WP-Safety

Solid Mail – SMTP email and logging made by SolidWP Security & Risk Analysis

wordpress.org/plugins/wp-smtp

Email deliverability made SOLID. Connect to your chosen email provider with an intuitive set-it-and-forget-it SMTP plugin.

70K active installs v2.2.3 PHP 7.4+ WP 6.4+ Updated Feb 11, 2026
emailemail-logsmtpwordpress-smtp
95
A · Safe
CVEs total2
Unpatched0
Last CVEMay 22, 2025
Download
Safety Verdict

Is Solid Mail – SMTP email and logging made by SolidWP Safe to Use in 2026?

Generally Safe

Score 95/100

Solid Mail – SMTP email and logging made by SolidWP has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: May 22, 2025Updated 1mo ago
Risk Assessment

The wp-smtp plugin, version 2.2.3, presents a mixed security posture. While it demonstrates good practices in several areas, notably with a high percentage of properly escaped outputs and the use of prepared statements for most SQL queries, significant concerns arise from its attack surface. The presence of two AJAX handlers without authentication checks represents a direct pathway for potential unauthorized actions or information disclosure if these handlers are exploitable. The plugin also bundles PHPMailer, which historically has been a target for vulnerabilities, although no specific outdated version is indicated here. The vulnerability history is a notable weakness, with two high-severity CVEs related to Cross-site Scripting and SQL Injection. Although currently unpatched vulnerabilities are reported as zero, the past occurrence of such critical types suggests potential for future issues if not diligently maintained. The lack of critical or high severity taint flows in static analysis is positive, but this must be weighed against the historical vulnerability data and the unprotected entry points.

Key Concerns

  • Unprotected AJAX handlers
  • 2 High severity CVEs historically
  • Bundled PHPMailer
Vulnerabilities
2

Solid Mail – SMTP email and logging made by SolidWP Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

High
2

2 total CVEs

CVE-2025-1123high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Solid Mail – SMTP email and logging made by SolidWP <= 2.1.5 - Unauthenticated Stored Cross-Site Scripting via Email

May 22, 2025 Patched in 2.1.6 (1d)
CVE-2024-1789high · 7.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

WP SMTP 1.2 - 1.2.6 - Authenticated (Admin+) SQL Injection

Apr 25, 2024 Patched in 1.2.7 (1d)
Code Analysis
Analyzed Mar 16, 2026

Solid Mail – SMTP email and logging made by SolidWP Code Analysis

Dangerous Functions
0
Raw SQL Queries
5
8 prepared
Unescaped Output
1
19 escaped
Nonce Checks
2
Capability Checks
6
File Operations
2
External Requests
1
Bundled Libraries
1

Bundled Libraries

PHPMailer

SQL Query Safety

62% prepared13 total queries

Output Escaping

95% escaped20 total outputs
Data Flows
All sanitized

Data Flow Analysis

1 flows
<Notice> (src\Mail\Admin\Notice.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Solid Mail – SMTP email and logging made by SolidWP Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_dismiss_solid_mail_noticesrc\Mail\Admin\Provider.php:65
authwp_ajax_solidwp_mail_send_test_emailsrc\Mail\Admin\ScreenConnectors.php:83
WordPress Hooks 21
actionadmin_menuinc\Admin.php:18
actionwp_mail_succeededinc\Logger\Process.php:18
actionwp_mail_failedinc\Logger\Process.php:19
actionadmin_initsrc\Mail\Admin\Provider.php:60
actionrest_api_initsrc\Mail\Admin\Provider.php:61
actionadmin_noticessrc\Mail\Admin\Provider.php:63
actionadmin_noticessrc\Mail\Admin\Provider.php:64
actionrest_api_initsrc\Mail\Admin\Provider.php:67
actionwp_mail_failedsrc\Mail\Admin\ScreenConnectors.php:77
filterwp_mail_fromsrc\Mail\Admin\ScreenConnectors.php:80
actionadmin_initsrc\Mail\Assets.php:36
filterpre_wp_mailsrc\Mail\Hooks\PHPMailer.php:59
actionphpmailer_initsrc\Mail\Hooks\PHPMailer.php:60
actionwp_mail_failedsrc\Mail\Hooks\PHPMailer.php:61
actionadmin_menusrc\Mail\Migration\MigrationVer130.php:48
actionwp_loadedsrc\Mail\Migration\Provider.php:30
filterstellarwp/telemetry/optin_argssrc\Mail\Telemetry\Provider.php:30
filterdebug_informationsrc\Mail\Telemetry\Provider.php:31
filterplugin_action_linkswp-smtp.php:56
actionwp_loadedwp-smtp.php:57
actionplugins_loadedwp-smtp.php:62
Maintenance & Trust

Solid Mail – SMTP email and logging made by SolidWP Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 11, 2026
PHP min version7.4
Downloads1.2M

Community Trust

Rating84/100
Number of ratings52
Active installs70K
Alternatives

Solid Mail – SMTP email and logging made by SolidWP Alternatives

Comfort Email SMTP, Logger & Email Api

Comfort Email SMTP, Logger & Email Api

cbxwpemaillogger

A
100

This plugin helps to send email using SMTP and Email Api. It helps to log email and displays in admin panel and more.

10 No CVEs
WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin

WP Mail SMTP by WPForms – The Most Popular SMTP and Email Log Plugin

wp-mail-smtp

A
99

Make email delivery easy for WordPress. Connect with SMTP, Gmail, Outlook, SendGrid, Mailgun, SES, Zoho, + more. Rated #1 WordPress SMTP Email plugin.

4.0M 2 CVEs
Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more

Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more

easy-wp-smtp

A
91

Make SMTP email sending and delivery easy. Configure Gmail, Outlook, Brevo, SendGrid, Mailgun, SendLayer or connect to any SMTP server.

500K 8 CVEs
Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App

Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App

post-smtp

B
76

Improve WordPress email deliverability. Connect Gmail SMTP, Microsoft 365, Brevo, SendGrid, Mailgun, Zoho, Amazon SES, etc. #1 WordPress SMTP Plugin.

400K 23 CVEs
WP Mail Logging

WP Mail Logging

wp-mail-logging

A
89

Log, view, and resend all emails sent from your WordPress site. Great for resolving email sending issues or keeping a copy for auditing.

300K 6 CVEs
Developer Profile

Solid Mail – SMTP email and logging made by SolidWP Developer Profile

SolidWP

1 plugin · 70K total installs

97
trust score
Avg Security Score
95/100
Avg Patch Time
1 days
View full developer profile
Detection Fingerprints

How We Detect Solid Mail – SMTP email and logging made by SolidWP

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-smtp/assets/css/admin.css/wp-content/plugins/wp-smtp/assets/css/frontend.css/wp-content/plugins/wp-smtp/assets/js/admin.js/wp-content/plugins/wp-smtp/assets/js/frontend.js
Script Paths
/wp-content/plugins/wp-smtp/assets/js/admin.js/wp-content/plugins/wp-smtp/assets/js/frontend.js
Version Parameters
wp-smtp/assets/css/admin.css?ver=wp-smtp/assets/css/frontend.css?ver=wp-smtp/assets/js/admin.js?ver=wp-smtp/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
wp-smtp-admin-wrapper
HTML Comments
Plugin was originally created by BoLiQuanshould we init solid 'solid_mail_settings' here?table should be deleted on uninstalling
Data Attributes
data-solid-mail-connections-list
JS Globals
wp_smtp_admin_params
REST Endpoints
/solid-mail/v1/connections/solid-mail/v1/connections/(?P<id>[a-zA-Z0-9_-]+)
FAQ

Frequently Asked Questions about Solid Mail – SMTP email and logging made by SolidWP