WP-Safety

Marketing automation, Email and SMS for Woocommerce and WordPress Security & Risk Analysis

wordpress.org/plugins/message-business

Synchronize your Woocommerce clients and Wordpress visitors with Message Business application for Marketing automation, email marketing, sms marketing …

30 active installs v1.1.1 PHP 5.4.0+ WP 3.0.1+ Updated Unknown
autorepondeurautoresponderformulairemessage-businesstrigger
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Marketing automation, Email and SMS for Woocommerce and WordPress Safe to Use in 2026?

Generally Safe

Score 100/100

Marketing automation, Email and SMS for Woocommerce and WordPress has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The "message-business" v1.1.1 plugin exhibits a generally good security posture, with all identified entry points (AJAX handlers, cron events) appearing to have appropriate authorization checks. The plugin also demonstrates strong practices in output escaping, with a high percentage of outputs being properly handled, and it does not appear to make external HTTP requests, reducing its attack surface in that regard.

However, several areas raise concerns. The presence of the `unserialize` function is a significant risk, as it can lead to Remote Code Execution if it processes untrusted data. Additionally, the single SQL query found is not using prepared statements, which makes it vulnerable to SQL injection attacks. The taint analysis, while not reporting critical or high severity issues, did identify flows with unsanitized paths, suggesting a potential for vulnerabilities if these paths are exploited by malicious input.

The plugin's vulnerability history is a strong positive, with no recorded CVEs. This indicates a history of stable and secure development. Overall, while the lack of known vulnerabilities is reassuring, the presence of `unserialize` and raw SQL queries represents tangible security risks that should be addressed.

Key Concerns

  • Dangerous function "unserialize" found
  • SQL query not using prepared statements
  • Flows with unsanitized paths identified
Vulnerabilities
None known

Marketing automation, Email and SMS for Woocommerce and WordPress Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Marketing automation, Email and SMS for Woocommerce and WordPress Code Analysis

Dangerous Functions
4
Raw SQL Queries
1
0 prepared
Unescaped Output
30
211 escaped
Nonce Checks
2
Capability Checks
2
File Operations
4
External Requests
0
Bundled Libraries
1

Dangerous Functions Found

unserialize$session_value = unserialize( $session->session_value );includes\functions.php:276
unserialize$customer = unserialize( $session_value['customer']);includes\functions.php:284
unserialize$cart = unserialize( $session_value['cart']);includes\functions.php:287
unserialize$cart_totals = unserialize( $session_value['cart_totals'] );includes\functions.php:288

Bundled Libraries

Guzzle

SQL Query Safety

0% prepared1 total queries

Output Escaping

88% escaped241 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths
<message-business-admin-form-settings> (admin\partials\message-business-admin-form-settings.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Marketing automation, Email and SMS for Woocommerce and WordPress Attack Surface

Entry Points3
Unprotected0

AJAX Handlers 3

authwp_ajax_message_business_post_formwidget\message-business-newsletter-widget.php:17
noprivwp_ajax_message_business_post_formwidget\message-business-newsletter-widget.php:18
authwp_ajax_message_business_woocommerce_import_contactswoocommerce\message-business-woocommerce.php:34
WordPress Hooks 6
actionwp_loginincludes\functions.php:355
filtercron_schedulesincludes\functions.php:376
actionwp_enqueue_scriptswidget\message-business-newsletter-widget.php:14
actionwp_enqueue_scriptswidget\message-business-newsletter-widget.php:15
actionmessage_business_import_contactswoocommerce\message-business-woocommerce.php:35
actionwoocommerce_cart_updatedwoocommerce\message-business-woocommerce.php:36

Scheduled Events 1

message_business_import_contacts
Maintenance & Trust

Marketing automation, Email and SMS for Woocommerce and WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29
Last updatedUnknown
PHP min version5.4.0
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs30
Alternatives

Marketing automation, Email and SMS for Woocommerce and WordPress Alternatives

SG Autorepondeur Comment

SG Autorepondeur Comment

sg-autorepondeur-comment

A
85

A plugin which makes possible adding to your SG Autorepondeur Lists comment authors.

10 No CVEs
Missed Schedule Post Publisher

Missed Schedule Post Publisher

missed-schedule-post-publisher

A
100

🎯 Never miss scheduled posts again! Automatically publishes missed scheduled posts on time, every time. Zero bloat, single purpose, reliable.

6K No CVEs
Drip for WordPress

Drip for WordPress

email-marketing

A
85

Do you sell online? If so you need our new Drip for WooCommerce Plugin instead of this one. It includes your entire product catalog, order history int &hellip;

2K No CVEs
SendPulse Email Marketing Newsletter

SendPulse Email Marketing Newsletter

sendpulse-email-marketing-newsletter

A
96

Add a customizable email subscription form to your site, send newsletters, and automate email campaigns with autoresponders using SendPulse.

1K 3 CVEs
Simple Membership MailChimp Integration

Simple Membership MailChimp Integration

simple-membership-mailchimp-integration

A
100

An addon for the simple membership plugin to signup members to your MailChimp list

1K No CVEs
Developer Profile

Marketing automation, Email and SMS for Woocommerce and WordPress Developer Profile

msgbusiness

1 plugin · 30 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Marketing automation, Email and SMS for Woocommerce and WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/message-business/admin/css/message-business-admin.css/wp-content/plugins/message-business/admin/css/material-icons-font.css/wp-content/plugins/message-business/woocommerce/css/message-business-woocommerce.css/wp-content/plugins/message-business/admin/js/message-business-admin.js/wp-content/plugins/message-business/woocommerce/js/message-business-woocommerce.js
Script Paths
/wp-content/plugins/message-business/admin/js/message-business-admin.js/wp-content/plugins/message-business/woocommerce/js/message-business-woocommerce.js
Version Parameters
message-business/admin/css/message-business-admin.css?ver=message-business/woocommerce/css/message-business-woocommerce.css?ver=message-business/admin/js/message-business-admin.js?ver=message-business/woocommerce/js/message-business-woocommerce.js?ver=

HTML / DOM Fingerprints

CSS Classes
message-business-settings-page
Data Attributes
data-message-business-url
JS Globals
message_business_woocommerce_ajax_object
REST Endpoints
/wp-json/message-business/v1/get-countries/wp-json/message-business/v1/import-contacts-from-woocommerce/wp-json/message-business/v1/get-available-plans/wp-json/message-business/v1/apply-plan/wp-json/message-business/v1/get-message-business-account-status/wp-json/message-business/v1/send-test-sms
FAQ

Frequently Asked Questions about Marketing automation, Email and SMS for Woocommerce and WordPress