Does Bulk SMS PLugin have any unpatched vulnerabilities?

No. All known vulnerabilities in Bulk SMS PLugin have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Bulk SMS PLugin compatible with WordPress 3.1.4?

According to WordPress.org data, Bulk SMS PLugin 1.0 has been tested up to WordPress 3.1.4. Check the plugin's changelog for the latest compatibility information.

How often is Bulk SMS PLugin updated?

Bulk SMS PLugin was last updated on Mar 30, 2011. Frequent updates are generally a positive security signal.

What is Bulk SMS PLugin's security score?

Bulk SMS PLugin has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Bulk SMS PLugin Security & Risk Analysis

wordpress.org/plugins/bulk-sms

Bulk SMS Plugin enables Wordpress admins to allow their site visitors to send them SMS using SMS Gateway, it also supports auto response

10 active installs v1.0 PHP + WP 2.5+ Updated Mar 30, 2011

bulksmssms

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Bulk SMS PLugin Safe to Use in 2026?

Generally Safe

Score 85/100

Bulk SMS PLugin has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 15yr ago

Risk Assessment

The "bulk-sms" v1.0 plugin exhibits a mixed security posture. On the positive side, it has no recorded vulnerabilities or CVEs, and its SQL queries are all prepared statements, indicating good practices in database interaction. The absence of external HTTP requests and a small attack surface also contribute to a seemingly robust defense. However, significant concerns arise from the static analysis. None of the identified output operations are properly escaped, meaning user-supplied data displayed on the frontend or in administrative interfaces could be vulnerable to cross-site scripting (XSS) attacks. Furthermore, the absence of nonce checks and capability checks on its single shortcode entry point is a critical oversight, leaving it susceptible to unauthorized execution of its functionality, potentially leading to unintended SMS messages being sent or other malicious actions.

Key Concerns

0% of output is properly escaped
Shortcode lacks nonce/capability checks
Flow with unsanitized paths

Vulnerabilities

None known

Bulk SMS PLugin Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Bulk SMS PLugin Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped7 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths

<bulksms_import_admin> (bulksms_import_admin.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Bulk SMS PLugin Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[bulksms] bulksms.php:136

WordPress Hooks 2

actionwp_headbulksms.php:137

actionadmin_menubulksms.php:138

Maintenance & Trust

Bulk SMS PLugin Maintenance & Trust

Maintenance Signals

WordPress version tested3.1.4

Last updatedMar 30, 2011

PHP min version

Downloads6K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Bulk SMS PLugin Alternatives

TextP2P Texting Widget

textp2p-texting-widget

100

Allow site visitors to contact your business the way most prefer, by Texting. Installing the TextP2P Texting Widget plugin into your WordPress site pr …

30 No CVEs