[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fsTxNcjhP6fH9CywLRjchQ1uiVUmkz95-l7kyBw_qwSE":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":15,"tags":16,"homepage":18,"download_link":19,"security_score":20,"vuln_count":11,"unpatched_count":11,"last_vuln_date":21,"fetched_at":22,"vulnerabilities":23,"developer":24,"crawl_stats":21,"alternatives":30,"analysis":31,"fingerprints":153},"movider-sms-notifications","Movider SMS Notifications","1.0","Movider","https:\u002F\u002Fprofiles.wordpress.org\u002Fmovider\u002F","\u003Cp>Keep Your Customers in the Loop\u003Cbr \u002F>\n– Text messages get read more than any other form of communication. Ensure that customers receive information they want by offering text message order updates. Customers can opt-in to SMS updates by checking a box during checkout. Once they opt-in, they’ll receive an SMS message when their order status changes.\u003C\u002Fp>\n\u003Cp>Add an SMS opt-in checkbox to your checkout\u003Cbr \u002F>\n– You can even send messages for your custom order statuses created with Order Status Manager! For example, let customers know when an order has been updated to your custom “shipped” status, and you can even customize the text used for your custom statuses.\u003C\u002Fp>\n\u003Cp>Powerful Customization\u003Cbr \u002F>\n– You can change which order status changes will send updates to customers and customize SMS messages to include store name, order ID, order amount, order status, and other order data along with your custom text.\u003C\u002Fp>\n\u003Cp>Movider Connection Settings\u003Cbr \u002F>\n– You have to configure movider API key and API Secret to the setting page. You can check\u002Funcheck error log too here.\u003C\u002Fp>\n\u003Cp>Add that personal touch with customized SMS messages\u003Cbr \u002F>\n– You can easily test what customers will see when they receive a message from you right from your Movider settings page.\u003C\u002Fp>\n\u003Cp>Get Insight into Every Order\u003Cbr \u002F>\n– Send SMS updates to your customers directly from the Edit Order screen. A handy character count is shown so you don’t go over the 160 character limit for SMS messages. Customers don’t need to have opted-in to SMS updates for you to send them an SMS.\u003Cbr \u002F>\n- Sending your customers SMS updates can’t get much easier than this\u003Cbr \u002F>\nSee the status of every SMS sent to a customer by viewing the Order Notes for their order. See the message that was sent and the status. Any errors will appear here to help with troubleshooting.\u003C\u002Fp>\n","Send SMS updates to customers when their order status is updated and receive an SMS message when a customer places a new order.",0,1070,"2020-06-25T04:11:00.000Z","5.4.19","",[17],"sms-notification-plugin","https:\u002F\u002Fmovider.co","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmovider-sms-notifications.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":25,"display_name":7,"profile_url":8,"plugin_count":26,"total_installs":11,"avg_security_score":20,"avg_patch_time_days":27,"trust_score":28,"computed_at":29},"movider",1,30,84,"2026-04-04T12:26:01.195Z",[],{"attackSurface":32,"codeSignals":132,"taintFlows":143,"riskAssessment":144,"analyzedAt":152},{"hooks":33,"ajaxHandlers":113,"restRoutes":128,"shortcodes":129,"cronEvents":130,"entryPointCount":131,"unprotectedCount":131},[34,40,44,48,53,60,64,68,72,76,80,84,88,93,95,99,102,105,109],{"type":35,"name":36,"callback":37,"file":38,"line":39},"action","woocommerce_after_checkout_billing_form","add_opt_in_checkbox","class-wc-movider-sms.php",43,{"type":35,"name":41,"callback":42,"file":38,"line":43},"woocommerce_checkout_update_order_meta","process_opt_in_checkbox",46,{"type":35,"name":45,"callback":46,"file":38,"line":47},"woocommerce_privacy_remove_order_personal_data","erase_opt_in",49,{"type":35,"name":49,"callback":50,"priority":51,"file":38,"line":52},"init","add_order_status_hooks",11,53,{"type":54,"name":55,"callback":56,"priority":57,"file":58,"line":59},"filter","woocommerce_settings_tabs_array","add_settings_tab",100,"includes\\admin\\class-wc-movider-sms-admin.php",29,{"type":35,"name":61,"callback":62,"file":58,"line":63},"woocommerce_settings_movider_sms","display_settings",32,{"type":35,"name":65,"callback":66,"file":58,"line":67},"admin_notices","display_notices",35,{"type":35,"name":69,"callback":70,"file":58,"line":71},"admin_enqueue_scripts","enqueue_scripts_and_styles",38,{"type":35,"name":73,"callback":74,"file":58,"line":75},"woocommerce_admin_field_wc_movider_sms_link","add_link_field",44,{"type":35,"name":77,"callback":78,"priority":57,"file":58,"line":79},"admin_bar_menu","add_admin_bar_menu_item",47,{"type":35,"name":81,"callback":82,"file":58,"line":83},"add_meta_boxes","add_order_meta_box",52,{"type":35,"name":85,"callback":86,"file":58,"line":87},"admin_menu","wmsn_add_guide_page",54,{"type":35,"name":89,"callback":90,"file":91,"line":92},"admin_init","wmsn_required_plugins","woo-movider-sms-notifications.php",26,{"type":35,"name":65,"callback":94,"file":91,"line":63},"wmsn_required_plugins_notice",{"type":54,"name":96,"callback":97,"priority":98,"file":91,"line":52},"plugin_row_meta","wmsn_plugin_row_meta",10,{"type":35,"name":89,"callback":100,"file":91,"line":101},"callback_check_environment",106,{"type":35,"name":89,"callback":103,"file":91,"line":104},"callback_add_plugin_notices",107,{"type":35,"name":65,"callback":106,"priority":107,"file":91,"line":108},"callback_admin_notices",15,109,{"type":35,"name":110,"callback":111,"file":91,"line":112},"plugins_loaded","callback_init_plugin",113,[114,120,124],{"action":115,"nopriv":116,"callback":117,"hasNonce":116,"hasCapCheck":116,"file":118,"line":119},"woocommerce_movider_sms_send_test_sms",false,"send_test_sms","includes\\class-wc-movider-sms-ajax.php",22,{"action":121,"nopriv":116,"callback":122,"hasNonce":116,"hasCapCheck":116,"file":118,"line":123},"wc_movider_sms_toggle_order_updates","toggle_order_updates",25,{"action":125,"nopriv":116,"callback":126,"hasNonce":116,"hasCapCheck":116,"file":118,"line":127},"wc_movider_sms_send_order_sms","send_order_sms",28,[],[],[],3,{"dangerousFunctions":133,"sqlUsage":134,"outputEscaping":136,"fileOperations":11,"externalRequests":11,"nonceChecks":26,"capabilityChecks":131,"bundledLibraries":142},[],{"prepared":11,"raw":11,"locations":135},[],{"escaped":137,"rawEcho":26,"locations":138},45,[139],{"file":58,"line":140,"context":141},513,"raw output",[],[],{"summary":145,"deductions":146},"The movider-sms-notifications v1.0 plugin exhibits a concerning security posture due to a significant number of unprotected entry points. While it demonstrates good practices in other areas, such as the absence of dangerous functions and file operations, and a high percentage of properly escaped output, the 3 AJAX handlers without authentication checks represent a critical weakness. The lack of performed taint analysis is a limitation, but the presence of 3 capability checks on these handlers suggests an attempt at authorization, albeit implemented in a way that is bypassed if the AJAX calls lack proper nonce verification (which is also not explicitly checked on all entry points).\n\nThe vulnerability history is clean, with no recorded CVEs. This is a positive indicator, suggesting that the plugin has not been a target or has historically been developed with security in mind. However, the absence of past vulnerabilities does not guarantee future security, especially when combined with the identified attack surface. The plugin's strengths lie in its careful handling of SQL queries and output, and the presence of a nonce check, albeit its effectiveness is diminished by the lack of authorization on all AJAX handlers.\n\nIn conclusion, the primary risk stems from the unprotected AJAX handlers. While the plugin has positive security attributes, these entry points present a clear opportunity for unauthorized actions if an attacker can trigger them. The lack of comprehensive taint analysis and the specific implementation of capability checks on the AJAX handlers warrant further investigation, but the immediate concern is the exposed AJAX functionality.",[147,149],{"reason":148,"points":107},"3 AJAX handlers without auth checks",{"reason":150,"points":151},"Limited auth checks on entry points",7,"2026-03-17T06:49:41.882Z",{"wat":154,"direct":163},{"assetPaths":155,"generatorPatterns":158,"scriptPaths":159,"versionParams":160},[156,157],"\u002Fwp-content\u002Fplugins\u002Fmovider-sms-notifications\u002Fassets\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fmovider-sms-notifications\u002Fassets\u002Fjs\u002Fscript.js",[],[157],[161,162],"\u002Fwp-content\u002Fplugins\u002Fmovider-sms-notifications\u002Fassets\u002Fcss\u002Fstyle.css?ver=","\u002Fwp-content\u002Fplugins\u002Fmovider-sms-notifications\u002Fassets\u002Fjs\u002Fscript.js?ver=",{"cssClasses":164,"htmlComments":165,"htmlAttributes":166,"restEndpoints":167,"jsGlobals":168,"shortcodeOutput":169},[],[],[],[],[],[]]