Does WP Mailgun SMTP have any unpatched vulnerabilities?

Yes — WP Mailgun SMTP currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is WP Mailgun SMTP compatible with WordPress 4.9.29?

According to WordPress.org data, WP Mailgun SMTP 1.0.7 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

How often is WP Mailgun SMTP updated?

WP Mailgun SMTP was last updated on Aug 21, 2018. Frequent updates are generally a positive security signal.

What is WP Mailgun SMTP's security score?

WP Mailgun SMTP has a WP-Safety security score of 63/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Mailgun SMTP Security & Risk Analysis

wordpress.org/plugins/wp-mailgun-smtp

An SMTP service is must in order to resolve the deliverability issues, limitations, you face while sending emails through your WordPress website.

1K active installs v1.0.7 PHP + WP 3.0.1+ Updated Aug 21, 2018

mailgun-protocolmailgun-smtpsmtpwp-mailgun-smtp

C · Use Caution

CVEs total1

Unpatched1

Last CVEAug 21, 2025

Download

Safety Verdict

Is WP Mailgun SMTP Safe to Use in 2026?

Use With Caution

Score 63/100

WP Mailgun SMTP has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Aug 21, 2025Updated 7yr ago

Risk Assessment

The "wp-mailgun-smtp" v1.0.7 plugin exhibits a mixed security posture. On the positive side, the static analysis reveals a clean bill of health regarding dangerous functions, raw SQL queries, file operations, and taint flows, indicating a solid development practice in these areas. The presence of a nonce check and a high percentage of properly escaped output are also commendable. However, the critical weakness lies in its vulnerability history. The existence of one unpatched medium-severity CVE, historically related to missing authorization, is a significant concern and suggests potential lingering vulnerabilities that could be exploited.

While the current static analysis doesn't immediately highlight exploitable paths due to the lack of detected entry points without authentication, the historical vulnerability pattern of "Missing Authorization" coupled with the unpatched CVE is a red flag. This indicates that past security flaws in this plugin have involved privilege escalation or unauthorized access, and the fact that one remains unpatched means a known attack vector might still exist. Therefore, despite strengths in code hygiene, the unresolved security issue necessitates caution and immediate attention.

Key Concerns

Unpatched Medium CVE

Vulnerabilities

WP Mailgun SMTP Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-48327medium · 5.3Missing Authorization

WP Mailgun SMTP <= 1.0.7 - Missing Authorization

Aug 21, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

WP Mailgun SMTP Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

16 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

73% escaped22 total outputs

Attack Surface

WP Mailgun SMTP Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 8

actionphpmailer_initincludes\class-smtp-mailer.php:12

filterwp_mail_fromincludes\class-smtp-mailer.php:14

filterwp_mail_from_nameincludes\class-smtp-mailer.php:15

actionadmin_menuwp-mailgun-smtp.php:46

filterplugin_action_linkswp-mailgun-smtp.php:47

actionadmin_initwp-mailgun-smtp.php:53

actionadmin_noticeswp-mailgun-smtp.php:55

filterwp_mail_content_typewp-mailgun-smtp.php:135

Maintenance & Trust

WP Mailgun SMTP Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedAug 21, 2018

PHP min version

Downloads22K

Community Trust

Rating20/100

Number of ratings1

Active installs1K

Alternatives

WP Mailgun SMTP Alternatives

Mail Baby SMTP

mail-baby-smtp

Send email from your WordPress site using Mail.baby, SMTP.com, Gmail, SendGrid, Mailgun, Sendinblue and more Api's and Configure wp_mail() with them.

700 1 CVE

Kingmailer WordPress SMTP

kingmailer-smtp

100

SMTP for sending user registration emails, order emails, contact form emails.

70 No CVEs

WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin

wp-mail-smtp

Make email delivery easy for WordPress. Connect with SMTP, Gmail, Outlook, SendGrid, Mailgun, SES, Zoho, + more. Rated #1 WordPress SMTP Email plugin.

4.0M 2 CVEs

Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more

easy-wp-smtp

Make SMTP email sending and delivery easy. Configure Gmail, Outlook, Brevo, SendGrid, Mailgun, SendLayer or connect to any SMTP server.

500K 8 CVEs

FluentSMTP – WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider

fluent-smtp

The Ultimate Forever Free Mail SMTP Plugin for WordPress. Connect with any SMTP, SendGrid, Mailgun, Amazon SES, Brevo, Postmark, Sparkpost, Google...

500K 5 CVEs

Developer Profile

WP Mailgun SMTP Developer Profile

inkthemes

5 plugins · 3K total installs

trust score

Avg Security Score

67/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP Mailgun SMTP

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-mailgun-smtp/m_bolt_img.png

HTML / DOM Fingerprints

Data Attributes

name="mgs_action"id="mgs_action"

FAQ