WP-Safety

Exsile SMS Gateway Security & Risk Analysis

wordpress.org/plugins/exsile-sms-gateway

Sending SMS messages easily on your website when forms are submitted.

20 active installs v1.2.0 PHP 7.4+ WP 4.0+ Updated Jan 11, 2026
send-leadssend-smssending-leads-by-smssending-sms
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Exsile SMS Gateway Safe to Use in 2026?

Generally Safe

Score 100/100

Exsile SMS Gateway has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The exsile-sms-gateway plugin v1.2.0 exhibits a concerning security posture primarily due to a massive unprotected attack surface. All 15 identified AJAX handlers lack authentication checks, presenting a significant risk of unauthorized access and execution of plugin functionalities by unauthenticated users. While the plugin demonstrates good practices in its use of prepared statements for SQL queries and proper output escaping for the vast majority of outputs, these strengths are heavily overshadowed by the critical deficiency in securing its entry points. The absence of nonce checks on AJAX handlers further exacerbates this vulnerability, as it leaves the plugin susceptible to Cross-Site Request Forgery (CSRF) attacks. The plugin's vulnerability history is clean, with no recorded CVEs, which is a positive indicator. However, this lack of historical vulnerabilities does not mitigate the immediate and severe risks presented by the current code analysis. The plugin has potential for serious security issues if any of the unprotected AJAX actions can be exploited to perform sensitive operations.

Key Concerns

  • AJAX handlers without authentication checks
  • AJAX handlers without nonce checks
  • Unsanitized paths in taint analysis
Vulnerabilities
None known

Exsile SMS Gateway Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Exsile SMS Gateway Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
1
38 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
1
Bundled Libraries
0

Output Escaping

97% escaped39 total outputs
Data Flows
20 unsanitized

Data Flow Analysis

20 flows20 with unsanitized paths
exsile_sms_account_details (includes\account-details.php:12)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
15 unprotected

Exsile SMS Gateway Attack Surface

Entry Points15
Unprotected15

AJAX Handlers 15

authwp_ajax_update-exsile_sms_admin_contact_form_7_formsincludes\contact-form-7.php:13
authwp_ajax_update-exsile_sms_user_contact_form_7_formsincludes\contact-form-7.php:14
authwp_ajax_update-exsile_sms_user_contact_form_7_forms_contentincludes\contact-form-7.php:15
authwp_ajax_update-exsile_sms_user_contact_form_7_forms_ignore_fieldsincludes\contact-form-7.php:16
authwp_ajax_update-exsile_sms_admin_elementor_formsincludes\elementor.php:13
authwp_ajax_update-exsile_sms_user_elementor_formsincludes\elementor.php:14
authwp_ajax_update-exsile_sms_user_elementor_forms_contentincludes\elementor.php:15
authwp_ajax_update-exsile_sms_user_elementor_forms_ignore_fieldsincludes\elementor.php:16
authwp_ajax_update-exsile_sms_admin_pojo_formsincludes\pojo-forms.php:13
authwp_ajax_update-exsile_sms_user_pojo_formsincludes\pojo-forms.php:14
authwp_ajax_update-exsile_sms_user_pojo_forms_contentincludes\pojo-forms.php:15
authwp_ajax_pojo_form_contact_submitincludes\pojo-forms.php:66
authwp_ajax_update-exsile_sms_admin_woocommerce_new_orderincludes\woocommerce.php:13
authwp_ajax_update-exsile_sms_user_woocommerce_new_orderincludes\woocommerce.php:15
authwp_ajax_update-exsile_sms_user_woocommerce_new_order_contentincludes\woocommerce.php:16
WordPress Hooks 6
actionadmin_menuexsile-sms-gateway.php:43
actionadmin_enqueue_scriptsexsile-sms-gateway.php:54
actionadmin_enqueue_scriptsexsile-sms-gateway.php:64
actionwpcf7_mail_sentincludes\contact-form-7.php:83
actionelementor_pro/forms/new_recordincludes\elementor.php:83
actionwoocommerce_new_orderincludes\woocommerce.php:125
Maintenance & Trust

Exsile SMS Gateway Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 11, 2026
PHP min version7.4
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs20
Alternatives

Exsile SMS Gateway Alternatives

ClickSend SMS Woo Integration

ClickSend SMS Woo Integration

clicksendsms

A
85

ClickSend SMS Woo Integration helps to send transactions & promotional sms to wooCommerce store owners.

100 No CVEs
text message sms plugin

text message sms plugin

text-message

A
92

text message by biz text lets your website receive and send text messages. reply to text messages from a pc or forward messages to your mobile phone.

100 No CVEs
Branded SMS Pakistan

Branded SMS Pakistan

branded-sms-pakistan

A
100

Branded SMS Pakistan - WooCommerce plugin will allow you to send Branded or Short Code SMS notification automatically for orders placed in WooCommerce …

50 No CVEs
SB SMS Sender

SB SMS Sender

sb-sms-sender

A
85

Send SMS to client using SMS club.

20 No CVEs
ExpertTexting Official WordPress Plugin

ExpertTexting Official WordPress Plugin

experttexting-official

A
85

ExpertTexting official plugin for WordPress. Send notifications, alerts, and personalized messages using ExpertTexting's API.

10 No CVEs
Developer Profile

Exsile SMS Gateway Developer Profile

Exsile

1 plugin · 20 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Exsile SMS Gateway

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/exsile-sms-gateway/admin/js/scripts.js/wp-content/plugins/exsile-sms-gateway/admin/js/bootstrap-suggest.js/wp-content/plugins/exsile-sms-gateway/admin/css/admin.css/wp-content/plugins/exsile-sms-gateway/admin/css/bootstrap-suggest.css/wp-content/plugins/exsile-sms-gateway/admin/js/inputmask/jquery.inputmask.min.js/wp-content/plugins/exsile-sms-gateway/admin/js/inputmask/inputmask.js/wp-content/plugins/exsile-sms-gateway/admin/js/inputmask/jquery.inputmask.js/wp-content/plugins/exsile-sms-gateway/admin/js/inputmask/inputmask.binding.js+1 more
Script Paths
/wp-content/plugins/exsile-sms-gateway/admin/js/scripts.js/wp-content/plugins/exsile-sms-gateway/admin/js/bootstrap-suggest.js/wp-content/plugins/exsile-sms-gateway/admin/js/inputmask/jquery.inputmask.min.js/wp-content/plugins/exsile-sms-gateway/admin/js/inputmask/inputmask.js/wp-content/plugins/exsile-sms-gateway/admin/js/inputmask/jquery.inputmask.js/wp-content/plugins/exsile-sms-gateway/admin/js/inputmask/inputmask.binding.js+1 more
Version Parameters
exsile-sms-gateway/admin/js/scripts.js?ver=exsile-sms-gateway/admin/js/bootstrap-suggest.js?ver=exsile-sms-gateway/admin/css/admin.css?ver=exsile-sms-gateway/admin/css/bootstrap-suggest.css?ver=exsile-sms-gateway/admin/js/inputmask/jquery.inputmask.min.js?ver=exsile-sms-gateway/admin/js/inputmask/inputmask.js?ver=exsile-sms-gateway/admin/js/inputmask/jquery.inputmask.js?ver=exsile-sms-gateway/admin/js/inputmask/inputmask.binding.js?ver=exsile-sms-gateway/admin/js/inputmask/inputmask.binding.min.js?ver=

HTML / DOM Fingerprints

JS Globals
exsile_ajax_url
FAQ

Frequently Asked Questions about Exsile SMS Gateway