iSimpleDesign clicktell SMS Plugin Security & Risk Analysis

wordpress.org/plugins/isimpledesign-clicktell-text-message

I created this simple plugin to use clicktells api text system it basically displays a form using the shortcode [sms] within any post or page so peopl …

10 active installs v1.0 PHP + WP 2.0+ Updated Jan 6, 2011
clicktellshortcodesmstext
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is iSimpleDesign clicktell SMS Plugin Safe to Use in 2026?

Generally Safe

Score 85/100

iSimpleDesign clicktell SMS Plugin has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 15yr ago
Risk Assessment

The "isimpledesign-clicktell-text-message" plugin v1.0 presents a generally good security posture based on the provided static analysis. It exhibits a small attack surface with only one entry point (a shortcode) and importantly, no AJAX handlers or REST API routes were found to be exposed without authentication or permission checks. The absence of dangerous functions, file operations, and external HTTP requests further bolsters its security. Furthermore, all identified SQL queries utilize prepared statements, which is a strong defense against SQL injection. The plugin also demonstrates the use of nonce and capability checks, indicating an awareness of common WordPress security practices.

However, a significant concern is the complete lack of output escaping. With 6 total outputs identified and 0% properly escaped, this creates a substantial risk of Cross-Site Scripting (XSS) vulnerabilities. Any data rendered by this plugin, if user-controllable, could potentially be exploited to inject malicious scripts into the user's browser. While the vulnerability history is clean, this does not negate the immediate risk posed by the unescaped output, as new vulnerabilities can arise even in historically secure plugins.

In conclusion, the plugin has strengths in its limited attack surface and secure handling of database queries and authentication. However, the critical oversight in output escaping represents a glaring weakness that must be addressed immediately to mitigate XSS risks. The absence of past vulnerabilities is positive but does not excuse the current lack of output sanitization.

Key Concerns

  • Outputs not properly escaped
Vulnerabilities
None known

iSimpleDesign clicktell SMS Plugin Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

iSimpleDesign clicktell SMS Plugin Release Timeline

No version history available.
Code Analysis
Analyzed Apr 16, 2026

iSimpleDesign clicktell SMS Plugin Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
6
0 escaped
Nonce Checks
2
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

0% escaped6 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

2 flows
config_page (isd-clicktell-text.php:38)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

iSimpleDesign clicktell SMS Plugin Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[sms] isd-clicktell-text.php:187
WordPress Hooks 3
actionwp_footerisd-clicktell-text.php:174
actionwp_headisd-clicktell-text.php:183
actionadmin_menuisd-clicktell-text.php:186
Maintenance & Trust

iSimpleDesign clicktell SMS Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested3.0.5
Last updatedJan 6, 2011
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Developer Profile

iSimpleDesign clicktell SMS Plugin Developer Profile

isimpledesign

2 plugins · 20 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect iSimpleDesign clicktell SMS Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/isimpledesign-clicktell-text-message/css/isd-clicktell.css/wp-content/plugins/isimpledesign-clicktell-text-message/js/isd-clicktell.js
Script Paths
/wp-content/plugins/isimpledesign-clicktell-text-message/js/isd-clicktell.js

HTML / DOM Fingerprints

CSS Classes
numberword_countsendmessagecounter
Data Attributes
id="isd-clicktell-form"id="number"id="text"id="send"name="number"name="text"+11 more
Shortcode Output
<form id='isd-clicktell-form' method='post' action=''> <label for='number'>Enter your Number <small>Please use the following format 447702220339</small></label> <input name='number' id='number' class='number' /> <label for='text'>Your Message:</label> <textarea name='text' id='text' class='word_count'></textarea> <input type='submit' name='send' class='send' id='send' value='send' /> <div class='message'></div> <span class='counter'></span> </form>
FAQ

Frequently Asked Questions about iSimpleDesign clicktell SMS Plugin