
iSimpleDesign clicktell SMS Plugin Security & Risk Analysis
wordpress.org/plugins/isimpledesign-clicktell-text-messageI created this simple plugin to use clicktells api text system it basically displays a form using the shortcode [sms] within any post or page so peopl …
Is iSimpleDesign clicktell SMS Plugin Safe to Use in 2026?
Generally Safe
Score 85/100iSimpleDesign clicktell SMS Plugin has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "isimpledesign-clicktell-text-message" plugin v1.0 presents a generally good security posture based on the provided static analysis. It exhibits a small attack surface with only one entry point (a shortcode) and importantly, no AJAX handlers or REST API routes were found to be exposed without authentication or permission checks. The absence of dangerous functions, file operations, and external HTTP requests further bolsters its security. Furthermore, all identified SQL queries utilize prepared statements, which is a strong defense against SQL injection. The plugin also demonstrates the use of nonce and capability checks, indicating an awareness of common WordPress security practices.
However, a significant concern is the complete lack of output escaping. With 6 total outputs identified and 0% properly escaped, this creates a substantial risk of Cross-Site Scripting (XSS) vulnerabilities. Any data rendered by this plugin, if user-controllable, could potentially be exploited to inject malicious scripts into the user's browser. While the vulnerability history is clean, this does not negate the immediate risk posed by the unescaped output, as new vulnerabilities can arise even in historically secure plugins.
In conclusion, the plugin has strengths in its limited attack surface and secure handling of database queries and authentication. However, the critical oversight in output escaping represents a glaring weakness that must be addressed immediately to mitigate XSS risks. The absence of past vulnerabilities is positive but does not excuse the current lack of output sanitization.
Key Concerns
- Outputs not properly escaped
iSimpleDesign clicktell SMS Plugin Security Vulnerabilities
iSimpleDesign clicktell SMS Plugin Release Timeline
iSimpleDesign clicktell SMS Plugin Code Analysis
Output Escaping
Data Flow Analysis
iSimpleDesign clicktell SMS Plugin Attack Surface
Shortcodes 1
WordPress Hooks 3
Maintenance & Trust
iSimpleDesign clicktell SMS Plugin Maintenance & Trust
Maintenance Signals
Community Trust
iSimpleDesign clicktell SMS Plugin Alternatives
Texty – SMS Notification for WordPress, WooCommerce, Dokan and more
texty
Texty is a lightweight SMS notification plugin for WordPress.
Custom Shortcodes
custom-shortcodes
Manage custom fields using the insert shortcodes or HTML comment in text of post.
Nested Shortcodes by Outerbridge
nested-shortcodes
A small plugin which allows you to use nest shortcodes (i.e. a shortcode within an enclosing shortcode) by implementing a simple do_shortcode filter
TextMe SMS
textme-sms-integration
Send custom SMS messages from your WordPress site to your customers using the TextMe SMS gateway.
Section Widget
section-widget
Display arbitrary information only on selected sections of your site. Also allows you to easily organize them into tabs in your sidebar.
iSimpleDesign clicktell SMS Plugin Developer Profile
2 plugins · 20 total installs
How We Detect iSimpleDesign clicktell SMS Plugin
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/isimpledesign-clicktell-text-message/css/isd-clicktell.css/wp-content/plugins/isimpledesign-clicktell-text-message/js/isd-clicktell.js/wp-content/plugins/isimpledesign-clicktell-text-message/js/isd-clicktell.jsHTML / DOM Fingerprints
numberword_countsendmessagecounterid="isd-clicktell-form"id="number"id="text"id="send"name="number"name="text"+11 more<form id='isd-clicktell-form' method='post' action=''>
<label for='number'>Enter your Number <small>Please use the following format 447702220339</small></label>
<input name='number' id='number' class='number' />
<label for='text'>Your Message:</label>
<textarea name='text' id='text' class='word_count'></textarea>
<input type='submit' name='send' class='send' id='send' value='send' />
<div class='message'></div>
<span class='counter'></span>
</form>