Does WP SMTP Config have any unpatched vulnerabilities?

No. All known vulnerabilities in WP SMTP Config have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP SMTP Config compatible with WordPress 4.9.29?

According to WordPress.org data, WP SMTP Config 1.2.0 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

How often is WP SMTP Config updated?

WP SMTP Config was last updated on Nov 12, 2018. Frequent updates are generally a positive security signal.

What is WP SMTP Config's security score?

WP SMTP Config has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP SMTP Config Security & Risk Analysis

wordpress.org/plugins/wp-smtp-config

Configure an external SMTP server in your config file.

200 active installs v1.2.0 PHP + WP 3.0+ Updated Nov 12, 2018

emailmailphpmailersmtpssl

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP SMTP Config Safe to Use in 2026?

Generally Safe

Score 85/100

WP SMTP Config has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago

Risk Assessment

The "wp-smtp-config" v1.2.0 plugin exhibits an exceptionally strong security posture based on the provided static analysis and vulnerability history. The absence of any identified AJAX handlers, REST API routes, shortcodes, or cron events significantly minimizes its attack surface, and crucially, there are no unprotected entry points. Furthermore, the code demonstrates excellent security practices by avoiding dangerous functions, utilizing prepared statements for all SQL queries, ensuring all output is properly escaped, and refraining from file operations or external HTTP requests. The lack of any logged vulnerabilities, historical or current, further reinforces this positive assessment. The plugin appears to be meticulously developed with security as a primary consideration, showcasing a robust defense against common web vulnerabilities.

Vulnerabilities

None known

WP SMTP Config Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WP SMTP Config Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

8 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped8 total outputs

Attack Surface

WP SMTP Config Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 3

actionphpmailer_initwp-smtp-config.php:63

actionnetwork_admin_menuwp-smtp-config.php:139

actionadmin_menuwp-smtp-config.php:141

Maintenance & Trust

WP SMTP Config Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedNov 12, 2018

PHP min version

Downloads16K

Community Trust

Rating60/100

Number of ratings2

Active installs200

Alternatives

WP SMTP Config Alternatives

SMTP Mailer

smtp-mailer

Configure a SMTP server to send email from your WordPress site. Configure the wp_mail() function to use SMTP instead of the PHP mail() function.

70K 1 CVE

WPO365 | MICROSOFT 365 GRAPH MAILER

wpo365-msgraphmailer

Send WordPress emails from a M365 / Exchange Online Mailbox using Microsoft Graph, leveraging OAuth for authentication which is more secure than SMTP

10K 1 CVE

Configure SMTP

configure-smtp

Configure SMTP mailing in WordPress, including support for sending email via SSL/TLS (such as Gmail).

7K 1 CVE

MailerSend – Official SMTP Integration

mailersend-official-smtp-integration

100

Improve your deliverability and avoid the spam box with MailerSend’s SMTP server. Check your analytics to improve your emails for better conversion!

2K No CVEs

SAR Friendly SMTP

sar-friendly-smtp

100

A friendly SMTP plugin for WordPress. No third-party, simply using WordPress native possibilities.

2K No CVEs

Developer Profile

WP SMTP Config Developer Profile

pCoLaSD

1 plugin · 200 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP SMTP Config

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes

smtp-messageicon32optiontableform-table

Data Attributes

id="smtp-message"id="icon-options-general"id="smtp_recipient"name="smtp_recipient"name="smtp_submit"

FAQ