Does Melipayamak have any unpatched vulnerabilities?

Yes — Melipayamak currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Melipayamak compatible with WordPress 4.9.29?

According to WordPress.org data, Melipayamak 2.2.12 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

Is Melipayamak compatible with PHP 5.4+?

Melipayamak requires PHP 5.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Melipayamak updated?

Melipayamak was last updated on Oct 29, 2018. Frequent updates are generally a positive security signal.

What is Melipayamak's security score?

Melipayamak has a WP-Safety security score of 63/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Melipayamak Security & Risk Analysis

wordpress.org/plugins/melipayamak

ارسال و دریافت پیامک و پیام صوتی بر روی سیستم وردپرس و پلاگین های ووکامرس، کانتکت فرم، گرویتی فرم و ایزی دیجیتال دانلود

500 active installs v2.2.12 PHP 5.4+ WP 4.4+ Updated Oct 29, 2018

sms%d9%be%db%8c%d8%a7%d9%85-%da%a9%d9%88%d8%aa%d8%a7%d9%87%d9%be%db%8c%d8%a7%d9%85%da%a9%d8%a7%d8%b3-%d8%a7%d9%85-%d8%a7%d8%b3

C · Use Caution

CVEs total1

Unpatched1

Last CVEJun 5, 2025

Plugin page Download

Safety Verdict

Is Melipayamak Safe to Use in 2026?

Use With Caution

Score 63/100

Melipayamak has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Jun 5, 2025Updated 7yr ago

Risk Assessment

The melipayamak plugin v2.2.12 presents a mixed security posture. While the attack surface is notably small with no unprotected entry points and a reasonable number of nonce and capability checks, significant concerns arise from the code analysis. The low percentage of SQL queries using prepared statements (9%) and output escaping (14%) indicates a high risk of SQL injection and cross-site scripting vulnerabilities, especially given the 4 analyzed taint flows with unsanitized paths. The plugin also has a history of vulnerabilities, including a recent medium-severity Cross-Site Scripting (XSS) issue that remains unpatched. This pattern suggests a recurring lack of robust input validation and output sanitization. While the lack of dangerous functions and external HTTP requests is positive, the prevalent issues with SQL prepared statements and output escaping, coupled with the unpatched CVE, point to a need for urgent code review and remediation to improve the plugin's overall security.

Key Concerns

Unpatched medium severity CVE
Low rate of prepared SQL statements
Low rate of properly escaped output
Flows with unsanitized paths detected

Vulnerabilities

Melipayamak Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-30940medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Melipayamak <= 2.2.12 - Authenticated (Administrator+) Stored Cross-Site Scripting

Jun 5, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

Melipayamak Code Analysis

Dangerous Functions

Raw SQL Queries

6 prepared

Unescaped Output

282

47 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

9% prepared70 total queries

Output Escaping

14% escaped329 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

5 flows4 with unsanitized paths

melipayamak_cf7_form2 (includes\actions.php:387)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Melipayamak Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[melipayamak] includes\shortcode.php:28

WordPress Hooks 52

actionwp_insert_commentincludes\actions.php:35

filtertwo_factor_providersincludes\actions.php:46

actionuser_registerincludes\actions.php:70

actionwp_loginincludes\actions.php:89

actionedd_complete_purchaseincludes\actions.php:102

actionwoocommerce_thankyouincludes\actions.php:167

actionwoocommerce_order_status_changedincludes\actions.php:184

actionwoocommerce_new_customer_noteincludes\actions.php:202

actionwoocommerce_after_checkout_validationincludes\actions.php:229

filterwoocommerce_create_orderincludes\actions.php:231

actionadd_meta_boxesincludes\actions.php:365

actionpublish_postincludes\actions.php:366

actionwpcf7_editor_panelsincludes\actions.php:414

actionwpcf7_before_send_mailincludes\actions.php:415

actionwpcf7_after_saveincludes\actions.php:416

actiongform_loadedincludes\actions.php:430

actiondashboard_glance_itemsincludes\actions.php:910

filterrandom_passwordincludes\actions.php:969

actionregister_formincludes\actions.php:970

filteruser_contactmethodsincludes\actions.php:971

filterregistration_errorsincludes\actions.php:972

actionuser_profile_update_errorsincludes\actions.php:973

actionuser_registerincludes\actions.php:974

actionuser_new_formincludes\actions.php:975

actionuser_registerincludes\actions.php:1025

actionretrieve_password_keyincludes\actions.php:1026

actionadmin_menuincludes\admin.php:9

actionadmin_bar_menuincludes\adminbar.php:10

filtergform_add_field_buttonsincludes\GFVerification.php:17

filtergform_field_type_titleincludes\GFVerification.php:18

actiongform_editor_js_set_default_valuesincludes\GFVerification.php:19

actiongform_editor_jsincludes\GFVerification.php:20

actiongform_field_standard_settingsincludes\GFVerification.php:21

filtergform_tooltipsincludes\GFVerification.php:22

filtergform_field_validationincludes\GFVerification.php:25

filtergform_entry_post_saveincludes\GFVerification.php:26

actiongform_field_inputincludes\GFVerification.php:27

actiongform_field_css_classincludes\GFVerification.php:28

filtergform_field_contentincludes\GFVerification.php:29

filtergform_merge_tag_filterincludes\GFVerification.php:30

filtergform_submit_buttonincludes\GFVerification.php:132

filtergform_next_buttonincludes\GFVerification.php:134

filtersms_verify_resendincludes\GFVerification.php:319

filtergform_validation_messageincludes\GFVerification.php:364

filtersms_verify_display_noneincludes\GFVerification.php:365

filtersms_verify_fieldincludes\GFVerification.php:369

filtersms_verify_self_validationincludes\GFVerification.php:375

filtergform_button_verifyincludes\GFVerification.php:378

actioninitincludes\shortcode.php:30

filtermce_external_pluginsincludes\shortcode.php:32

filtermce_buttonsincludes\shortcode.php:33

actionwidgets_initincludes\widget.php:9

Maintenance & Trust

Melipayamak Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedOct 29, 2018

PHP min version5.4

Downloads25K

Community Trust

Rating94/100

Number of ratings6

Active installs500

Alternatives

Melipayamak Alternatives

افزونه پیامک ووکامرس Persian WooCommerce SMS

persian-woocommerce-sms

افزونه کامل و حرفه ای برای اطلاع رسانی پیامکی سفارشات و رویداد های محصولات ووکامرس

50K 1 unpatched

Akay Digits Add-on

akay-digits

افزونه مکمل دیجیتس آکای برای استفاده با افزونه اورجینال دیجیتس سازگاری با سامانه های پیامکی

90 No CVEs

افزونه پیامک ووکامرس و وردپرس نیر وب

nirweb-smart-sms

افزونه پیامک ووکامرس و ورودپرس | با این افزونه میتوانید انواع اطلاع رسانی های پیامکی برای ووکامرس و وردپرس خود داشته باشید.

50 No CVEs

Rahrayan WP SMS PLUGIN

rahrayan-wp-sms

این پلاگین توسط شرکت مهندسی ره رایان برای وردپرس و ووکامرس نوشته شده و به شما اجازه می‌دهد پنل پیامک را به وب سایت و فروشگاه اینترنتی خود متصل کنید.

10 No CVEs

Newsletters, Email Marketing, SMS and Popups by Omnisend

omnisend

100

Newsletters, Email Marketing, Email Automation, Forms, Pop Up, SMS by Omnisend

100K No CVEs

Developer Profile

Melipayamak Developer Profile

melipayamak

1 plugin · 500 total installs

trust score

Avg Security Score

63/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Melipayamak

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/melipayamak/js/admin.js/wp-content/plugins/melipayamak/js/jquery.script.js/wp-content/plugins/melipayamak/css/admin.css/wp-content/plugins/melipayamak/css/admin_rtl.css/wp-content/plugins/melipayamak/js/jquery.maskedinput.min.js/wp-content/plugins/melipayamak/js/persian_datepicker.js/wp-content/plugins/melipayamak/js/persian_datepicker_init.js/wp-content/plugins/melipayamak/js/sms.js

Generator Patterns

Melipayamak v2.2.12

Script Paths

js/admin.jsjs/jquery.script.jsjs/jquery.maskedinput.min.jsjs/persian_datepicker.jsjs/persian_datepicker_init.jsjs/sms.js

Version Parameters

melipayamak/css/admin.css?ver=melipayamak/css/admin_rtl.css?ver=melipayamak/js/admin.js?ver=melipayamak/js/jquery.script.js?ver=melipayamak/js/jquery.maskedinput.min.js?ver=melipayamak/js/persian_datepicker.js?ver=melipayamak/js/persian_datepicker_init.js?ver=melipayamak/js/sms.js?ver=

HTML / DOM Fingerprints

CSS Classes

melipayamak_admin_formmelipayamak_admin_divmelipayamak_panel

HTML Comments

+18 more

Data Attributes

data-noncedata-action

JS Globals

melipayamak_ajaxurlmelipayamak_nonce

Shortcode Output

melipayamak_message

FAQ