
Conexteo – SMS for Woocommerce Security & Risk Analysis
wordpress.org/plugins/conexteoOur module allows you to easily send SMS to your customers to inform them of their order, a change in status or any other important message.
Is Conexteo – SMS for Woocommerce Safe to Use in 2026?
Generally Safe
Score 85/100Conexteo – SMS for Woocommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The conexteo v1.0.0 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices in its handling of SQL queries, with 100% using prepared statements, and a high rate of proper output escaping at 92%. Furthermore, there is no recorded vulnerability history, which suggests either a history of secure development or limited public scrutiny.
However, significant concerns are raised by the static analysis. The presence of four instances of the `unserialize` function is a major red flag. If the data being unserialized originates from user-controlled input, this can lead to Remote Code Execution (RCE) vulnerabilities. Additionally, the complete absence of nonce checks and capability checks across all entry points (even though the reported attack surface is zero) is a critical oversight. This means that even if other security measures were implemented, any potential entry point could be exploited without proper authorization or protection against CSRF attacks. The fact that no taint analysis flows were found might be misleading given the presence of `unserialize` without accompanying authorization checks, suggesting the analysis might have missed these critical paths.
In conclusion, while conexteo v1.0.0 benefits from secure SQL practices and good output escaping, the inherent risks associated with `unserialize` and the complete lack of nonce and capability checks on any potential, however small, attack surface present a substantial security risk. The absence of historical vulnerabilities should not be mistaken for current security. This plugin requires immediate review and remediation of the `unserialize` usage and the addition of proper authorization checks.
Key Concerns
- Dangerous function 'unserialize' used
- Missing nonce checks
- Missing capability checks
Conexteo – SMS for Woocommerce Security Vulnerabilities
Conexteo – SMS for Woocommerce Release Timeline
Conexteo – SMS for Woocommerce Code Analysis
Dangerous Functions Found
SQL Query Safety
Output Escaping
Conexteo – SMS for Woocommerce Attack Surface
WordPress Hooks 17
Maintenance & Trust
Conexteo – SMS for Woocommerce Maintenance & Trust
Maintenance Signals
Community Trust
Conexteo – SMS for Woocommerce Alternatives
Brevo for WooCommerce
woocommerce-sendinblue-newsletter-subscription
All-in-one WooCommerce email marketing, automation, SMS, and CRM by Brevo. Grow your store with powerful marketing tools.
WP Flashy Marketing Automation
wp-flashy-marketing-automation
Flashy is an all-in-one marketing platform for e-commerce websites to grow sales.
WinCarts
wincarts
AI-powered abandoned cart recovery via SMS for WooCommerce stores. Recover lost sales on autopilot.
WooCommerce Square
woocommerce-square
Securely accept payments, synchronize sales, and seamlessly manage inventory and product data between WooCommerce and Square POS.
Email Marketing for WooCommerce by Omnisend
omnisend-connect
Email Marketing, Newsletter, Email Automation, Forms, Pop Up, SMS, Abandoned Cart made easy for WordPress & WooCommerce by Omnisend
Conexteo – SMS for Woocommerce Developer Profile
1 plugin · 0 total installs
How We Detect Conexteo – SMS for Woocommerce
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/conexteo/admin/css/conexteo-admin.css/wp-content/plugins/conexteo/admin/js/conexteo-admin.js/wp-content/plugins/conexteo/public/css/conexteo-public.css/wp-content/plugins/conexteo/public/js/conexteo-public.js/wp-content/plugins/conexteo/admin/js/conexteo-admin.js/wp-content/plugins/conexteo/public/js/conexteo-public.jsconexteo/style.css?ver=conexteo/script.js?ver=HTML / DOM Fingerprints
conexteo-order-detailsconexteo_order-order-senderconexteo_order-order-messageconexteo_order-count-smsid="conexteo_order-order-sender"id="conexteo_order-order-message"id="conexteo_order-order-stop"id="conexteo_order-send"data-urlconexteo_order_count_sms/wp-json/conexteo/