WP-Safety

miniOrange OTP Verification and SMS Notification for WooCommerce Security & Risk Analysis

wordpress.org/plugins/miniorange-sms-order-notification-otp-verification

OTP Verification via SMS, Email,or WhatsApp, and SMS Order Notifications, Vendor Notifications for WooCommerce.OTP Login and registration with Phone →

100 active installs v4.4.0 PHP 5.3.0+ WP 3.5+ Updated Mar 20, 2026
otpotp-verificationphone-verificationsms-order-notificationswoocommerce-notifications
99
A · Safe
CVEs total1
Unpatched0
Last CVEJan 9, 2026
Plugin page Download
Safety Verdict

Is miniOrange OTP Verification and SMS Notification for WooCommerce Safe to Use in 2026?

Generally Safe

Score 99/100

miniOrange OTP Verification and SMS Notification for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Jan 9, 2026Updated 2mo ago
Risk Assessment

The "miniorange-sms-order-notification-otp-verification" plugin exhibits a generally good security posture with several positive indicators. The complete absence of raw SQL queries, 100% proper output escaping, and a significant number of nonce and capability checks suggest developers have implemented robust security practices in key areas. The fact that there are no currently unpatched CVEs is also a positive sign.

However, a notable concern arises from the static analysis revealing one AJAX handler without proper authentication checks. This creates a potential entry point for attackers to exploit if not properly secured at the application level or through other means. The presence of three flows with unsanitized paths in the taint analysis, even without critical or high severity, warrants investigation as it could indicate areas where user input might not be sufficiently validated, potentially leading to unexpected behavior or vulnerabilities if combined with other weaknesses.

The plugin has one past medium severity vulnerability, noted as 'Missing Authorization'. While it is currently patched, this historical pattern, coupled with the identified unprotected AJAX handler, suggests that authorization checks are an area that requires consistent vigilance for this plugin. Overall, while the plugin demonstrates strengths in several critical security areas, the identified unprotected entry point and past authorization issues indicate a need for continued attention to access control.

Key Concerns

  • AJAX handler without authentication check
  • Flows with unsanitized paths detected
  • Past medium vulnerability (Missing Authorization)
Vulnerabilities
1 published

miniOrange OTP Verification and SMS Notification for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-14948medium · 5.3Missing Authorization

miniOrange OTP Verification and SMS Notification for WooCommerce <= 4.3.8 - Missing Authorization to Unauthenticated Notification Settings Modification

Jan 9, 2026 Patched in 4.3.9 (1d)
Version History

miniOrange OTP Verification and SMS Notification for WooCommerce Release Timeline

v4.4.0Current
v4.3.9
v4.3.81 CVE
CVE-2025-14948
v4.3.71 CVE
CVE-2025-14948
v4.3.61 CVE
CVE-2025-14948
v4.3.51 CVE
CVE-2025-14948
v4.3.41 CVE
CVE-2025-14948
v4.3.31 CVE
CVE-2025-14948
v4.3.21 CVE
CVE-2025-14948
v4.3.11 CVE
CVE-2025-14948
v4.3.01 CVE
CVE-2025-14948
v4.2.51 CVE
CVE-2025-14948
v4.2.41 CVE
CVE-2025-14948
v4.2.31 CVE
CVE-2025-14948
v4.2.21 CVE
CVE-2025-14948
v4.2.11 CVE
CVE-2025-14948
v4.2.01 CVE
CVE-2025-14948
v4.1.11 CVE
CVE-2025-14948
v4.1.01 CVE
CVE-2025-14948
v4.0.31 CVE
CVE-2025-14948
Code Analysis
Analyzed Mar 16, 2026

miniOrange OTP Verification and SMS Notification for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
20 prepared
Unescaped Output
2
657 escaped
Nonce Checks
51
Capability Checks
34
File Operations
0
External Requests
6
Bundled Libraries
0

SQL Query Safety

100% prepared20 total queries

Output Escaping

100% escaped659 total outputs
Data Flows · Security
3 unsanitized

Data Flow Analysis

5 flows3 with unsanitized paths
get_wc_otp_verification_form_dropdown (views\common-elements.php:221)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

miniOrange OTP Verification and SMS Notification for WooCommerce Attack Surface

Entry Points6
Unprotected1

AJAX Handlers 6

authwp_ajax_mo_dismiss_noticehandler\class-moactionhandlerhandler.php:47
noprivwp_ajax_miniorange_wc_vp_reg_verifyhandler\forms\class-woocommerceproductvendors.php:66
authwp_ajax_mo-admin-checkhandler\forms\class-wploginform.php:157
noprivwp_ajax_mo-admin-checkhandler\forms\class-wploginform.php:158
authwp_ajax_wa_miniorange_check_pricinghelper\class-transactioncost.php:1489
authwp_ajax_miniorange_check_sms_pricinghelper\class-transactioncost.php:1490
WordPress Hooks 82
actionplugins_loadedclass-mowcinit.php:64
actionadmin_menuclass-mowcinit.php:65
actionadmin_enqueue_scriptsclass-mowcinit.php:66
actionadmin_enqueue_scriptsclass-mowcinit.php:67
actionwp_enqueue_scriptsclass-mowcinit.php:68
actionlogin_enqueue_scriptsclass-mowcinit.php:69
actionmowc_registration_show_messageclass-mowcinit.php:70
actionhourly_syncclass-mowcinit.php:71
actionadmin_footerclass-mowcinit.php:72
filterwp_mail_from_nameclass-mowcinit.php:73
filterplugin_row_metaclass-mowcinit.php:74
actionwp_enqueue_scriptsclass-mowcinit.php:75
actioninithandler\class-formactionhandler.php:41
actionmowc_validate_otphandler\class-formactionhandler.php:42
actionmowc_generate_otphandler\class-formactionhandler.php:43
filtermo_filter_phone_before_api_callhandler\class-formactionhandler.php:44
actionadmin_inithandler\class-moactionhandlerhandler.php:40
actionadmin_inithandler\class-moactionhandlerhandler.php:41
actionadmin_inithandler\class-moactionhandlerhandler.php:42
filterdashboard_glance_itemshandler\class-moactionhandlerhandler.php:43
actionadmin_post_miniorange_get_form_detailshandler\class-moactionhandlerhandler.php:44
actionadmin_post_miniorange_get_gateway_confighandler\class-moactionhandlerhandler.php:45
actionadmin_noticeshandler\class-moactionhandlerhandler.php:46
actionadmin_inithandler\class-moregistrationhandler.php:38
actionwoocommerce_edit_account_formhandler\forms\class-wcprofileform.php:73
actionwoocommerce_save_account_details_errorshandler\forms\class-wcprofileform.php:76
actionwp_enqueue_scriptshandler\forms\class-wcprofileform.php:77
filterwoocommerce_process_myaccount_field_billing_emailhandler\forms\class-woocommercebilling.php:64
filterwoocommerce_process_myaccount_field_billing_phonehandler\forms\class-woocommercebilling.php:66
actionwoocommerce_after_checkout_billing_formhandler\forms\class-woocommercecheckoutform.php:135
actionwoocommerce_review_order_after_submithandler\forms\class-woocommercecheckoutform.php:136
actionwoocommerce_after_checkout_billing_formhandler\forms\class-woocommercecheckoutform.php:138
actionwoocommerce_thankyouhandler\forms\class-woocommercecheckoutform.php:142
filterwoocommerce_checkout_posted_datahandler\forms\class-woocommercecheckoutform.php:145
actionwp_enqueue_scriptshandler\forms\class-woocommercecheckoutform.php:146
actionwoocommerce_after_checkout_validationhandler\forms\class-woocommercecheckoutform.php:147
actionwp_enqueue_scriptshandler\forms\class-woocommercecheckoutnew.php:83
actionwoocommerce_store_api_checkout_order_processedhandler\forms\class-woocommercecheckoutnew.php:84
actionwcpv_registration_formhandler\forms\class-woocommerceproductvendors.php:65
filterwcpv_shortcode_registration_form_validation_errorshandler\forms\class-woocommerceproductvendors.php:67
actionwp_enqueue_scriptshandler\forms\class-woocommerceproductvendors.php:68
filterwoocommerce_process_registration_errorshandler\forms\class-woocommerceregistrationform.php:83
actionwoocommerce_created_customerhandler\forms\class-woocommerceregistrationform.php:84
filterwoocommerce_registration_redirecthandler\forms\class-woocommerceregistrationform.php:85
actionwoocommerce_register_formhandler\forms\class-woocommerceregistrationform.php:88
actionwcmp_vendor_register_formhandler\forms\class-woocommerceregistrationform.php:89
actionwoocommerce_register_formhandler\forms\class-woocommerceregistrationform.php:92
actionwcmp_vendor_register_formhandler\forms\class-woocommerceregistrationform.php:93
actionwp_enqueue_scriptshandler\forms\class-woocommerceregistrationform.php:94
actionlogin_enqueue_scriptshandler\forms\class-wploginform.php:138
actionwp_enqueue_scriptshandler\forms\class-wploginform.php:139
filterauthenticatehandler\forms\class-wploginform.php:155
actionadmin_noticeshelper\class-modisplaymessages.php:44
actionadmin_enqueue_scriptshelper\class-movisualtour.php:50
actionbefore_woocommerce_initminiorange_validation_settings.php:31
actionmo_otp_verification_delete_addon_optionsnotifications\formsmsnotification\class-formsubmissionsmsnotification.php:46
actionwpcf7_before_send_mailnotifications\formsmsnotification\handler\class-formsmsnotificationshandler.php:65
actionwpforms_ajax_submit_completednotifications\formsmsnotification\handler\class-formsmsnotificationshandler.php:66
actionninja_forms_after_submissionnotifications\formsmsnotification\handler\class-formsmsnotificationshandler.php:67
actionadmin_initnotifications\formsmsnotification\handler\class-formsmsnotificationshandler.php:68
actionmo_otp_verification_delete_addon_optionsnotifications\wcsmsnotification\class-woocommercesmsnotification.php:39
actionadmin_enqueue_scriptsnotifications\wcsmsnotification\handler\class-woocommercenotifications.php:63
actionadmin_enqueue_scriptsnotifications\wcsmsnotification\handler\class-woocommercenotifications.php:64
actionwoocommerce_created_customer_notificationnotifications\wcsmsnotification\handler\class-woocommercenotifications.php:74
actionwoocommerce_new_customer_note_notificationnotifications\wcsmsnotification\handler\class-woocommercenotifications.php:75
actionwoocommerce_order_status_changednotifications\wcsmsnotification\handler\class-woocommercenotifications.php:76
actionwoocommerce_order_status_changednotifications\wcsmsnotification\handler\class-woocommercenotifications.php:77
actionadmin_initnotifications\wcsmsnotification\handler\class-woocommercenotifications.php:79
actionadd_meta_boxesnotifications\wcsmsnotification\handler\class-woocommercenotifications.php:80
actionmo_otp_verification_add_on_controllerobjects\class-baseaddon.php:29
actionadmin_initobjects\class-formhandler.php:231
actioninitobjects\class-formhandler.php:237
filtermowc_phone_dropdown_selectorobjects\class-formhandler.php:239
actionmowc_otp_verification_successfulobjects\class-formhandler.php:244
actionmowc_otp_verification_failedobjects\class-formhandler.php:246
actionmowc_unset_session_variableobjects\class-formhandler.php:248
filtermowc_is_ajax_formobjects\class-formhandler.php:251
filtermowc_is_login_or_social_formobjects\class-formhandler.php:253
filtermo_template_defaultsobjects\class-template.php:163
filtermo_template_buildobjects\class-template.php:164
actionadmin_post_mo_preview_popupobjects\class-template.php:165
actionadmin_post_mo_popup_saveobjects\class-template.php:166

Scheduled Events 1

hourlySync
Maintenance & Trust

miniOrange OTP Verification and SMS Notification for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 20, 2026
PHP min version5.3.0
Downloads9K

Community Trust

Rating100/100
Number of ratings6
Active installs100
Alternatives

miniOrange OTP Verification and SMS Notification for WooCommerce Alternatives

miniOrange OTP Login, Verification and SMS Notifications

miniOrange OTP Login, Verification and SMS Notifications

miniorange-otp-verification

A
100

OTP Verification via Email/SMS/WhatsApp,SMS Notifications for WooCommerce,OTP Login with Phone,PasswordLess Login.Custom Gateway for OTP Verification

6K 1 CVE
SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery

SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery

sms-alert

B
82

Send WooCommerce SMS notifications, OTP verification, abandoned cart recovery alerts, and real-time order updates to customers and admins.

4K 13 CVEs
Alpha SMS

Alpha SMS

alpha-sms

A
100

Connect your WordPress and WooCommerce store to Alpha SMS for OTP verification and order notifications in Bangladesh.

100 No CVEs
Authyo OTP for Contact Form 7

Authyo OTP for Contact Form 7

authyo-otp-for-contact-form-7

A
100

Adds OTP verification (Email, SMS, WhatsApp, Voice Call) and Google Sheets Integration (with Multi-Sheet support) to Contact Form 7.

10 No CVEs
Authyo OTP for WPForms

Authyo OTP for WPForms

authyo-otp-for-wpforms

A
100

Adds email and phone number OTP verification to WPForms with support for SMS, WhatsApp, and Voice.

10 No CVEs
Developer Profile

miniOrange OTP Verification and SMS Notification for WooCommerce Developer Profile

miniOrange

41 plugins · 83K total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
324 days
View full developer profile
Detection Fingerprints

How We Detect miniOrange OTP Verification and SMS Notification for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/miniorange-sms-order-notification-otp-verification/css/style.css/wp-content/plugins/miniorange-sms-order-notification-otp-verification/css/inttelinput.css/wp-content/plugins/miniorange-sms-order-notification-otp-verification/css/main.css
Script Paths
/wp-content/plugins/miniorange-sms-order-notification-otp-verification/js/script.js/wp-content/plugins/miniorange-sms-order-notification-otp-verification/js/form-validation.js/wp-content/plugins/miniorange-sms-order-notification-otp-verification/js/inttelinput.js
Version Parameters
miniorange-sms-order-notification-otp-verification/css/style.css?ver=miniorange-sms-order-notification-otp-verification/css/inttelinput.css?ver=miniorange-sms-order-notification-otp-verification/css/main.css?ver=miniorange-sms-order-notification-otp-verification/js/script.js?ver=miniorange-sms-order-notification-otp-verification/js/form-validation.js?ver=miniorange-sms-order-notification-otp-verification/js/inttelinput.js?ver=

HTML / DOM Fingerprints

CSS Classes
mowc_customer_validation_admin_settings_stylemowc_customer_validation_inttelinput_stylemowc_main_stylemowc_customer_validation_admin_settings_scriptmowc_customer_validation_form_validation_scriptmowc_customer_validation_inttelinput_script
JS Globals
moselecteddropdown
FAQ

Frequently Asked Questions about miniOrange OTP Verification and SMS Notification for WooCommerce