Does BULK SMS PLANS SMS Notifications have any unpatched vulnerabilities?

No. All known vulnerabilities in BULK SMS PLANS SMS Notifications have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is BULK SMS PLANS SMS Notifications compatible with WordPress 6.6.5?

According to WordPress.org data, BULK SMS PLANS SMS Notifications 1.3.0 has been tested up to WordPress 6.6.5. Check the plugin's changelog for the latest compatibility information.

Is BULK SMS PLANS SMS Notifications compatible with PHP 7.2+?

BULK SMS PLANS SMS Notifications requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is BULK SMS PLANS SMS Notifications updated?

BULK SMS PLANS SMS Notifications was last updated on Jan 5, 2026. Frequent updates are generally a positive security signal.

What is BULK SMS PLANS SMS Notifications's security score?

BULK SMS PLANS SMS Notifications has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

BULK SMS PLANS SMS Notifications Security & Risk Analysis

wordpress.org/plugins/bulksmsplans-sms-notifications

Send custom SMS and WhatsApp notifications for WooCommerce orders, with tracking of sent messages.

10 active installs v1.3.0 PHP 7.2+ WP 5.0+ Updated Jan 5, 2026

custom-notificationsorder-notificationssmswhatsappwoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is BULK SMS PLANS SMS Notifications Safe to Use in 2026?

Generally Safe

Score 100/100

BULK SMS PLANS SMS Notifications has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The bulksmsplans-sms-notifications plugin v1.3.0 exhibits a mixed security posture. While it shows strengths in its use of prepared statements for SQL queries and generally good output escaping, significant concerns arise from its attack surface. A substantial number of AJAX handlers (10 out of 10) lack authentication checks, creating a wide entry point for unauthorized actions. This is further exacerbated by the presence of 2 flows with unsanitized paths identified in taint analysis, with one being of high severity, indicating a potential for code execution or data manipulation if these paths are reachable without proper sanitization. The absence of any recorded vulnerability history, while seemingly positive, can sometimes indicate a lack of extensive past security scrutiny or a relatively new plugin. Overall, the plugin benefits from good internal coding practices regarding data handling but suffers from a critical oversight in access control for its AJAX endpoints, which is the primary risk.

Key Concerns

Unprotected AJAX handlers
High severity taint flow with unsanitized path
No capability checks on entry points

Vulnerabilities

None known

BULK SMS PLANS SMS Notifications Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

BULK SMS PLANS SMS Notifications Code Analysis

Dangerous Functions

Raw SQL Queries

18 prepared

Unescaped Output

146 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

95% prepared19 total queries

Output Escaping

93% escaped157 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

5 flows2 with unsanitized paths

<sendsms> (sendsms.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

10 unprotected

BULK SMS PLANS SMS Notifications Attack Surface

Entry Points13

Unprotected10

AJAX Handlers 10

authwp_ajax_send_sms_otpincludes\sms-otp-login.php:94

noprivwp_ajax_send_sms_otpincludes\sms-otp-login.php:95

authwp_ajax_verify_sms_otpincludes\sms-otp-login.php:166

noprivwp_ajax_verify_sms_otpincludes\sms-otp-login.php:167

authwp_ajax_get_option_nameincludes\wabridge.php:683

authwp_ajax_custom_actionsendsms.php:1482

noprivwp_ajax_blk_wc_sms_action_verifysendsms.php:2170

authwp_ajax_blk_wc_sms_action_verifysendsms.php:2171

noprivwp_ajax_blk_wc_sms_action_sendsendsms.php:2212

authwp_ajax_blk_wc_sms_action_sendsendsms.php:2213

Shortcodes 3

[sms_otp_login] includes\sms-otp-login.php:34

[WABRIDGE_PLUGIN] includes\wabridge.php:617

[BULKSMS_PLUGIN] sendsms.php:160

WordPress Hooks 17

actionwp_enqueue_scriptsincludes\sms-otp-login.php:33

actionadmin_enqueue_scriptsincludes\wabridge.php:14

actionadmin_menuincludes\wabridge.php:17

actionadmin_enqueue_scriptssendsms.php:55

actionwoocommerce_new_ordersendsms.php:241

actionwoocommerce_order_status_pendingsendsms.php:356

actionwoocommerce_order_status_processingsendsms.php:474

actionwoocommerce_order_status_on-holdsendsms.php:590

actionwoocommerce_order_status_completedsendsms.php:716

actionwoocommerce_order_status_cancelledsendsms.php:830

actionwoocommerce_order_status_failedsendsms.php:944

actionwoocommerce_order_status_refundedsendsms.php:1063

actionadmin_menusendsms.php:1177

actionwoocommerce_checkout_before_customer_detailssendsms.php:1810

actioninitsendsms.php:1818

actionwoocommerce_before_checkout_formsendsms.php:1828

actionwoocommerce_checkout_processsendsms.php:2118

Maintenance & Trust

BULK SMS PLANS SMS Notifications Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5

Last updatedJan 5, 2026

PHP min version7.2

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

BULK SMS PLANS SMS Notifications Alternatives

miniOrange OTP Verification and SMS Notification for WooCommerce

miniorange-sms-order-notification-otp-verification

OTP Verification via SMS, Email,or WhatsApp, and SMS Order Notifications, Vendor Notifications for WooCommerce.OTP Login and registration with Phone →

100 1 CVE

Reportana

reportana

100

Reportana is a solution for e-commerce that boosts sales, enhances customer communication, automates messaging, and monitors key metrics.

70 No CVEs

SMS for WooCommerce

wc-sms

Order SMS Notifications for Woocommerce

50 1 CVE

MyBotify

mybotify

100

Send automatic WhatsApp notifications for orders, updates, and more. Perfect for WooCommerce stores and WordPress sites!

10 No CVEs

SyncMate Order Notifications

assistro-order-notifications

100

WooCommerce Order Notifications. Automatically send WhatsApp messages to customers when their order status changes.

0 No CVEs

Developer Profile

BULK SMS PLANS SMS Notifications Developer Profile

Prince Malik

1 plugin · 10 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect BULK SMS PLANS SMS Notifications

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/bulksmsplans-sms-notifications/admin/css/sendsms-styles.css/wp-content/plugins/bulksmsplans-sms-notifications/admin/js/sendsms-scripts.js

Script Paths

/wp-content/plugins/bulksmsplans-sms-notifications/admin/js/sendsms-scripts.js

Version Parameters

bulksmsplans-sms-notifications/admin/css/sendsms-styles.css?ver=bulksmsplans-sms-notifications/admin/js/sendsms-scripts.js?ver=

HTML / DOM Fingerprints

FAQ