Does Branded SMS have any unpatched vulnerabilities?

No. All known vulnerabilities in Branded SMS have been patched as of the latest data update. Always keep the plugin updated to the latest version.

How often is Branded SMS updated?

Branded SMS was last updated on Mar 18, 2020. Frequent updates are generally a positive security signal.

What is Branded SMS's security score?

Branded SMS has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Branded SMS Security & Risk Analysis

wordpress.org/plugins/branded-sms

Add to your WooCommerce store SMS notifications to your customers when order status changed.

10 active installs v4.4.3 PHP + WP 3.8+ Updated Mar 18, 2020

notificationorderorder-notificationorder-smssms-order

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Branded SMS Safe to Use in 2026?

Generally Safe

Score 85/100

Branded SMS has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago

Risk Assessment

The "branded-sms" plugin v4.4.3 presents a mixed security picture. On the positive side, it demonstrates good practices by exclusively using prepared statements for SQL queries and shows no known historical CVEs, suggesting a generally stable security track record. The absence of identifiable critical or high severity taint flows is also a positive indicator. However, significant concerns arise from the static analysis. The plugin utilizes the dangerous `unserialize` function, which is a well-known vector for remote code execution if not handled with extreme caution and proper input validation. Furthermore, a concerningly low 4% of output escaping indicates a high likelihood of cross-site scripting (XSS) vulnerabilities across its many output points. The lack of any capability checks or nonce checks on its entry points, although the attack surface is reported as zero, leaves room for potential privilege escalation or unauthorized actions if new entry points were to emerge or existing ones were overlooked in the analysis.

Key Concerns

Presence of unserialize function
Low percentage of properly escaped output
Missing capability checks
Missing nonce checks

Vulnerabilities

None known

Branded SMS Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Branded SMS Release Timeline

v4.4.3Current

v4.4.2

v4.4.1

v4.4

Code Analysis

Analyzed Mar 17, 2026

Branded SMS Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$plugin = get_object_vars( unserialize( $respuesta['body'] ) );includes\admin\funciones-apg.php:71

Output Escaping

4% escaped47 total outputs

Attack Surface

Branded SMS Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 15

actioninitbranded-sms.php:66

actionadmin_menubranded-sms.php:78

filterwoocommerce_screen_idsbranded-sms.php:86

actionadmin_initbranded-sms.php:101

actionwoocommerce_order_status_pending_to_on-hold_notificationbranded-sms.php:232

actionwoocommerce_order_status_failed_to_on-hold_notificationbranded-sms.php:233

actionwoocommerce_order_status_processingbranded-sms.php:234

actionwoocommerce_order_status_completedbranded-sms.php:235

actionwoocommerce_order_status_pending_to_processing_notificationbranded-sms.php:240

actionapg_sms_ejecuta_el_temporizadorbranded-sms.php:258

actionwoocommerce_new_customer_notebranded-sms.php:318

actionadmin_noticesbranded-sms.php:320

filterplugin_row_metaincludes\admin\funciones-apg.php:34

actionadmin_initincludes\admin\funciones-apg.php:115

actionadmin_enqueue_scriptsincludes\admin\funciones-apg.php:116

Scheduled Events 1

apg_sms_ejecuta_el_temporizador

Maintenance & Trust

Branded SMS Maintenance & Trust

Maintenance Signals

WordPress version tested

Last updatedMar 18, 2020

PHP min version

Downloads2K

Community Trust

Rating100/100

Number of ratings2

Active installs10

Alternatives

Branded SMS Alternatives

Order SMS Notification – WooCommerce

order-sms-notification-woocommerce

A plugin for sending SMS notification after placing orders using WooCommerce

20 No CVEs

Citrasms Woocommerce SMS Notification

citrasms-woocommerce-sms-notification

Citrasms Woocommerce SMS Notification send SMS notifications automatically for orders received at WooCommerce

0 No CVEs

افزونه پیامک حرفه ای فراز اس ام اس

farazsms

شما می توانید با استفاده از افزونه فراز اس ام اس، سایت خود را با ابزاری خودکار برای ارسال پیامک و ذخیره شماره در دفترچه تلفن، تقویت کنید.

2K 1 unpatched

miniOrange OTP Verification and SMS Notification for WooCommerce

miniorange-sms-order-notification-otp-verification

OTP Verification via SMS, Email,or WhatsApp, and SMS Order Notifications, Vendor Notifications for WooCommerce.OTP Login and registration with Phone →

100 1 CVE

Order SMS For WooCommerce

order-sms-for-woocommerce

100

Send WooCommerce order SMS notifications and custom SMS messages using popular SMS gateways.

0 No CVEs

Developer Profile

Branded SMS Developer Profile

Naqi

3 plugins · 20 total installs

trust score

Avg Security Score

87/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Branded SMS

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/branded-sms/css/admin-bar.css/wp-content/plugins/branded-sms/css/menu.css/wp-content/plugins/branded-sms/js/admin-bar.js/wp-content/plugins/branded-sms/js/menu.js

Script Paths

/wp-content/plugins/branded-sms/js/admin-bar.js/wp-content/plugins/branded-sms/js/menu.js

Version Parameters

branded-sms/css/admin-bar.css?ver=branded-sms/css/menu.css?ver=branded-sms/js/admin-bar.js?ver=branded-sms/js/menu.js?ver=

HTML / DOM Fingerprints

CSS Classes

apg_sms

FAQ