Does افزونه پیامک حرفه ای فراز اس ام اس have any unpatched vulnerabilities?

Yes — افزونه پیامک حرفه ای فراز اس ام اس currently has 1 published unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is افزونه پیامک حرفه ای فراز اس ام اس compatible with WordPress 6.2.9?

According to WordPress.org data, افزونه پیامک حرفه ای فراز اس ام اس 2.7.3 has been tested up to WordPress 6.2.9. Check the plugin's changelog for the latest compatibility information.

Is افزونه پیامک حرفه ای فراز اس ام اس compatible with PHP 7.4+?

افزونه پیامک حرفه ای فراز اس ام اس requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is افزونه پیامک حرفه ای فراز اس ام اس updated?

افزونه پیامک حرفه ای فراز اس ام اس was last updated on Jun 11, 2023. Frequent updates are generally a positive security signal.

What is افزونه پیامک حرفه ای فراز اس ام اس's security score?

افزونه پیامک حرفه ای فراز اس ام اس has a WP-Safety security score of 63/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

افزونه پیامک حرفه ای فراز اس ام اس Security & Risk Analysis

wordpress.org/plugins/farazsms

شما می توانید با استفاده از افزونه فراز اس ام اس، سایت خود را با ابزاری خودکار برای ارسال پیامک و ذخیره شماره در دفترچه تلفن، تقویت کنید.

2K active installs v2.7.3 PHP 7.4+ WP 5.8+ Updated Jun 11, 2023

mobile-verificationorder-notificationorder-smssms-pluginwoocommerce-sms-integration

C · Use Caution

CVEs total1

Unpatched1

Last CVEJan 27, 2026

Plugin page Download

Safety Verdict

Is افزونه پیامک حرفه ای فراز اس ام اس Safe to Use in 2026?

Use With Caution

Score 63/100

افزونه پیامک حرفه ای فراز اس ام اس has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Jan 27, 2026Updated 2yr ago

Risk Assessment

The "farazsms" v2.7.3 plugin presents a concerning security posture due to a significant number of unprotected entry points. With 8 out of 10 identified entry points lacking proper authentication checks, an attacker could potentially leverage these to execute unauthorized actions. Furthermore, the taint analysis revealing two flows with unsanitized paths indicates a risk of vulnerabilities, particularly given the plugin's history of Cross-Site Scripting (XSS) vulnerabilities. While the plugin shows some strengths like a high percentage of properly escaped output and a reasonable rate of prepared SQL statements, these are overshadowed by the critical issues of unprotected AJAX handlers and unsanitized data flows.

The vulnerability history, specifically the single medium severity CVE and the reported XSS type, reinforces the concern about input sanitization. The future date of the last vulnerability (2026-01-27) is likely a data entry error, but the pattern of past issues still warrants caution. The presence of bundled libraries like Select2, while not inherently a risk, could become one if not properly maintained and updated, though no specific vulnerability related to it is highlighted here. In conclusion, the plugin has areas of good practice, but the high number of unprotected entry points and identified unsanitized data flows, coupled with past XSS issues, make it a moderate to high risk without further security hardening.

Key Concerns

Unprotected AJAX handlers
Taint analysis: Unsanitized paths
Missing nonce checks on AJAX
Unpatched CVE (medium severity)
Large attack surface without auth

Vulnerabilities

1 published

افزونه پیامک حرفه ای فراز اس ام اس Security Vulnerabilities

CVEs by Year

1 CVE in 2026 · unpatched

2026

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-68031medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

افزونه پیامک حرفه ای فراز اس ام اس <= 2.7.3 - Reflected Cross-Site Scripting

Jan 27, 2026Unpatched

Version History

افزونه پیامک حرفه ای فراز اس ام اس Release Timeline

v2.7.3Current1 CVE

v2.7.21 CVE

v2.7.11 CVE

v2.7.01 CVE

v2.6.01 CVE

v2.5.21 CVE

Code Analysis

Analyzed Mar 16, 2026

افزونه پیامک حرفه ای فراز اس ام اس Code Analysis

Dangerous Functions

Raw SQL Queries

9 prepared

Unescaped Output

135 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

SQL Query Safety

41% prepared22 total queries

Output Escaping

83% escaped162 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

fsms_woocommerce_checkout_process (modules\woocommerce\class-farazsms-woocommerce.php:539)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

8 unprotected

افزونه پیامک حرفه ای فراز اس ام اس Attack Surface

Entry Points10

Unprotected8

AJAX Handlers 8

authwp_ajax_fsms_newsletter_send_verification_codemodules\newsletter\class-farazsms-newsletter.php:70

noprivwp_ajax_fsms_newsletter_send_verification_codemodules\newsletter\class-farazsms-newsletter.php:74

authwp_ajax_fsms_send_tracking_code_smsmodules\woocommerce\class-farazsms-woocommerce.php:67

noprivwp_ajax_fsms_send_tracking_code_smsmodules\woocommerce\class-farazsms-woocommerce.php:68

authwp_ajax_fsms_send_otp_codemodules\woocommerce\class-farazsms-woocommerce.php:74

noprivwp_ajax_fsms_send_otp_codemodules\woocommerce\class-farazsms-woocommerce.php:75

authwp_ajax_farazsms_submit_order_reviewmodules\woocommerce\order-review\farazsms-order-review.php:63

noprivwp_ajax_farazsms_submit_order_reviewmodules\woocommerce\order-review\farazsms-order-review.php:64

Shortcodes 2

[farazsms-newsletter] modules\newsletter\class-farazsms-newsletter.php:56

[farazsms_order_review_landing_page] modules\woocommerce\order-review\farazsms-order-review.php:61

WordPress Hooks 75

actionplugins_loadedclasses\class-farazsms-i18n.php:51

actioninitclasses\class-farazsms-options.php:50

actioninitclasses\class-farazsms-options.php:51

actioninitclasses\class-farazsms-options.php:52

actioninitclasses\class-farazsms-options.php:53

actioninitclasses\class-farazsms-options.php:54

actioninitclasses\class-farazsms-options.php:55

actioninitclasses\class-farazsms-options.php:56

actioninitclasses\class-farazsms-options.php:57

actioninitclasses\class-farazsms-options.php:58

actioninitclasses\class-farazsms-options.php:59

actioninitclasses\class-farazsms-options.php:60

actionrest_api_initclasses\class-farazsms-routes.php:47

actionwp_enqueue_scriptsclasses\class-farazsms-settings.php:44

actionwp_enqueue_scriptsclasses\class-farazsms-settings.php:45

actionadmin_enqueue_scriptsclasses\class-farazsms-settings.php:46

actionadmin_enqueue_scriptsclasses\class-farazsms-settings.php:47

actionadmin_menuclasses\class-farazsms-settings.php:48

actionadmin_bar_menuclasses\class-farazsms-settings.php:50

actionwp_dashboard_setupclasses\class-farazsms-settings.php:53

actioninitclasses\class-farazsms-settings.php:54

actionactivated_pluginfarazsms.php:65

actionaffwp_register_usermodules\aff\class-farazsms-aff.php:79

actionaffwp_set_affiliate_statusmodules\aff\class-farazsms-aff.php:80

actionaffwp_referral_acceptedmodules\aff\class-farazsms-aff.php:81

actionaffwp_register_fields_before_tosmodules\aff\class-farazsms-aff.php:82

actionaffwp_new_affiliate_endmodules\aff\class-farazsms-aff.php:83

actionaffwp_edit_affiliate_endmodules\aff\class-farazsms-aff.php:84

actionyith_wcaf_new_affiliatemodules\aff\class-farazsms-aff.php:87

actionyith_wcaf_affiliate_enabledmodules\aff\class-farazsms-aff.php:88

actionyith_wcaf_commission_status_pending-paymentmodules\aff\class-farazsms-aff.php:89

actionyith_wcaf_register_formmodules\aff\class-farazsms-aff.php:94

actionyith_wcaf_settings_form_after_payment_emailmodules\aff\class-farazsms-aff.php:95

actionyith_wcaf_save_affiliate_settingsmodules\aff\class-farazsms-aff.php:99

actionuap_register_form_before_submit_buttonmodules\aff\class-farazsms-aff.php:106

actionuap_save_affiliate_actionmodules\aff\class-farazsms-aff.php:107

actionuap_public_action_save_referralmodules\aff\class-farazsms-aff.php:108

actionprofile_updatemodules\digits\class-farazsms-digits.php:46

actionedd_payment_view_detailsmodules\edd\class-farazsms-edd.php:62

actionedd_purchase_form_user_info_fieldsmodules\edd\class-farazsms-edd.php:63

actionedd_built_ordermodules\edd\class-farazsms-edd.php:64

actionedd_checkout_error_checksmodules\edd\class-farazsms-edd.php:65

actionedd_complete_purchasemodules\edd\class-farazsms-edd.php:66

actionelementor_pro/forms/actions/registermodules\elementor\class-farazsms-elementor.php:51

actionelementor/widgets/registermodules\elementor\class-farazsms-elementor.php:54

filtermanage_edit-comments_columnsmodules\farazsms\core\class-farazsms-comments.php:71

actionmanage_comments_custom_columnmodules\farazsms\core\class-farazsms-comments.php:72

actioncomment_form_logged_in_aftermodules\farazsms\core\class-farazsms-comments.php:73

actioncomment_form_after_fieldsmodules\farazsms\core\class-farazsms-comments.php:74

actionpreprocess_commentmodules\farazsms\core\class-farazsms-comments.php:75

actioncomment_postmodules\farazsms\core\class-farazsms-comments.php:76

filtercomment_form_default_fieldsmodules\farazsms\core\class-farazsms-comments.php:77

actioncomment_unapproved_to_approvedmodules\farazsms\core\class-farazsms-comments.php:80

actionwp_loginmodules\farazsms\core\class-farazsms-login-notify.php:57

actionwp_loginmodules\farazsms\core\class-farazsms-login-notify.php:58

filterupdate_user_metadatamodules\farazsms\core\class-farazsms-login-notify.php:59

actiongform_after_submissionmodules\gravity-forms\class-farazsms-gravity-forms.php:47

filterihc_filter_notification_before_expiremodules\membership\class-farazsms-membership.php:66

actionpmpro_membership_post_membership_expirymodules\membership\class-farazsms-membership.php:67

actioninitmodules\newsletter\class-farazsms-newsletter-block.php:46

actionwp_insert_postmodules\newsletter\class-farazsms-newsletter.php:79

actiontransition_post_statusmodules\newsletter\class-farazsms-newsletter.php:80

actionwp_enqueue_scriptsmodules\woocommerce\class-farazsms-woocommerce.php:63

actionwp_enqueue_scriptsmodules\woocommerce\class-farazsms-woocommerce.php:64

actionadd_meta_boxesmodules\woocommerce\class-farazsms-woocommerce.php:65

actionadd_meta_boxesmodules\woocommerce\class-farazsms-woocommerce.php:66

actionwoocommerce_thankyoumodules\woocommerce\class-farazsms-woocommerce.php:69

actioninitmodules\woocommerce\class-farazsms-woocommerce.php:70

actionwoocommerce_checkout_get_valuemodules\woocommerce\class-farazsms-woocommerce.php:71

filterwoocommerce_billing_fieldsmodules\woocommerce\class-farazsms-woocommerce.php:72

actionwoocommerce_checkout_processmodules\woocommerce\class-farazsms-woocommerce.php:73

actionwp_enqueue_scriptsmodules\woocommerce\order-review\farazsms-order-review.php:59

actionwp_enqueue_scriptsmodules\woocommerce\order-review\farazsms-order-review.php:60

actioninitmodules\woocommerce\order-review\farazsms-order-review.php:62

actionwoocommerce_order_status_completedmodules\woocommerce\order-review\farazsms-order-review.php:65

Maintenance & Trust

افزونه پیامک حرفه ای فراز اس ام اس Maintenance & Trust

Maintenance Signals

WordPress version tested6.2.9

Last updatedJun 11, 2023

PHP min version7.4

Downloads16K

Community Trust

Rating70/100

Number of ratings2

Active installs2K

Alternatives

افزونه پیامک حرفه ای فراز اس ام اس Alternatives

Alpha SMS

alpha-sms

100

Connect your WordPress and WooCommerce store to Alpha SMS for OTP verification and order notifications in Bangladesh.

100 No CVEs

Order SMS Notification – WooCommerce

order-sms-notification-woocommerce

A plugin for sending SMS notification after placing orders using WooCommerce

20 No CVEs

Branded SMS

branded-sms

Add to your WooCommerce store SMS notifications to your customers when order status changed.

10 No CVEs

Chat On Desk Order Notifications – WooCommerce

chat-on-desk

100

A plugin for sending whatsapp notification after placing orders using WooCommerce

0 No CVEs

Citrasms Woocommerce SMS Notification

citrasms-woocommerce-sms-notification

Citrasms Woocommerce SMS Notification send SMS notifications automatically for orders received at WooCommerce

0 No CVEs

Developer Profile

افزونه پیامک حرفه ای فراز اس ام اس Developer Profile

faraz sms

1 plugin · 2K total installs

trust score

Avg Security Score

63/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect افزونه پیامک حرفه ای فراز اس ام اس

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/farazsms/assets/css/farazsms-newsletter.css/wp-content/plugins/farazsms/assets/js/farazsms-newsletter.js/wp-content/plugins/farazsms/build/index.css/wp-content/plugins/farazsms/assets/js/react-multi-date-picker.js/wp-content/plugins/farazsms/build/index.js/wp-content/plugins/farazsms/assets/js/jquery.validate.min.js/wp-content/plugins/farazsms/assets/js/select2.min.js/wp-content/plugins/farazsms/assets/css/farazsms-tracking-code.css+1 more

Script Paths

/wp-content/plugins/farazsms/assets/js/farazsms-newsletter.js/wp-content/plugins/farazsms/assets/js/react-multi-date-picker.js/wp-content/plugins/farazsms/build/index.js/wp-content/plugins/farazsms/assets/js/jquery.validate.min.js/wp-content/plugins/farazsms/assets/js/select2.min.js/wp-content/plugins/farazsms/assets/js/farazsms-tracking-code.js

Version Parameters

?ver=2.7.3react-multi-date-picker.js?ver=2.7.3index.css?ver=2.7.3index.js?ver=2.7.3jquery.validate.min.js?ver=2.7.3select2.min.js?ver=2.7.3farazsms-tracking-code.css?ver=2.7.3farazsms-tracking-code.js?ver=2.7.3

HTML / DOM Fingerprints

CSS Classes

farazsms-tracking-code-wrapper

Data Attributes

id="farazsms-wrap"

JS Globals

fsms_ajax_objectfarazsmsJsObject

REST Endpoints

/wp-json/farazsms/v1/settings/wp-json/farazsms/v1/get-all-shortcodes/wp-json/farazsms/v1/get-sms-templates/wp-json/farazsms/v1/get-phonebooks/wp-json/farazsms/v1/get-credit/wp-json/farazsms/v1/get-sms-settings/wp-json/farazsms/v1/get-emails/wp-json/farazsms/v1/get-webhooks/wp-json/farazsms/v1/get-shortcode-by-id

FAQ

افزونه پیامک حرفه ای فراز اس ام اس Security & Risk Analysis

Is افزونه پیامک حرفه ای فراز اس ام اس Safe to Use in 2026?

Use With Caution

Key Concerns

افزونه پیامک حرفه ای فراز اس ام اس Security Vulnerabilities

CVEs by Year

Severity Breakdown

افزونه پیامک حرفه ای فراز اس ام اس Release Timeline

افزونه پیامک حرفه ای فراز اس ام اس Code Analysis

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

افزونه پیامک حرفه ای فراز اس ام اس Attack Surface

AJAX Handlers 8

Shortcodes 2

افزونه پیامک حرفه ای فراز اس ام اس Maintenance & Trust

Maintenance Signals

Community Trust

افزونه پیامک حرفه ای فراز اس ام اس Alternatives

Alpha SMS

Order SMS Notification – WooCommerce

Branded SMS

Chat On Desk Order Notifications – WooCommerce

Citrasms Woocommerce SMS Notification

افزونه پیامک حرفه ای فراز اس ام اس Developer Profile

How We Detect افزونه پیامک حرفه ای فراز اس ام اس

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about افزونه پیامک حرفه ای فراز اس ام اس