Does MoceanAPI SendSMS have any unpatched vulnerabilities?

No. All known vulnerabilities in MoceanAPI SendSMS have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is MoceanAPI SendSMS compatible with WordPress 6.0.11?

According to WordPress.org data, MoceanAPI SendSMS 1.4.11 has been tested up to WordPress 6.0.11. Check the plugin's changelog for the latest compatibility information.

How often is MoceanAPI SendSMS updated?

MoceanAPI SendSMS was last updated on Mar 12, 2024. Frequent updates are generally a positive security signal.

What is MoceanAPI SendSMS's security score?

MoceanAPI SendSMS has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

MoceanAPI SendSMS Security & Risk Analysis

wordpress.org/plugins/moceanapi-sendsms

A plugin to send SMS notification to your wordpress users

10 active installs v1.4.11 PHP + WP 3.8+ Updated Mar 12, 2024

messagingmoceanmoceanapisend-smssms

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is MoceanAPI SendSMS Safe to Use in 2026?

Generally Safe

Score 85/100

MoceanAPI SendSMS has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The moceanapi-sendsms plugin exhibits a generally good security posture with no known past vulnerabilities. Static analysis indicates a minimal attack surface, with no AJAX handlers, REST API routes, shortcodes, or cron events directly exposed without authentication. The code also demonstrates a commitment to secure coding practices, with a high percentage of SQL queries using prepared statements and output escaping. However, there are significant concerns highlighted by the taint analysis, specifically the presence of two high-severity flows with unsanitized paths. This suggests potential vulnerabilities where untrusted input could be used in a dangerous way, even though they did not reach critical severity. Additionally, the complete absence of nonce checks is a notable weakness, especially for a plugin that might handle sensitive operations, leaving it susceptible to CSRF attacks if any of its (currently non-existent) entry points were to be exploited.

While the plugin has a clean vulnerability history, the taint analysis findings cannot be ignored. The high number of unsanitized paths (7 out of 8 flows) indicates a pervasive issue in how external data is handled, and the two high-severity flows are a direct warning sign. The lack of nonce checks further compounds this by omitting a fundamental security control for web applications. The plugin's strengths lie in its limited attack surface and good practices in SQL and output handling. However, the identified taint issues and missing nonce checks represent significant areas of risk that require immediate attention and remediation to ensure a robust security posture.

Key Concerns

High severity taint flows with unsanitized paths
Flows with unsanitized paths detected
Missing nonce checks on all entry points
Bundled library Freemius v1.0 (potential outdated version)

Vulnerabilities

None known

MoceanAPI SendSMS Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

MoceanAPI SendSMS Code Analysis

Dangerous Functions

Raw SQL Queries

8 prepared

Unescaped Output

106 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Freemius1.0

SQL Query Safety

80% prepared10 total queries

Output Escaping

80% escaped132 total outputs

Data Flows

7 unsanitized

Data Flow Analysis

8 flows7 with unsanitized paths

mapi_send_sms (admin\sendsms.php:31)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

MoceanAPI SendSMS Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 112

filtermoceansms_setting_sectionadmin\automation.php:13

filtermoceansms_setting_fieldsadmin\automation.php:14

actionmoceansms_load_javascriptsadmin\automation.php:15

actionadmin_initadmin\class-moceansms-woocommerce-setting.php:19

actionadmin_initadmin\class-moceansms-woocommerce-setting.php:20

actionadmin_menuadmin\class-moceansms-woocommerce-setting.php:22

actionmoceansms_setting_fields_custom_htmladmin\class-moceansms-woocommerce-setting.php:23

actioninitadmin\class-moceansms-woocommerce-setting.php:25

actionmoceansms_check_domainadmin\class-moceansms-woocommerce-setting.php:26

filtermoceansms_setting_fieldsadmin\class-moceansms-woocommerce-setting.php:28

filtermoceansms_setting_sectionadmin\help.php:12

filtermoceansms_setting_fieldsadmin\help.php:13

actionmoceansms_setting_fields_custom_htmladmin\help.php:14

filtermoceansms_setting_sectionadmin\logs.php:12

filtermoceansms_setting_fieldsadmin\logs.php:13

actionmoceansms_setting_fields_custom_htmladmin\logs.php:14

filtermoceansms_setting_sectionadmin\sendsms.php:14

filtermoceansms_setting_fieldsadmin\sendsms.php:15

actionmoceansms_load_javascriptsadmin\sendsms.php:16

actionregister_formadmin\sendsms.php:17

actionregister_formadmin\sendsms.php:18

actionregister_postadmin\sendsms.php:19

actionuser_registeradmin\sendsms.php:20

actionshow_user_profileadmin\sendsms.php:21

actionedit_user_profileadmin\sendsms.php:22

actionpersonal_options_updateadmin\sendsms.php:23

actionedit_user_profile_updateadmin\sendsms.php:24

actionuser_profile_update_errorsadmin\sendsms.php:25

actionadmin_post_moceansms_sms_formadmin\sendsms.php:26

actionadmin_noticesadmin\sendsms.php:27

filterremovable_query_argsadmin\sendsms.php:28

filtermoceansms_setting_sectionadmin\smsoutbox.php:12

filtermoceansms_setting_fieldsadmin\smsoutbox.php:13

actionmoceansms_setting_fields_custom_htmladmin\smsoutbox.php:14

actionshow_user_profileincludes\abstraction\abstract-moceansms-multivendor.php:22

actionedit_user_profileincludes\abstraction\abstract-moceansms-multivendor.php:23

actionpersonal_options_updateincludes\abstraction\abstract-moceansms-multivendor.php:25

actionedit_user_profile_updateincludes\abstraction\abstract-moceansms-multivendor.php:26

filterconnect_message_on_updateincludes\class-moceansms-freemius.php:7

filterconnect_messageincludes\class-moceansms-freemius.php:8

actionadmin_enqueue_scriptsincludes\class-moceansms-woocommerce-frontend-scripts.php:11

actioninitincludes\class-moceansms-woocommerce-frontend-scripts.php:12

actionwp_dashboard_setupincludes\class-moceansms-woocommerce-widget.php:21

actionshow_user_profileincludes\multivendor\abstract\abstract-moceansms-multivendor.php:31

actionedit_user_profileincludes\multivendor\abstract\abstract-moceansms-multivendor.php:32

actionpersonal_options_updateincludes\multivendor\abstract\abstract-moceansms-multivendor.php:34

actionedit_user_profile_updateincludes\multivendor\abstract\abstract-moceansms-multivendor.php:35

filtermoceansms_setting_sectionincludes\multivendor\admin\class-moceansms-multivendor-setting.php:5

filtermoceansms_setting_fieldsincludes\multivendor\admin\class-moceansms-multivendor-setting.php:6

actionmoceansms_setting_fields_custom_htmlincludes\multivendor\admin\class-moceansms-multivendor-setting.php:7

filtermoceansms_setting_fieldsincludes\multivendor\admin\class-moceansms-multivendor-setting.php:9

actionarm_cancel_subscription_gateway_actionincludes\plugins\MoceanARMemberLite.php:39

actionarm_after_user_plan_changeincludes\plugins\MoceanARMemberLite.php:40

actionarm_after_user_plan_change_by_adminincludes\plugins\MoceanARMemberLite.php:41

actionarm_after_user_plan_renewincludes\plugins\MoceanARMemberLite.php:42

actionarm_after_user_plan_renew_by_adminincludes\plugins\MoceanARMemberLite.php:43

actionarm_cancel_subscription_gateway_actionincludes\plugins\MoceanARMemberPremium.php:39

actionarm_after_user_plan_changeincludes\plugins\MoceanARMemberPremium.php:40

actionarm_after_user_plan_change_by_adminincludes\plugins\MoceanARMemberPremium.php:41

actionarm_after_user_plan_renewincludes\plugins\MoceanARMemberPremium.php:42

actionarm_after_user_plan_renew_by_adminincludes\plugins\MoceanARMemberPremium.php:43

actionbookit_appointment_status_changedincludes\plugins\MoceanBookIt.php:27

actionfat_after_update_booking_statusincludes\plugins\MoceanFATService.php:25

actionfluentcrm_subscriber_status_to_unsubscribedincludes\plugins\MoceanFluentCRM.php:31

actionfluentcrm_subscriber_status_to_subscribedincludes\plugins\MoceanFluentCRM.php:32

actionfluentcrm_subscriber_status_to_pendingincludes\plugins\MoceanFluentCRM.php:33

actiongroundhogg/contact/preferences/updatedincludes\plugins\MoceanGroundhoggCRM.php:31

actionzbs_new_customerincludes\plugins\MoceanJetpackCRM.php:31

actionlatepoint_booking_status_changedincludes\plugins\MoceanLatePoint.php:25

actionmm_member_membership_changeincludes\plugins\MoceanMemberMouse.php:30

actionmm_member_status_changeincludes\plugins\MoceanMemberMouse.php:31

actionmm_bundles_addincludes\plugins\MoceanMemberMouse.php:32

actionmm_bundles_status_changeincludes\plugins\MoceanMemberMouse.php:33

actionmm_payment_receivedincludes\plugins\MoceanMemberMouse.php:34

actionmm_payment_rebillincludes\plugins\MoceanMemberMouse.php:35

actionmm_payment_rebill_declinedincludes\plugins\MoceanMemberMouse.php:36

actionmm_refund_issuedincludes\plugins\MoceanMemberMouse.php:37

actionmepr-txn-transition-statusincludes\plugins\MoceanMemberPress.php:43

actionmepr_subscription_transition_statusincludes\plugins\MoceanMemberPress.php:44

actionmepr-event-transaction-completedincludes\plugins\MoceanMemberPress.php:45

actionmepr-event-transaction-expiredincludes\plugins\MoceanMemberPress.php:46

actionmepr-event-transaction-refundedincludes\plugins\MoceanMemberPress.php:47

actionmepr-event-recurring-transaction-failedincludes\plugins\MoceanMemberPress.php:48

actionmepr-event-subscription-createdincludes\plugins\MoceanMemberPress.php:49

actionmepr-event-subscription-pausedincludes\plugins\MoceanMemberPress.php:50

actionmepr-event-subscription-resumedincludes\plugins\MoceanMemberPress.php:51

actionmepr-event-subscription-stoppedincludes\plugins\MoceanMemberPress.php:52

actionqrr_booking_changed_stateincludes\plugins\MoceanQuickRestaurantReservation.php:27

actionsave_post_qrr_bookingincludes\plugins\MoceanQuickRestaurantReservation.php:28

filterrtb_insert_bookingincludes\plugins\MoceanRestaurantReservation.php:27

filterrtb_update_bookingincludes\plugins\MoceanRestaurantReservation.php:28

actioninitincludes\plugins\MoceanS2Member.php:26

actionswpm_payment_ipn_processedincludes\plugins\MoceanSimpleMembership.php:41

actionswpm_recurring_payment_receivedincludes\plugins\MoceanSimpleMembership.php:42

actionswpm_subscription_payment_cancelledincludes\plugins\MoceanSimpleMembership.php:43

actionerp_create_new_peopleincludes\plugins\MoceanWpERP.php:33

filterconnect_urlmoceansms-woocommerce.php:63

filterafter_skip_urlmoceansms-woocommerce.php:64

filterafter_connect_urlmoceansms-woocommerce.php:65

filterafter_pending_connect_urlmoceansms-woocommerce.php:66

actionplugins_loadedmoceansms-woocommerce.php:78

filterwpcf7_validate_telsrc\Forms\Handlers\ContactForm7.php:16

filterwpcf7_validate_tel*src\Forms\Handlers\ContactForm7.php:17

filterwpcf7_validate_mocean_phonesrc\Forms\Handlers\ContactForm7.php:18

filterwpcf7_validate_mocean_phone*src\Forms\Handlers\ContactForm7.php:19

filterwpcf7_messagessrc\Forms\Handlers\ContactForm7.php:20

filterwpcf7_editor_panelssrc\Forms\Handlers\ContactForm7.php:22

actionwpcf7_admin_initsrc\Forms\Handlers\ContactForm7.php:24

actionwpcf7_after_savesrc\Forms\Handlers\ContactForm7.php:25

actionwpcf7_before_send_mailsrc\Forms\Handlers\ContactForm7.php:26

actionwpcf7_initsrc\Forms\Handlers\ContactForm7.php:28

actionwpcf7_admin_noticessrc\Forms\Handlers\ContactForm7.php:29

Maintenance & Trust

MoceanAPI SendSMS Maintenance & Trust

Maintenance Signals

WordPress version tested6.0.11

Last updatedMar 12, 2024

PHP min version

Downloads5K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

MoceanAPI SendSMS Alternatives

Abandoned cart SMS reminders and SMS campaigns – CartFox

cartfox

Dynamic SMS abandoned cart reminders with coupons, post-purchase campaigns and various options for SMS campaigns. Available for 58 languages worldwide …

300 No CVEs

ClickSend SMS Woo Integration

clicksendsms

ClickSend SMS Woo Integration helps to send transactions & promotional sms to wooCommerce store owners.

100 No CVEs

text message sms plugin

text-message

text message by biz text lets your website receive and send text messages. reply to text messages from a pc or forward messages to your mobile phone.

100 No CVEs

Branded SMS Pakistan

branded-sms-pakistan

100

Branded SMS Pakistan - WooCommerce plugin will allow you to send Branded or Short Code SMS notification automatically for orders placed in WooCommerce …

50 No CVEs

MoceanAPI Order SMS Notification for WooCommerce

moceansms-order-sms-notification-for-woocommerce

100

A plugin to send SMS notification to both buyer and seller after an order is placed in WooCommerce. SMS notification can be sent on all order statuses …

50 No CVEs

Developer Profile

MoceanAPI SendSMS Developer Profile

moceanapiplugin

4 plugins · 60 total installs

trust score

Avg Security Score

89/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect MoceanAPI SendSMS

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Script Paths

/wp-content/plugins/moceanapi-sendsms/moceanapi-sendsms.php/wp-content/plugins/moceanapi-sendsms/includes/class-moceansms-automations.php/wp-content/plugins/moceanapi-sendsms/includes/plugins/MoceanARMemberLite.php/wp-content/plugins/moceanapi-sendsms/includes/plugins/MoceanWooCommerce.php

HTML / DOM Fingerprints

CSS Classes

moceansms-open-keyword

Data Attributes

data-attr-typedata-attr-target

FAQ