WP-Safety

Movider SMS Notifications Security & Risk Analysis

wordpress.org/plugins/movider-sms-notifications

Send SMS updates to customers when their order status is updated and receive an SMS message when a customer places a new order.

0 active installs v1.0 PHP + WP + Updated Jun 25, 2020
sms-notification-plugin
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Movider SMS Notifications Safe to Use in 2026?

Generally Safe

Score 85/100

Movider SMS Notifications has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago
Risk Assessment

The movider-sms-notifications v1.0 plugin exhibits a concerning security posture due to a significant number of unprotected entry points. While it demonstrates good practices in other areas, such as the absence of dangerous functions and file operations, and a high percentage of properly escaped output, the 3 AJAX handlers without authentication checks represent a critical weakness. The lack of performed taint analysis is a limitation, but the presence of 3 capability checks on these handlers suggests an attempt at authorization, albeit implemented in a way that is bypassed if the AJAX calls lack proper nonce verification (which is also not explicitly checked on all entry points).

The vulnerability history is clean, with no recorded CVEs. This is a positive indicator, suggesting that the plugin has not been a target or has historically been developed with security in mind. However, the absence of past vulnerabilities does not guarantee future security, especially when combined with the identified attack surface. The plugin's strengths lie in its careful handling of SQL queries and output, and the presence of a nonce check, albeit its effectiveness is diminished by the lack of authorization on all AJAX handlers.

In conclusion, the primary risk stems from the unprotected AJAX handlers. While the plugin has positive security attributes, these entry points present a clear opportunity for unauthorized actions if an attacker can trigger them. The lack of comprehensive taint analysis and the specific implementation of capability checks on the AJAX handlers warrant further investigation, but the immediate concern is the exposed AJAX functionality.

Key Concerns

  • 3 AJAX handlers without auth checks
  • Limited auth checks on entry points
Vulnerabilities
None known

Movider SMS Notifications Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Movider SMS Notifications Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
1
45 escaped
Nonce Checks
1
Capability Checks
3
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

98% escaped46 total outputs
Attack Surface
3 unprotected

Movider SMS Notifications Attack Surface

Entry Points3
Unprotected3

AJAX Handlers 3

authwp_ajax_woocommerce_movider_sms_send_test_smsincludes\class-wc-movider-sms-ajax.php:22
authwp_ajax_wc_movider_sms_toggle_order_updatesincludes\class-wc-movider-sms-ajax.php:25
authwp_ajax_wc_movider_sms_send_order_smsincludes\class-wc-movider-sms-ajax.php:28
WordPress Hooks 19
actionwoocommerce_after_checkout_billing_formclass-wc-movider-sms.php:43
actionwoocommerce_checkout_update_order_metaclass-wc-movider-sms.php:46
actionwoocommerce_privacy_remove_order_personal_dataclass-wc-movider-sms.php:49
actioninitclass-wc-movider-sms.php:53
filterwoocommerce_settings_tabs_arrayincludes\admin\class-wc-movider-sms-admin.php:29
actionwoocommerce_settings_movider_smsincludes\admin\class-wc-movider-sms-admin.php:32
actionadmin_noticesincludes\admin\class-wc-movider-sms-admin.php:35
actionadmin_enqueue_scriptsincludes\admin\class-wc-movider-sms-admin.php:38
actionwoocommerce_admin_field_wc_movider_sms_linkincludes\admin\class-wc-movider-sms-admin.php:44
actionadmin_bar_menuincludes\admin\class-wc-movider-sms-admin.php:47
actionadd_meta_boxesincludes\admin\class-wc-movider-sms-admin.php:52
actionadmin_menuincludes\admin\class-wc-movider-sms-admin.php:54
actionadmin_initwoo-movider-sms-notifications.php:26
actionadmin_noticeswoo-movider-sms-notifications.php:32
filterplugin_row_metawoo-movider-sms-notifications.php:53
actionadmin_initwoo-movider-sms-notifications.php:106
actionadmin_initwoo-movider-sms-notifications.php:107
actionadmin_noticeswoo-movider-sms-notifications.php:109
actionplugins_loadedwoo-movider-sms-notifications.php:113
Maintenance & Trust

Movider SMS Notifications Maintenance & Trust

Maintenance Signals

WordPress version tested5.4.19
Last updatedJun 25, 2020
PHP min version
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Movider SMS Notifications Alternatives

No alternatives data available yet.

Developer Profile

Movider SMS Notifications Developer Profile

Movider

1 plugin · 0 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Movider SMS Notifications

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/movider-sms-notifications/assets/css/style.css/wp-content/plugins/movider-sms-notifications/assets/js/script.js
Script Paths
/wp-content/plugins/movider-sms-notifications/assets/js/script.js
Version Parameters
/wp-content/plugins/movider-sms-notifications/assets/css/style.css?ver=/wp-content/plugins/movider-sms-notifications/assets/js/script.js?ver=

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about Movider SMS Notifications