Does FraudLabs Pro SMS Verification have any unpatched vulnerabilities?

No. All known vulnerabilities in FraudLabs Pro SMS Verification have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is FraudLabs Pro SMS Verification compatible with WordPress 6.9.4?

According to WordPress.org data, FraudLabs Pro SMS Verification 1.11.4 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is FraudLabs Pro SMS Verification updated?

FraudLabs Pro SMS Verification was last updated on Mar 4, 2026. Frequent updates are generally a positive security signal.

What is FraudLabs Pro SMS Verification's security score?

FraudLabs Pro SMS Verification has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

FraudLabs Pro SMS Verification Security & Risk Analysis

wordpress.org/plugins/fraudlabs-pro-sms-verification

Description: SMS verification help merchants to authenticate the client's phone number via SMS verification to prevent fraudulent orders.

10 active installs v1.11.4 PHP + WP 4.6+ Updated Mar 4, 2026

contact-form-7fraudlabsprosmssms-verificationwoocommerce

A · Safe

CVEs total1

Unpatched0

Last CVENov 1, 2024

Download

Safety Verdict

Is FraudLabs Pro SMS Verification Safe to Use in 2026?

Generally Safe

Score 99/100

FraudLabs Pro SMS Verification has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Nov 1, 2024Updated 1mo ago

Risk Assessment

The "fraudlabs-pro-sms-verification" plugin version 1.11.4 exhibits a mixed security posture. While it demonstrates good practices by exclusively using prepared statements for SQL queries and has no known critical or high-severity vulnerabilities, several concerning patterns emerge from the static analysis. A significant portion of the plugin's attack surface, specifically 10 out of 13 AJAX handlers, lacks authentication checks. This is further compounded by the presence of 9 flows with unsanitized paths, indicating a potential for injection vulnerabilities if these paths are user-controllable. Although no critical or high-severity taint flows were detected, the high number of unsanitized paths is a notable concern. The plugin's vulnerability history shows a past medium-severity CSRF vulnerability, suggesting a need for continued vigilance regarding input validation and access control, especially given the unprotected AJAX endpoints. Overall, the plugin benefits from secure database interaction but requires immediate attention to its exposed AJAX endpoints and the identified unsanitized code paths to mitigate potential security risks.

Key Concerns

Unprotected AJAX handlers
Flows with unsanitized paths
Low output escaping percentage
Medium severity vulnerability history

Vulnerabilities

FraudLabs Pro SMS Verification Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-51688medium · 6.1Cross-Site Request Forgery (CSRF)

FraudLabs Pro SMS Verification <= 1.10.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Nov 1, 2024 Patched in 1.10.2 (6d)

Code Analysis

Analyzed Mar 16, 2026

FraudLabs Pro SMS Verification Code Analysis

Dangerous Functions

Raw SQL Queries

8 prepared

Unescaped Output

71 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared8 total queries

Output Escaping

44% escaped161 total outputs

Data Flows

9 unsanitized

Data Flow Analysis

10 flows9 with unsanitized paths

wp_default_register_form (fraudlabspro-sms-verification.php:1042)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

10 unprotected

FraudLabs Pro SMS Verification Attack Surface

Entry Points16

Unprotected10

AJAX Handlers 13

authwp_ajax_wp_sms_action_sendfraudlabspro-sms-verification.php:40

authwp_ajax_wp_sms_action_verifyfraudlabspro-sms-verification.php:41

authwp_ajax_fraudlabspro_sms_verification_submit_feedbackfraudlabspro-sms-verification.php:44

authwp_ajax_wp_sms_action_sendfraudlabspro-sms-verification.php:62

authwp_ajax_wp_sms_action_verifyfraudlabspro-sms-verification.php:66

authwp_ajax_fraudlabspro_sms_verification_submit_feedbackfraudlabspro-sms-verification.php:70

authwp_ajax_fraudlabspro_sms_verification_wc_admin_noticeincludes\class-wc-fraudlabspro-sms-verification.php:49

authwp_ajax_wc_sms_action_sendincludes\class-wc-fraudlabspro-sms-verification.php:50

authwp_ajax_wc_sms_action_verifyincludes\class-wc-fraudlabspro-sms-verification.php:51

authwp_ajax_wc_sms_action_verifiedincludes\class-wc-fraudlabspro-sms-verification.php:52

authwp_ajax_wc_sms_action_sendincludes\class-wc-fraudlabspro-sms-verification.php:58

authwp_ajax_wc_sms_action_verifyincludes\class-wc-fraudlabspro-sms-verification.php:62

authwp_ajax_wc_sms_action_verifiedincludes\class-wc-fraudlabspro-sms-verification.php:66

Shortcodes 3

[flp_sms_verification] fraudlabspro-sms-verification.php:47

[flp-sms-verification-edd] fraudlabspro-sms-verification.php:49

[flp-sms-verification-wc] includes\class-wc-fraudlabspro-sms-verification.php:55

WordPress Hooks 20

actionplugins_loadedfraudlabspro-sms-verification.php:36

actionadmin_menufraudlabspro-sms-verification.php:37

actionregister_formfraudlabspro-sms-verification.php:38

actionlogin_formfraudlabspro-sms-verification.php:39

actionwp_loadedfraudlabspro-sms-verification.php:42

actionadmin_enqueue_scriptsfraudlabspro-sms-verification.php:43

actionadmin_footer_textfraudlabspro-sms-verification.php:45

actionedd_complete_purchasefraudlabspro-sms-verification.php:58

actionwp_enqueue_scriptfraudlabspro-sms-verification.php:102

actionmanage_shop_order_posts_custom_columnincludes\class-wc-fraudlabspro-sms-verification.php:37

actionwoocommerce_checkout_after_terms_and_conditionsincludes\class-wc-fraudlabspro-sms-verification.php:38

actionwoocommerce_checkout_processincludes\class-wc-fraudlabspro-sms-verification.php:39

actionwoocommerce_store_api_checkout_order_processedincludes\class-wc-fraudlabspro-sms-verification.php:40

actionwoocommerce_login_formincludes\class-wc-fraudlabspro-sms-verification.php:41

actionwoocommerce_register_formincludes\class-wc-fraudlabspro-sms-verification.php:42

actionwoocommerce_thankyouincludes\class-wc-fraudlabspro-sms-verification.php:43

filtermanage_shop_order_posts_columnsincludes\class-wc-fraudlabspro-sms-verification.php:44

filterrender_blockincludes\class-wc-fraudlabspro-sms-verification.php:45

actionadmin_enqueue_scriptsincludes\class-wc-fraudlabspro-sms-verification.php:47

actionadmin_noticesincludes\class-wc-fraudlabspro-sms-verification.php:48

Maintenance & Trust

FraudLabs Pro SMS Verification Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 4, 2026

PHP min version

Downloads12K

Community Trust

Rating60/100

Number of ratings2

Active installs10

Alternatives

FraudLabs Pro SMS Verification Alternatives

TextMe SMS

textme-sms-integration

Send custom SMS messages from your WordPress site to your customers using the TextMe SMS gateway.

600 3 CVEs

eSMS

esms-gui-tin-nhan-sms

eSMS - là plugin dành riêng cho khách hàng sử dụng dịch vụ của eSMS, giúp quý khách gửi tin nhắn vào số điện thoại của khách hàng khi sử dụng Contact …

50 No CVEs

Contact Form 7 OTP SMS Verification

cf7-otp-sms-verification

100

SMS API: Buy Sms On All Bulk SMS

10 No CVEs

G Online SMS

g-online-sms

100

Send automated SMS notifications from WordPress — user registration, WooCommerce orders, Contact Form 7, Gravity Forms and more.

0 No CVEs

Sendit Israel

sendit-israel

100

Sendit Israel provides a simple SMS integration for WordPress and WooCommerce. Supports order status SMS notifications and Contact Form 7 submissions.

0 No CVEs

Developer Profile

FraudLabs Pro SMS Verification Developer Profile

fraudlabspro

3 plugins · 1K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

11 days

View full developer profile

Detection Fingerprints

How We Detect FraudLabs Pro SMS Verification

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/fraudlabs-pro-sms-verification/assets/css/style.css/wp-content/plugins/fraudlabs-pro-sms-verification/assets/js/script.js/wp-content/plugins/fraudlabs-pro-sms-verification/assets/js/frontend.js/wp-content/plugins/fraudlabs-pro-sms-verification/assets/js/admin.js

Script Paths

/wp-content/plugins/fraudlabs-pro-sms-verification/assets/js/script.js/wp-content/plugins/fraudlabs-pro-sms-verification/assets/js/frontend.js/wp-content/plugins/fraudlabs-pro-sms-verification/assets/js/admin.js

Version Parameters

fraudlabs-pro-sms-verification/assets/css/style.css?ver=fraudlabs-pro-sms-verification/assets/js/script.js?ver=fraudlabs-pro-sms-verification/assets/js/frontend.js?ver=fraudlabs-pro-sms-verification/assets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

fraudlabs-pro-sms-verification-wrapperfraudlabs-pro-sms-verification-buttonfraudlabs-pro-sms-verification-form

HTML Comments

Data Attributes

data-flp-sms-verification-api-keydata-flp-sms-verification-nonce

JS Globals

fraudlabs_pro_sms_verification_params

REST Endpoints

/wp-json/fraudlabs-pro-sms-verification/v1/send_otp/wp-json/fraudlabs-pro-sms-verification/v1/verify_otp

Shortcode Output

[flp_sms_verification][flp-sms-verification-edd]

FAQ