Conexteo – SMS for Woocommerce Security & Risk Analysis

wordpress.org/plugins/conexteo

Our module allows you to easily send SMS to your customers to inform them of their order, a change in status or any other important message.

0 active installs v1.0.0 PHP 7.0+ WP 3.0.1+ Updated Jul 19, 2023
marketing-automationsmssyncwoocommerce
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Conexteo – SMS for Woocommerce Safe to Use in 2026?

Generally Safe

Score 85/100

Conexteo – SMS for Woocommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago
Risk Assessment

The conexteo v1.0.0 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices in its handling of SQL queries, with 100% using prepared statements, and a high rate of proper output escaping at 92%. Furthermore, there is no recorded vulnerability history, which suggests either a history of secure development or limited public scrutiny.

However, significant concerns are raised by the static analysis. The presence of four instances of the `unserialize` function is a major red flag. If the data being unserialized originates from user-controlled input, this can lead to Remote Code Execution (RCE) vulnerabilities. Additionally, the complete absence of nonce checks and capability checks across all entry points (even though the reported attack surface is zero) is a critical oversight. This means that even if other security measures were implemented, any potential entry point could be exploited without proper authorization or protection against CSRF attacks. The fact that no taint analysis flows were found might be misleading given the presence of `unserialize` without accompanying authorization checks, suggesting the analysis might have missed these critical paths.

In conclusion, while conexteo v1.0.0 benefits from secure SQL practices and good output escaping, the inherent risks associated with `unserialize` and the complete lack of nonce and capability checks on any potential, however small, attack surface present a substantial security risk. The absence of historical vulnerabilities should not be mistaken for current security. This plugin requires immediate review and remediation of the `unserialize` usage and the addition of proper authorization checks.

Key Concerns

  • Dangerous function 'unserialize' used
  • Missing nonce checks
  • Missing capability checks
Vulnerabilities
None known

Conexteo – SMS for Woocommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Conexteo – SMS for Woocommerce Release Timeline

No version history available.
Code Analysis
Analyzed Apr 16, 2026

Conexteo – SMS for Woocommerce Code Analysis

Dangerous Functions
4
Raw SQL Queries
0
17 prepared
Unescaped Output
8
98 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
3
Bundled Libraries
0

Dangerous Functions Found

unserialize$selected_value = ($args['value_type'] == 'serialized') ? unserialize($wp_data_value) : $wp_data_valadmin/class-conexteo-admin.php:463
unserialize$cart = unserialize($result['session_value']);includes/class-db-exchange.php:121
unserialize$session_value = unserialize($result['session_value']);includes/class-db-exchange.php:123
unserialize$customer = unserialize($session_value['customer']);includes/class-db-exchange.php:128

SQL Query Safety

100% prepared17 total queries

Output Escaping

92% escaped106 total outputs
Attack Surface

Conexteo – SMS for Woocommerce Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 17
actionadmin_menuadmin/class-conexteo-admin.php:66
actionadmin_initadmin/class-conexteo-admin.php:67
actionadmin_noticesadmin/class-conexteo-admin.php:163
actionwoocommerce_order_status_pendingconexteo.php:86
actionwoocommerce_order_status_failedconexteo.php:87
actionwoocommerce_order_status_on-holdconexteo.php:88
actionwoocommerce_order_status_processingconexteo.php:89
actionwoocommerce_order_status_completedconexteo.php:90
actionwoocommerce_order_status_refundedconexteo.php:91
actionwoocommerce_order_status_cancelledconexteo.php:92
actionwoocommerce_admin_order_data_after_shipping_addressconexteo.php:140
actioninitconexteo.php:171
filterquery_varsconexteo.php:177
actionparse_requestconexteo.php:184
actionplugins_loadedincludes/class-conexteo.php:135
actionadmin_enqueue_scriptsincludes/class-conexteo.php:150
actionadmin_enqueue_scriptsincludes/class-conexteo.php:151
Maintenance & Trust

Conexteo – SMS for Woocommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.2.9
Last updatedJul 19, 2023
PHP min version7.0
Downloads700

Community Trust

Rating0/100
Number of ratings0
Active installs0
Developer Profile

Conexteo – SMS for Woocommerce Developer Profile

conexteo

1 plugin · 0 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Conexteo – SMS for Woocommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/conexteo/admin/css/conexteo-admin.css/wp-content/plugins/conexteo/admin/js/conexteo-admin.js/wp-content/plugins/conexteo/public/css/conexteo-public.css/wp-content/plugins/conexteo/public/js/conexteo-public.js
Script Paths
/wp-content/plugins/conexteo/admin/js/conexteo-admin.js/wp-content/plugins/conexteo/public/js/conexteo-public.js
Version Parameters
conexteo/style.css?ver=conexteo/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
conexteo-order-detailsconexteo_order-order-senderconexteo_order-order-messageconexteo_order-count-sms
Data Attributes
id="conexteo_order-order-sender"id="conexteo_order-order-message"id="conexteo_order-order-stop"id="conexteo_order-send"data-url
JS Globals
conexteo_order_count_sms
REST Endpoints
/wp-json/conexteo/
FAQ

Frequently Asked Questions about Conexteo – SMS for Woocommerce