Does inSIM have any unpatched vulnerabilities?

No. All known vulnerabilities in inSIM have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is inSIM compatible with WordPress 6.7.5?

According to WordPress.org data, inSIM 4.0 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

How often is inSIM updated?

inSIM was last updated on Oct 20, 2025. Frequent updates are generally a positive security signal.

What is inSIM's security score?

inSIM has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

inSIM Security Review — Score 100/100 (safe)

Safety Verdict

Is inSIM Safe to Use in 2026?

Generally Safe

Score 100/100

inSIM has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago

Risk Assessment

The "insim" v4.0 plugin exhibits a concerning security posture primarily due to a large number of unprotected AJAX handlers, representing a significant attack surface. While the plugin demonstrates good practices in areas like output escaping and avoids known vulnerability types historically, the sheer volume of entry points without proper authentication checks is a major red flag. The taint analysis reveals a notable number of flows with unsanitized paths, with a high severity score of 8, indicating potential risks that require immediate attention. The absence of known CVEs and a clean vulnerability history is a positive indicator of past development efforts, but it does not negate the immediate risks identified in the static analysis. The plugin's strengths lie in its proper use of prepared statements for SQL and good output escaping, but these are overshadowed by the critical flaw of unprotected AJAX handlers and unsanitized paths.

Key Concerns

Large attack surface without auth checks
High number of unsanitized paths in taint analysis
8 Critical severity taint flows
SQL queries not always prepared
Output not always properly escaped

Vulnerabilities

None known

inSIM Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

inSIM Code Analysis

Dangerous Functions

0

Raw SQL Queries

33

30 prepared

Unescaped Output

151

422 escaped

Nonce Checks

10

Capability Checks

4

File Operations

2

External Requests

24

Bundled Libraries

0

SQL Query Safety

48% prepared63 total queries

Output Escaping

74% escaped573 total outputs

Data Flows

28 unsanitized

Data Flow Analysis

25 flows28 with unsanitized paths

_post_process (admin\sim-to-shop-send-tab.php:37)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

36 unprotected

inSIM Attack Surface

Entry Points42

Unprotected36

AJAX Handlers 42

authwp_ajax_insim_preview_filtersadmin\sim-to-shop-ajax-handlers.php:24

authwp_ajax_insim_add_filtered_recipientsadmin\sim-to-shop-ajax-handlers.php:27

authwp_ajax_insim_save_filter_presetadmin\sim-to-shop-ajax-handlers.php:30

authwp_ajax_insim_load_filter_presetadmin\sim-to-shop-ajax-handlers.php:33

authwp_ajax_insim_track_filter_usageadmin\sim-to-shop-ajax-handlers.php:36

authwp_ajax_insim_track_recipients_addedadmin\sim-to-shop-ajax-handlers.php:39

authwp_ajax_addRecipientincludes\sim-to-shop.php:180

authwp_ajax_transmitOWSincludes\sim-to-shop.php:181

authwp_ajax_delRecipientincludes\sim-to-shop.php:182

authwp_ajax_filterincludes\sim-to-shop.php:183

authwp_ajax_addRecipientsFromQueryincludes\sim-to-shop.php:184

authwp_ajax_countRecipientFromQueryincludes\sim-to-shop.php:185

authwp_ajax_sim_to_shop_add_recipients_from_queryincludes\sim-to-shop.php:187

authwp_ajax_sim_to_shop_count_recipients_from_queryincludes\sim-to-shop.php:188

authwp_ajax__ajax_fetch_custom_listincludes\sim-to-shop.php:189

authwp_ajax__ajax_fetch_recipient_listincludes\sim-to-shop.php:190

authwp_ajax_filterUserincludes\sim-to-shop.php:193

authwp_ajax_addRecipientsFromRoleincludes\sim-to-shop.php:194

authwp_ajax_get-accessinSIM.php:76

noprivwp_ajax_get-accessinSIM.php:77

authwp_ajax_change-settinginSIM.php:91

noprivwp_ajax_change-settinginSIM.php:92

authwp_ajax_get-datainSIM.php:101

noprivwp_ajax_get-datainSIM.php:102

authwp_ajax_test_smsinSIM.php:409

noprivwp_ajax_inSIM_get_datainSIM.php:583

authwp_ajax_inSIM_get_datainSIM.php:584

authwp_ajax_addRecipientpublic\includes\sim-to-shop.php:180

authwp_ajax_transmitOWSpublic\includes\sim-to-shop.php:181

authwp_ajax_delRecipientpublic\includes\sim-to-shop.php:182

authwp_ajax_filterpublic\includes\sim-to-shop.php:183

authwp_ajax_addRecipientsFromQuerypublic\includes\sim-to-shop.php:184

authwp_ajax_countRecipientFromQuerypublic\includes\sim-to-shop.php:185

authwp_ajax__ajax_fetch_custom_listpublic\includes\sim-to-shop.php:186

authwp_ajax__ajax_fetch_recipient_listpublic\includes\sim-to-shop.php:187

authwp_ajax_filterUserpublic\includes\sim-to-shop.php:190

authwp_ajax_addRecipientsFromRolepublic\includes\sim-to-shop.php:191

authwp_ajax_get-datapublic\inSIM.php:81

noprivwp_ajax_get-datapublic\inSIM.php:82

authwp_ajax_test_smspublic\inSIM.php:385

noprivwp_ajax_inSIM_get_datapublic\inSIM.php:559

authwp_ajax_inSIM_get_datapublic\inSIM.php:560

WordPress Hooks 36

actionplugins_loadedincludes\sim-to-shop.php:136

actionadmin_enqueue_scriptsincludes\sim-to-shop.php:152

actionadmin_enqueue_scriptsincludes\sim-to-shop.php:153

actionadmin_menuincludes\sim-to-shop.php:155

actionwoocommerce_created_customerincludes\sim-to-shop.php:159

actionwoocommerce_checkout_update_order_metaincludes\sim-to-shop.php:162

actionwp_insert_commentincludes\sim-to-shop.php:165

actionwoocommerce_low_stockincludes\sim-to-shop.php:168

actionsim_to_shop_event_daily_hookincludes\sim-to-shop.php:171

actionpassword_resetincludes\sim-to-shop.php:173

actionwoocommerce_order_status_changedincludes\sim-to-shop.php:177

actionwp_loginincludes\sim-to-shop.php:197

filterplugin_action_linksincludes\sim-to-shop.php:200

actionwp_enqueue_scriptsincludes\sim-to-shop.php:214

actionwp_enqueue_scriptsincludes\sim-to-shop.php:215

actionwoocommerce_initinSIM.php:42

actiondelete_userinSIM.php:206

actionwoocommerce_new_orderinSIM.php:440

actionplugins_loadedpublic\includes\sim-to-shop.php:136

actionadmin_enqueue_scriptspublic\includes\sim-to-shop.php:152

actionadmin_enqueue_scriptspublic\includes\sim-to-shop.php:153

actionadmin_menupublic\includes\sim-to-shop.php:155

actionwoocommerce_created_customerpublic\includes\sim-to-shop.php:159

actionwoocommerce_checkout_update_order_metapublic\includes\sim-to-shop.php:162

actionwp_insert_commentpublic\includes\sim-to-shop.php:165

actionwoocommerce_low_stockpublic\includes\sim-to-shop.php:168

actionsim_to_shop_event_daily_hookpublic\includes\sim-to-shop.php:171

actionpassword_resetpublic\includes\sim-to-shop.php:173

actionwoocommerce_order_status_changedpublic\includes\sim-to-shop.php:177

actionwp_loginpublic\includes\sim-to-shop.php:194

filterplugin_action_linkspublic\includes\sim-to-shop.php:197

actionwp_enqueue_scriptspublic\includes\sim-to-shop.php:211

actionwp_enqueue_scriptspublic\includes\sim-to-shop.php:212

actionwoocommerce_initpublic\inSIM.php:42

actiondelete_userpublic\inSIM.php:190

actionwoocommerce_new_orderpublic\inSIM.php:416

Scheduled Events 2

sim_to_shop_event_daily_hook

Maintenance & Trust

inSIM Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedOct 20, 2025

PHP min version

Downloads953

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

inSIM Alternatives

ClickSend SMS Woo Integration

clicksendsms

A

85

ClickSend SMS Woo Integration helps to send transactions & promotional sms to wooCommerce store owners.

100 No CVEs

MessageFlow

messageflow

A

85

A Free, one-click-to-install, SMS telecommunication plugin made for e-commerce stores.

0 No CVEs

Newsletters, Email Marketing, SMS and Popups by Omnisend

omnisend

A

100

Newsletters, Email Marketing, Email Automation, Forms, Pop Up, SMS by Omnisend

100K No CVEs

Email Marketing for WooCommerce by Omnisend

omnisend-connect

A

99

Email Marketing, Newsletter, Email Automation, Forms, Pop Up, SMS, Abandoned Cart made easy for WordPress & WooCommerce by Omnisend

60K 2 CVEs

افزونه پیامک ووکامرس Persian WooCommerce SMS

persian-woocommerce-sms

B

72

افزونه کامل و حرفه ای برای اطلاع رسانی پیامکی سفارشات و رویداد های محصولات ووکامرس

50K 1 unpatched

Developer Profile

inSIM Developer Profile

2wstechnologies

3 plugins · 0 total installs

94

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect inSIM

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ

inSIM Security & Risk Analysis