125

actionadmin_noticessrc\inc\Migration\Migration.php:126

actionadmin_noticessrc\inc\Migration\Migration.php:127

actionwp_mail_logging_admin_tab_content_beforesrc\inc\Migration\Migration.php:128

filterwp_mail_logging_jquery_confirm_localized_stringssrc\inc\Migration\Migration.php:130

actionadmin_initsrc\WPML_Email_Log_List.php:91

actioncurrent_screensrc\WPML_Email_Log_List.php:92

filterwp_mail_logging_admin_logs_localize_stringssrc\WPML_Email_Log_List.php:93

filterremovable_query_argssrc\WPML_Email_Log_List.php:126

filterwpml_get_di_containersrc\WPML_Init.php:129

filterwpml_get_di_servicesrc\WPML_Init.php:133

actionplugins_loadedsrc\WPML_LogRotation.php:30

filtersubmenu_filesrc\WPML_OptionsManager.php:436

actioncurrent_screensrc\WPML_Plugin.php:175

actionadmin_menusrc\WPML_Plugin.php:179

filterplugin_action_linkssrc\WPML_Plugin.php:191

filterwp_mailsrc\WPML_Plugin.php:192

actionwp_mail_logging_log_emailsrc\WPML_Plugin.php:193

actionwp_mail_failedsrc\WPML_Plugin.php:194

filterset-screen-optionsrc\WPML_Plugin.php:195

filterwpml_get_plugin_versionsrc\WPML_Plugin.php:196

filterwpml_get_plugin_namesrc\WPML_Plugin.php:197

filterwpml_get_date_time_formatsrc\WPML_Plugin.php:198

filteradmin_footer_textsrc\WPML_Plugin.php:214

filterin_admin_headersrc\WPML_Plugin.php:216

filteradmin_body_classsrc\WPML_Plugin.php:218

actionadmin_print_scriptssrc\WPML_Plugin.php:357

actionadmin_enqueue_scriptssrc\WPML_Plugin.php:376

filterwp_privacy_personal_data_exporterssrc\WPML_PrivacyController.php:23

filterwp_privacy_personal_data_eraserssrc\WPML_PrivacyController.php:24

actionadmin_initsrc\WPML_PrivacyController.php:25

actionwp_privacy_personal_data_erasedsrc\WPML_PrivacyController.php:26

actionadmin_noticessrc\WPML_UserFeedback.php:54

actionadmin_noticeswp-mail-logging.php:41

actioninitwp-mail-logging.php:66

Maintenance & Trust

WP Mail Logging Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 19, 2026

PHP min version7.4

Downloads4.4M

Community Trust

Rating94/100

Number of ratings349

Active installs300K

Alternatives

WP Mail Logging Alternatives

Mail Control – Email Customizer, SMTP Deliverability, logging, open and click Tracking

mail-control

Design and customize email templates, control your SMTP email deliverability, track your emails clicks and openings, and send them as background task.

60 1 CVE

WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin

wp-mail-smtp

Make email delivery easy for WordPress. Connect with SMTP, Gmail, Outlook, SendGrid, Mailgun, SES, Zoho, + more. Rated #1 WordPress SMTP Email plugin.

4.0M 2 CVEs

Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more

easy-wp-smtp

Make SMTP email sending and delivery easy. Configure Gmail, Outlook, Brevo, SendGrid, Mailgun, SendLayer or connect to any SMTP server.

500K 8 CVEs

Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App

post-smtp

Improve WordPress email deliverability. Connect Gmail SMTP, Microsoft 365, Brevo, SendGrid, Mailgun, Zoho, Amazon SES, etc. #1 WordPress SMTP Plugin.

400K 21 CVEs

Site Mailer – SMTP Replacement, Email API Deliverability & Email Log

site-mailer

Effortlessly manage transactional emails with Site Mailer. High deliverability, logs and statistics, and no SMTP plugins needed.

200K 1 CVE

Developer Profile

WP Mail Logging Developer Profile

Syed Balkhi

94 plugins · 23.5M total installs

trust score

Avg Security Score

91/100

Avg Patch Time

795 days

View full developer profile

Detection Fingerprints

How We Detect WP Mail Logging

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-mail-logging/assets/css/admin-email-logs.css/wp-content/plugins/wp-mail-logging/assets/js/admin-email-logs.js/wp-content/plugins/wp-mail-logging/assets/js/email-log-detail.js/wp-content/plugins/wp-mail-logging/assets/js/vue/dist/app.js

Script Paths

/wp-content/plugins/wp-mail-logging/assets/js/admin-email-logs.js/wp-content/plugins/wp-mail-logging/assets/js/email-log-detail.js/wp-content/plugins/wp-mail-logging/assets/js/vue/dist/app.js

Version Parameters

wp-mail-logging/assets/css/admin-email-logs.css?ver=wp-mail-logging/assets/js/admin-email-logs.js?ver=wp-mail-logging/assets/js/email-log-detail.js?ver=wp-mail-logging/assets/js/vue/dist/app.js?ver=

HTML / DOM Fingerprints

CSS Classes

wpml-email-log-tablewpml-email-log-rowwpml-email-log-actionswpml-modal-close

HTML Comments

Data Attributes

data-wpml-log-id

JS Globals

wpml_vue_app_options

REST Endpoints

/wp-json/wp-mail-logging/v1/emails

FAQ