WP-Safety

MessengerOS for WooCommerce Security & Risk Analysis

wordpress.org/plugins/messengeros-for-woocommerce

Collect subscribers and export products to MessengerOS Email & SMS Marketing Platform.

0 active installs v2.0.0 PHP 7.4+ WP 5.3+ Updated Mar 11, 2026
automationecommerceemail-marketingnewslettersms-marketing
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is MessengerOS for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

MessengerOS for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The "messengeros-for-woocommerce" plugin version 2.0.0 exhibits a generally strong security posture, with several positive indicators. The plugin makes good use of prepared statements for all SQL queries, and nearly all output is properly escaped. It also includes a healthy number of nonce and capability checks, mitigating common attack vectors. The absence of known CVEs and past vulnerabilities is a significant strength, suggesting a history of responsible development and maintenance.

However, there are a couple of areas that warrant attention. The presence of two AJAX handlers without authentication checks represents a direct attack vector that could potentially be exploited if user-supplied data is not rigorously validated and sanitized within these handlers. Furthermore, the taint analysis revealed two flows with unsanitized paths, which, while not classified as critical or high severity in this analysis, indicate potential areas where sensitive data could be mishandled or lead to unintended consequences if exploited in conjunction with other factors.

Overall, while the plugin benefits from a clean vulnerability history and good internal practices like prepared statements and output escaping, the unprotected AJAX handlers and the identified unsanitized paths are specific security concerns that should be addressed to further harden its security. The large number of external HTTP requests also presents a potential risk if the plugin relies on external services that could be compromised or become unavailable.

Key Concerns

  • AJAX handlers without auth checks
  • Flows with unsanitized paths in taint analysis
Vulnerabilities
None known

MessengerOS for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

MessengerOS for WooCommerce Release Timeline

v2.0.0Current
v1.0.2
v1.0.1
Code Analysis
Analyzed Apr 16, 2026

MessengerOS for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
6 prepared
Unescaped Output
6
233 escaped
Nonce Checks
11
Capability Checks
10
File Operations
0
External Requests
14
Bundled Libraries
0

SQL Query Safety

100% prepared6 total queries

Output Escaping

97% escaped239 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

5 flows2 with unsanitized paths
handle_oauth_callback (inc/oauth-handler.php:139)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

MessengerOS for WooCommerce Attack Surface

Entry Points15
Unprotected2

AJAX Handlers 13

authwp_ajax_messos_woocommerce_save_forms_settingsinc/admin-forms.php:23
authwp_ajax_messos_dashboard_refreshinc/class-dashboard-ajax-handler.php:33
authwp_ajax_messos_dashboard_get_sectioninc/class-dashboard-ajax-handler.php:34
authwp_ajax_messos_dashboard_clear_cacheinc/class-dashboard-ajax-handler.php:35
authwp_ajax_messengeros_woocommerce_dismiss_sync_noticeinc/initial-sync-handler.php:24
authwp_ajax_messos_woocommerce_disconnect_oauthinc/oauth-handler.php:32
authwp_ajax_messos_woocommerce_check_oauth_statusinc/oauth-handler.php:33
authwp_ajax_messos_woocommerce_sync_productsinc/product-sync.php:15
authwp_ajax_messos_woocommerce_sync_ordersinc/product-sync.php:16
authwp_ajax_messos_woocommerce_sync_customersinc/product-sync.php:17
authwp_ajax_messos_woocommerce_get_sync_statusinc/product-sync.php:18
authwp_ajax_messos_woocommerce_send_subscribermessengeros-for-woocommerce.php:224
noprivwp_ajax_messos_woocommerce_send_subscribermessengeros-for-woocommerce.php:225

REST API Routes 1

POST/wp-json/messengeros/v1/cart-automationinc/class-cart-automation-rest-endpoint.php:41

Shortcodes 1

[messos-woocommerce-newsletter-form] messengeros-for-woocommerce.php:226
WordPress Hooks 70
actionadmin_menuinc/admin-forms.php:20
actionadmin_initinc/admin-forms.php:21
actionadmin_enqueue_scriptsinc/admin-forms.php:22
actionadmin_menuinc/admin-product-sync.php:16
actionadmin_enqueue_scriptsinc/admin-product-sync.php:17
actionadmin_enqueue_scriptsinc/class-admin-dashboard.php:42
actionrest_api_initinc/class-cart-automation-rest-endpoint.php:34
actionwoocommerce_add_to_cartinc/class-cart-event-tracker.php:58
actionwoocommerce_remove_cart_iteminc/class-cart-event-tracker.php:59
actionwoocommerce_after_cart_item_quantity_updateinc/class-cart-event-tracker.php:60
actionwoocommerce_cart_item_removedinc/class-cart-event-tracker.php:63
actionwoocommerce_cart_item_restoredinc/class-cart-event-tracker.php:64
actionwoocommerce_before_cart_item_quantity_zeroinc/class-cart-event-tracker.php:65
actionwoocommerce_created_customerinc/class-customer-event-tracker.php:50
actionwoocommerce_update_customerinc/class-customer-event-tracker.php:53
actionprofile_updateinc/class-customer-event-tracker.php:54
actionwoocommerce_add_to_cartinc/class-event-hooks.php:19
actionwoocommerce_remove_cart_iteminc/class-event-hooks.php:20
actionwoocommerce_checkout_create_orderinc/class-event-hooks.php:23
actionwoocommerce_thankyouinc/class-event-hooks.php:24
actionuser_registerinc/class-event-hooks.php:27
actionwp_logininc/class-event-hooks.php:28
actionpre_get_postsinc/class-event-hooks.php:31
actionwp_footerinc/class-messengeros-event-tracker.php:48
actionwoocommerce_add_to_cartinc/class-messengeros-event-tracker.php:52
actionwoocommerce_remove_cart_iteminc/class-messengeros-event-tracker.php:53
actionwoocommerce_before_checkout_forminc/class-messengeros-event-tracker.php:54
actionwoocommerce_thankyouinc/class-messengeros-event-tracker.php:55
actionwoocommerce_after_single_productinc/class-messengeros-event-tracker.php:56
actionwp_logininc/class-messengeros-event-tracker.php:59
actionuser_registerinc/class-messengeros-event-tracker.php:60
actioninitinc/class-messengeros-event-tracker.php:261
actionwoocommerce_new_orderinc/class-order-event-tracker.php:50
actionwoocommerce_update_orderinc/class-order-event-tracker.php:53
actionwoocommerce_order_status_changedinc/class-order-event-tracker.php:56
actionwp_enqueue_scriptsinc/class-popup-injector.php:29
actionwoocommerce_new_productinc/class-product-event-tracker.php:57
actionwoocommerce_update_productinc/class-product-event-tracker.php:58
actionsave_post_productinc/class-product-event-tracker.php:61
actionwp_enqueue_scriptsinc/class-product-tracker.php:19
actionmessengeros_woocommerce_check_initial_syncinc/initial-sync-handler.php:14
actionmessengeros_woocommerce_perform_initial_syncinc/initial-sync-handler.php:15
actionmessengeros_woocommerce_oauth_connectedinc/initial-sync-handler.php:18
actionadmin_noticesinc/initial-sync-handler.php:21
actioninitinc/oauth-handler.php:30
actiontemplate_redirectinc/oauth-handler.php:31
actionmessos_woocommerce_check_token_validityinc/oauth-handler.php:36
actionmessos_woocommerce_scheduled_product_syncinc/product-sync.php:21
filtercron_schedulesinc/product-sync.php:30
actioninitinc/woocommerce-integration.php:14
actionwoocommerce_order_status_changedinc/woocommerce-integration.php:26
actionwoocommerce_new_orderinc/woocommerce-integration.php:27
actionwoocommerce_update_orderinc/woocommerce-integration.php:28
actionwoocommerce_created_customerinc/woocommerce-integration.php:31
actionwoocommerce_update_customerinc/woocommerce-integration.php:32
actionwoocommerce_update_productinc/woocommerce-integration.php:35
actionwoocommerce_new_productinc/woocommerce-integration.php:36
actionwoocommerce_delete_productinc/woocommerce-integration.php:37
actionadmin_noticesmessengeros-for-woocommerce.php:31
actionadmin_initmessengeros-for-woocommerce.php:32
actionmessos_woocommerce_send_webhookmessengeros-for-woocommerce.php:213
actioninitmessengeros-for-woocommerce.php:217
actionadmin_menumessengeros-for-woocommerce.php:219
actionadmin_initmessengeros-for-woocommerce.php:220
actionadmin_initmessengeros-for-woocommerce.php:221
actionadmin_enqueue_scriptsmessengeros-for-woocommerce.php:222
actionwp_enqueue_scriptsmessengeros-for-woocommerce.php:223
actionadmin_enqueue_scriptsmessengeros-for-woocommerce.php:227
filtersafe_style_cssmessengeros-for-woocommerce.php:228
actionadmin_initmessengeros-for-woocommerce.php:238

Scheduled Events 7

messengeros_woocommerce_perform_initial_sync
messengeros_woocommerce_check_initial_sync
messos_woocommerce_check_token_validity
messos_woocommerce_scheduled_product_sync
messos_woocommerce_scheduled_product_sync
messos_send_webhook
messengeros_woocommerce_check_initial_sync
Maintenance & Trust

MessengerOS for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedMar 11, 2026
PHP min version7.4
Downloads346

Community Trust

Rating100/100
Number of ratings1
Active installs0
Alternatives

MessengerOS for WooCommerce Alternatives

Smart Marketing SMS and Newsletters Forms

Smart Marketing SMS and Newsletters Forms

smart-marketing-for-wp

A
99

E-commerce Automation Engine: Product sync, Track & Engage, and abandoned cart recovery via Email and SMS for WooCommerce stores.

1K 2 CVEs
SureContact – Newsletters, Email Marketing, Automation, Revenue Tracking & CRM

SureContact – Newsletters, Email Marketing, Automation, Revenue Tracking & CRM

surecontact

A
100

Send newsletters, set up email automations, manage contacts and track ecommerce revenue in a CRM for WordPress.

700 No CVEs
Remarkety – eCommerce Marketing Automation Platform for WooCommerce

Remarkety – eCommerce Marketing Automation Platform for WooCommerce

remarkety-for-woocommerce

A
100

Send intelligent emails based on customer purchase history. Recover abandoned carts, send targeted newsletters and more. Free Trial!

70 No CVEs
EmailWish

EmailWish

emailwish

A
85

EmailWish is an email marketing solution designed for ecommerce, offering powerful automation tools to drive the growth of businesses of every size.

0 No CVEs
Email & SMS Marketing Automations powered by MessengerOS

Email & SMS Marketing Automations powered by MessengerOS

messengeros

A
100

Collect subscribers and send them automated welcome emails or newsletters using the MessengerOS Email & SMS Marketing Platform.

0 No CVEs
Developer Profile

MessengerOS for WooCommerce Developer Profile

Teodor Mincu

2 plugins · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect MessengerOS for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/messengeros-for-woocommerce/css/admin.css/wp-content/plugins/messengeros-for-woocommerce/css/frontend.css/wp-content/plugins/messengeros-for-woocommerce/js/admin.js/wp-content/plugins/messengeros-for-woocommerce/js/frontend.js
Script Paths
/wp-content/plugins/messengeros-for-woocommerce/js/admin.js/wp-content/plugins/messengeros-for-woocommerce/js/frontend.js
Version Parameters
messengeros-for-woocommerce/css/admin.css?ver=messengeros-for-woocommerce/css/frontend.css?ver=messengeros-for-woocommerce/js/admin.js?ver=messengeros-for-woocommerce/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
messengeros-admin-noticemessengeros-woocommerce-disconnectedmessengeros-woocommerce-connectedmessengeros-disconnected-statusmessengeros-connected-status
HTML Comments
<!-- MessengerOS for WooCommerce Admin Notice --><!-- MessengerOS for WooCommerce Disconnected Notice --><!-- MessengerOS for WooCommerce Connected Status -->
Data Attributes
data-messengeros-tracking-id
JS Globals
messengeros_tracking_data
REST Endpoints
/wp-json/messengeros/v1/cart-automation
FAQ

Frequently Asked Questions about MessengerOS for WooCommerce