WP-Safety

WP Test Email Security & Risk Analysis

wordpress.org/plugins/wp-test-email

WP Test Email is allows you to test if your WordPress installation is sending mail or not.

20K active installs v1.1.7 PHP 5.2.4+ WP 4.3+ Updated Jul 31, 2024
check-mailemal-logmail-testertest-email
63
C · Use Caution
CVEs total3
Unpatched1
Last CVEJan 15, 2026
Download
Safety Verdict

Is WP Test Email Safe to Use in 2026?

Use With Caution

Score 63/100

WP Test Email has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

3 known CVEs 1 unpatched Last CVE: Jan 15, 2026Updated 1yr ago
Risk Assessment

The wp-test-email plugin, version 1.1.7, exhibits a mixed security posture. On the positive side, the static analysis reveals a commendable lack of dangerous functions, SQL injection vulnerabilities due to the exclusive use of prepared statements, and no file operations or external HTTP requests. The presence of nonce checks and a low number of total entry points (all reported as protected) are also good indicators. However, the plugin's vulnerability history is a significant concern, with three known CVEs, one of which remains unpatched and is of high severity. The common vulnerability type being Cross-site Scripting (XSS) suggests a recurring pattern of input sanitization issues in previous versions. The last recorded vulnerability being in 2026 is an anomaly and should be treated as a potential data error, but the existence of multiple past vulnerabilities, including an unpatched one, points to a need for ongoing security diligence.

Key Concerns

  • Unpatched high severity CVE
  • Two previously patched medium severity CVEs
  • Moderate output escaping (78% proper)
  • 0 capability checks on entry points
Vulnerabilities
3

WP Test Email Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
1 CVE in 2025
2025
1 CVE in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

High
1
Medium
2

3 total CVEs

CVE-2025-69102medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Test Email <= 1.1.7 - Reflected Cross-Site Scripting

Jan 15, 2026Unpatched
CVE-2025-2325high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Test Email <= 1.1.8 - Unauthenticated Stored Cross-Site Scripting

Mar 14, 2025 Patched in 1.1.9 (1d)
CVE-2024-8664medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Test Email <= 1.1.7 - Reflected Cross-Site Scripting

Sep 12, 2024 Patched in 1.1.8 (1d)
Code Analysis
Analyzed Mar 16, 2026

WP Test Email Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
4 prepared
Unescaped Output
5
18 escaped
Nonce Checks
1
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared4 total queries

Output Escaping

78% escaped23 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
wp_test_email_logs (wp-test-email.php:123)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

WP Test Email Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 4
actionadmin_menuwp-test-email.php:16
actionphpmailer_initwp-test-email.php:73
actionadmin_menuwp-test-email.php:121
actionwp_test_email_clear_logswp-test-email.php:363

Scheduled Events 1

wp_test_email_clear_logs
Maintenance & Trust

WP Test Email Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5
Last updatedJul 31, 2024
PHP min version5.2.4
Downloads248K

Community Trust

Rating94/100
Number of ratings15
Active installs20K
Alternatives

WP Test Email Alternatives

Automatic Email Testing for WP

Automatic Email Testing for WP

automatic-email-testing-for-wp

A
100

[UPDATED!] Automatic Email Testing for WP plugin allows you to set up a system inside wordpress to test your email server every day.

300 No CVEs
ZeroBounce Email Verification & Validation

ZeroBounce Email Verification & Validation

zerobounce

A
92

ZeroBounce validates emails on your WordPress site in real-time, blocking invalid and risky emails to improve deliverability and reduce bounce rates.

1K 1 CVE
Mailsure

Mailsure

mailsure

A
92

Test email sending, SPF, DKIM & DMARC

50 No CVEs
WP SMTP Mailer

WP SMTP Mailer

wp-smtp-mailer

A
92

WP SMTP Mailer is a simple and flexible plugin to configure SMTP settings in WordPress. It allows you to set up SMTP credentials, test email sending, &hellip;

50 No CVEs
Email Checker

Email Checker

real-time-email-checker

A
85

Prevent spam signups by bots and lost customers in comment, registration, and contact forms using Email Checker's Email Verification Plugin.

10 No CVEs
Developer Profile

WP Test Email Developer Profile

Boopathi Rajan

13 plugins · 44K total installs

70
trust score
Avg Security Score
87/100
Avg Patch Time
419 days
View full developer profile
Detection Fingerprints

How We Detect WP Test Email

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes
wrapform-tablenoticenotice-successis-dismissiblenotice-errordescriptionwidefat+2 more
Data Attributes
noncename="mail_to"value="Test Mail"name="mail_subject"id="wp_test_email_nonce_field"
FAQ

Frequently Asked Questions about WP Test Email