Africa's Talking SMS Plugin Security & Risk Analysis
wordpress.org/plugins/at-smsSend SMS from your Wordpress Website Dashboard using the Africa's Talking Bulk SMS API.
Is Africa's Talking SMS Plugin Safe to Use in 2026?
Generally Safe
Score 92/100Africa's Talking SMS Plugin has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "at-sms" plugin v1.0.1 demonstrates a generally good security posture based on the provided static analysis. The absence of known vulnerabilities in its history is a positive indicator. The plugin exhibits strong output escaping, with 88% of outputs properly handled, and utilizes prepared statements for a portion of its SQL queries. The presence of nonce checks, though not extensive, suggests an awareness of common WordPress security practices.
However, there are areas of concern that warrant attention. The static analysis reveals a single taint flow with unsanitized paths, which, while not classified as critical or high severity, represents a potential avenue for injection attacks if exploited. The lack of capability checks on any entry points is a significant weakness, meaning that any function that *could* be exposed, even without explicit handlers in this analysis, might be accessible by unauthenticated users. The bundling of Guzzle, while not inherently insecure, requires vigilance to ensure it remains up-to-date to avoid inherited vulnerabilities.
Overall, the plugin's strengths lie in its clean vulnerability history and good output escaping. The main weaknesses are the unsanitized taint flow and, more critically, the absence of capability checks, which, when combined, introduce a non-trivial risk. Continued monitoring and addressing the identified taint flow are recommended.
Key Concerns
- Flows with unsanitized paths
- No capability checks on entry points
- SQL queries not using prepared statements
- Bundled library (Guzzle)
Africa's Talking SMS Plugin Security Vulnerabilities
Africa's Talking SMS Plugin Code Analysis
Bundled Libraries
SQL Query Safety
Output Escaping
Data Flow Analysis
Africa's Talking SMS Plugin Attack Surface
WordPress Hooks 5
Maintenance & Trust
Africa's Talking SMS Plugin Maintenance & Trust
Maintenance Signals
Community Trust
Africa's Talking SMS Plugin Alternatives
Contact Form 7
contact-form-7
Just another contact form plugin. Simple but flexible.
All-in-One WP Migration and Backup
all-in-one-wp-migration
Trusted by 60M+ sites: The gold standard for WordPress migration and backup. Migrate, backup, and restore your WordPress site with one click.
Yoast Duplicate Post
duplicate-post
The go-to tool for cloning posts and pages, including the powerful Rewrite & Republish feature.
Duplicate Page
duplicate-page
Duplicate Posts, Pages and Custom Posts easily using single click
UpdraftPlus: WP Backup & Migration Plugin
updraftplus
Backup, restore or migrate your WordPress website to another host or domain. Schedule backups or run manually. Migrate in minutes.
Africa's Talking SMS Plugin Developer Profile
1 plugin · 10 total installs
How We Detect Africa's Talking SMS Plugin
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/at-sms/css/style.css/wp-content/plugins/at-sms/js/at-sms.js/wp-content/plugins/at-sms/js/at-sms.jsat-sms/style.css?ver=at-sms.js?ver=HTML / DOM Fingerprints
nav-tabnav-tab-activeat-warningmy-pleftid="contact_group_row"id="contact_row"id="warning_row"id="number_error"id="contact_group_list"id="contact_group_input"+5 moreat_sms_clean_nameat_sms_redirect